Amazon might have a Cambridge Analytica-size problem

Amazon could be the next big tech firm to find itself in the eye of a data privacy storm.

Amazon might have a Cambridge Analytica-size problem
  • This year the Cambridge Analytica scandal broke, implicating Facebook and creating mass data privacy concern.
  • Concerns have been raised of Amazon user information being leaked to third parties on a regular basis.
  • With the amount of sensitive information and huge number of users on the Amazon platform, this is no small concern.

2018 hasn't been a good year for Facebook. In March, the Cambridge Analytica scandal broke, implicating the company in data harvesting activities for political purposes. The story is far from over, with recent reports stating that the UK Parliament has seized Facebook internal company papers linked to an ongoing investigation into the matter.

Shortly after the scandal broke, Apple CEO Tim Cook twisted the knife, revealing in an interview with MSNBC that he believed Facebook should have shown some self-restraint. He addressed his own company's customers, stating their value to Apple and promising, "We're not going to traffic in your personal life."

Of course, the sentiment is admirable — even for hardened cynics who see the marketing angle of such a statement. However, it doesn't change the fact that all the big tech firms currently process our data inside a black box. Before the Facebook/Cambridge Analytica scandal, Google was under the microscope due to Edward Snowden's disclosures of NSA spying activities.

Now, Amazon could be the next big tech firm to find itself in the eye of a data privacy storm. The issue? America's biggest marketplace is heavily dependent on Chinese sellers, who are unwittingly allowing some of China's biggest payment processors access to Amazon customers' personal data.

How Chinese payment processors access Amazon user data

Amazon is a global marketplace, meaning that it's very easy for virtually anyone to become a seller on the platform. When you make an order on Amazon, your personal data including name, address, and basic credit card information and purchase details are passed through to the seller. The seller also needs to have a receiving account, so they can receive the proceeds from your purchase. Amazon requires that the receiving account is linked to the country where the seller is operating.

For this reason, many Chinese sellers use big payment processing companies based in China such as Pingpong, and Lianlian. The payment provider needs access to the seller's Amazon account to set up their receiving account, and here is where the data privacy issue occurs.

A seller has a couple of options for how a third party can plug into their Amazon account. The highest level of access is using the seller's secret key. Someone with a seller's secret key can access all the same data as the seller themselves, including customer data of people who have ordered from the seller.

Even the fact that sellers receive customer data may come as a surprise to many. After all, we assume that Amazon is the company receiving and processing our data, not some small seller on the other side of the world. However, since Amazon accepts pretty much any seller, many will need customer data to fulfill and process payment for the order.

Amazon does provide the option of using an API for payment providers to access a seller's account. However, they provide only the very thinnest of instructions to their sellers on how to do this and explain the dangers of giving out private keys in the vaguest of terms. From discussions taking place on Weixin, China's version of WhatsApp, it's apparent that Chinese sellers are being asked by payment providers to release their secret keys.

Even discussions on Amazon's own community pages imply some sellers have disclosed their secret keys. This means that payment providers, which are huge Chinese companies, now likely have access to the customer data of a currently unquantified number of American Amazon users.

The extent of the damage

While the amount of data breached is unquantified, the sheer scale of Amazon and its ties to China provide some insights into the potential extent of the damage. There are an estimated 90 million Amazon Prime subscribers in the US, with 46% of subscribers buying something at least once per week.

34% of Amazon's top sellers are based in China, with 250,000 new Chinese sellers having joined Amazon in 2017 alone. Pingpong is just one example of a Chinese payment services provider and it has processed more than $1 billion worth of US payments.

Regulators have taken greater steps to intervene in matters user data privacy, but regulatory control only has a defined geographical scope. A court can hold Amazon accountable for its actions in securing customer data in its own jurisdiction, however it cannot rule against the use of data that has already leaked to foreign companies. Nevertheless, the US has been slow to introduce user privacy laws compared to the EU, which has attempted to control the issue with its far-reaching General Data Protection Regulation (GDPR.)

Because Amazon is a global company, the issue is not necessarily limited to US customer data. However, this is taking place against the backdrop of an extremely tense period in US-China trade relations. During 2018, both countries have imposed an increasing series of tariffs on imports from the other, leading to a situation which many economists believe could be extremely damaging to the global economy. Sectors including technology, healthcare, and agriculture are being impacted by the tariffs.

It remains to be seen whether or not Amazon user data may become a pawn in the trade war between President Trump and China's leader Xi Jinping. Amazon is a US company, after all, and any misuse of US Amazon user data by Chinese companies would be likely to be seen as an attack on the US. With the famously unpredictable President Trump in charge of Chinese trade negotiations, it could go either way.

Regulators must hold big tech accountable

The privacy issues with Amazon customer data highlighted here further underline the level of trust we are placing in big tech companies. We rely on their systems, processes and overall integrity to keep our data safe. Increasingly, these firms are demonstrating that they do nothing to earn our trust.

However, once the Facebook/Cambridge Analytica scandal broke, regulators including the US Senate and the UK Parliament were quick to intervene. This has cast a shadow over Facebook's practices, and the company is finally being held to account for its actions. Perhaps it's only a matter of time before Amazon comes under the same level of scrutiny.

Did early humans hibernate?

New anthropological research suggests our ancestors enjoyed long slumbers.

Credit: Gorodenkoff / Adobe Stock
Surprising Science
  • Neanderthal bone fragments discovered in northern Spain mimic hibernating animals like cave bears.
  • Thousands of bone fragments, dating back 400,000 years, were discovered in this "pit of bones" 30 years ago.
  • The researchers speculate that this physiological function, if true, could prepare us for extended space travel.
Keep reading Show less

Does science tell the truth?

It is impossible for science to arrive at ultimate truths, but functional truths are good enough.

Credit: Sergey Nivens / 202871840
  • What is truth? This is a very tricky question, trickier than many would like to admit.
  • Science does arrive at what we can call functional truth, that is, when it focuses on what something does as opposed to what something is. We know how gravity operates, but not what gravity is, a notion that has changed over time and will probably change again.
  • The conclusion is that there are not absolute final truths, only functional truths that are agreed upon by consensus. The essential difference is that scientific truths are agreed upon by factual evidence, while most other truths are based on belief.
Keep reading Show less

A canvas of nonsense: how Dada reflects a world gone mad through art

Using urinals, psychological collages, and animated furniture to shock us into reality.

A Dadaist artist is painted with the ashes of burned banknotes during the financial crisis.

Credit: MICHELE LIMINA via Getty Images
Culture & Religion
  • Dada is a provocative and surreal art movement born out of the madness of World War I.
  • Tzara, a key Dada theorist, says Dada seeks "to confuse and upset, to shake and jolt" people from their comfort zones.
  • Dada, as all avant-garde art, faces a key problem in how to stay true to its philosophy.
Keep reading Show less
Surprising Science

Study: Tripping might not be required for psychedelic therapy

Two different studies provide further evidence of the efficacy of psychedelics in treating depression.