Amazon is being accused in a lawsuit filed recently of not properly notify customers of its Amazon Go stores in New York City that the tech giant was tracking and collecting their biometric data.
A story published by CBS News gives a little background:
The lawsuit claims that the e-commerce giant violated a New York City law passed in early 2021 which requires businesses that are collecting, storing or sharing “biometric identifier information” to post signage near their entrances alerting customers that they are doing so.
The lawsuit was filed Thursday in U.S. District Court for the Southern District of New York on behalf of shopper Alfredo Rodriguez Perez.
Amazon Go stores are a chain of cashierless convenience stores operated by Amazon.com. These stores allow customers to enter the store, pick up the products they want, and walk out without having to wait in a checkout line or scan their items. The stores use a combination of computer vision, sensor fusion, and deep-learning technologies to automatically detect what products customers take off the shelves and then charge their Amazon account accordingly.
The first Amazon Go store opened to the public in Seattle in January 2018, and the company has since expanded the concept to several other locations in the United States and United Kingdom.
The lawsuit alleges that without prior notification to its customers, Amazon Go collects shoppers biometric data “by scanning the palms of some customers to identify them and by applying computer vision, deep learning algorithms, and sensor fusion that measure the shape and size of each customer’s body to identify customers, track where they move in the stores, and determine what they have purchased.”
Now, admittedly, the actions of Amazon or any other private corporation does not trigger constitutional scrutiny. The Fourth Amendment’s guarantee of “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures” is binding on the federal government, not on a retail company.
That said, there is reasonable concern that the biometric data allegedly collected secretly by Amazon at its Amazon Go stores in New York City might find their way into federal databases.
In 2019, the founder of a major venture capital firm in Silicon Valley and former executive at Time Warner and AOL revealed that surveillance is the main objective of voice-commanded “smart speakers” such as Amazon’s Alexa, Google’s Home, and others.
“I would say that there’s two or three layers, sort of problematic layers, with these new smart speakers, smart earphones that are in market now,” said John Borthwick during an interview with Yahoo Finance Editor-in-Chief Andy Serwer.
“And so the first is, from a consumer standpoint, user standpoint, is that these, these devices are being used for what’s — it’s hard to call it anything but surveillance,” Borthwick added.
The same company — Amazon — that collected this biometric data and has its Echo speakers and Ring cameras in the homes of millions of Americans provides server space to the ultimate surveillance organization: the federal government.
Nearly all the data collected by the National Security Agency (NSA) is stored in the cloud. The database — Intelligence Community GovCloud — is reportedly classified and helps the federal surveillance organization to “connect the dots” among the scores of systems currently employed by the agency to store and sort data.
“Right now, almost all NSA’s mission is being done in [GovCloud], and the productivity gains and the speed at which our analysts are able to put together insights and work higher-level problems has been really amazing,” NSA Chief Information Officer Greg Smithberger told NextGov.
Smithberger explained GovCloud as a single integrated “big data-fusion environment,” technology that would allow the NSA and the myriad federal agencies participating in the surveillance of electronic communications to share data seamlessly and much more efficiently than before. The Central Intelligence Agency (CIA) and National Geospatial-Intelligence Agency are two of the 16 agencies that will be given access to the cloud and the personal data stored there.
The system backing the GovCloud database is, NexGov reports, the same as is found “in data centers owned by Facebook, Amazon or other industry titans.”
Regarding this less-than-reassuring public-private partnership, NexGov reports, “IC GovCloud is one of two major cloud initiatives across the IC [intelligence community]. In 2014, the CIA awarded a $600 million contract to Amazon Web Services to develop a commercial cloud environment for the IC agencies. Today, the Amazon-developed C2S provides utility computing services to the IC.”
Smithberger assures us there’s nothing to worry about, however. “It’s really a hybrid of the latest and greatest commercial technology,” he told NextGov, “but a lot of custom NSA technology and a lot of unique development we’ve done to actually create these outcomes.”
Nothing to worry about? As The New American has reported, there may in fact be something to worry about:
Senator Chuck Grassley (R-Iowa), the ranking Republican on the chamber’s Judiciary Committee, is pressing the Pentagon to reopen its investigation into a former official whose ties to e-commerce giant Amazon raise questions about ethics behind a government contract signed while she was in the Department of Defense.
According to a report by Breitbart, Grassley has uncovered new information relevant to a closed DOD probe into Sally Donnelly, who served as the senior advisor to Secretary of Defense James N. Mattis during the Trump administration.
Donnelly was under investigation by the Department of Defense Office of Inspector General (DOD OIG) for her financial ties to British financier André Pienaar, receiving over $1 million of payments from him while she served in the Pentagon.
Pienaar has done business with Amazon, and Donnelly served in the administration at a time when Amazon was seeking to land a $10 million contract for an ambitious Department of Defense cloud-computing project known as Joint Enterprise Defense Infrastructure, or JEDI.
Admittedly, Amazon Go’s alleged secret collection of biometric data has nothing to do with the company’s contract to provide cloud service to the federal government’s surveillance agencies, but in the collection of such critical data and storing it on servers owned by Amazon, there is a reasonable concern that that personal information might end up accessible to the NSA, CIA, or other federal agency whose cloud servers are provided by that same company.