Amazon might have a Cambridge Analytica-size problem

Amazon could be the next big tech firm to find itself in the eye of a data privacy storm.

  • This year the Cambridge Analytica scandal broke, implicating Facebook and creating mass data privacy concern.
  • Concerns have been raised of Amazon user information being leaked to third parties on a regular basis.
  • With the amount of sensitive information and huge number of users on the Amazon platform, this is no small concern.

2018 hasn't been a good year for Facebook. In March, the Cambridge Analytica scandal broke, implicating the company in data harvesting activities for political purposes. The story is far from over, with recent reports stating that the UK Parliament has seized Facebook internal company papers linked to an ongoing investigation into the matter.

Shortly after the scandal broke, Apple CEO Tim Cook twisted the knife, revealing in an interview with MSNBC that he believed Facebook should have shown some self-restraint. He addressed his own company's customers, stating their value to Apple and promising, "We're not going to traffic in your personal life."

Of course, the sentiment is admirable — even for hardened cynics who see the marketing angle of such a statement. However, it doesn't change the fact that all the big tech firms currently process our data inside a black box. Before the Facebook/Cambridge Analytica scandal, Google was under the microscope due to Edward Snowden's disclosures of NSA spying activities.

Now, Amazon could be the next big tech firm to find itself in the eye of a data privacy storm. The issue? America's biggest marketplace is heavily dependent on Chinese sellers, who are unwittingly allowing some of China's biggest payment processors access to Amazon customers' personal data.

How Chinese payment processors access Amazon user data

Amazon is a global marketplace, meaning that it's very easy for virtually anyone to become a seller on the platform. When you make an order on Amazon, your personal data including name, address, and basic credit card information and purchase details are passed through to the seller. The seller also needs to have a receiving account, so they can receive the proceeds from your purchase. Amazon requires that the receiving account is linked to the country where the seller is operating.

For this reason, many Chinese sellers use big payment processing companies based in China such as Pingpong, and Lianlian. The payment provider needs access to the seller's Amazon account to set up their receiving account, and here is where the data privacy issue occurs.

A seller has a couple of options for how a third party can plug into their Amazon account. The highest level of access is using the seller's secret key. Someone with a seller's secret key can access all the same data as the seller themselves, including customer data of people who have ordered from the seller.

Even the fact that sellers receive customer data may come as a surprise to many. After all, we assume that Amazon is the company receiving and processing our data, not some small seller on the other side of the world. However, since Amazon accepts pretty much any seller, many will need customer data to fulfill and process payment for the order.

Amazon does provide the option of using an API for payment providers to access a seller's account. However, they provide only the very thinnest of instructions to their sellers on how to do this and explain the dangers of giving out private keys in the vaguest of terms. From discussions taking place on Weixin, China's version of WhatsApp, it's apparent that Chinese sellers are being asked by payment providers to release their secret keys.

Even discussions on Amazon's own community pages imply some sellers have disclosed their secret keys. This means that payment providers, which are huge Chinese companies, now likely have access to the customer data of a currently unquantified number of American Amazon users.

The extent of the damage

While the amount of data breached is unquantified, the sheer scale of Amazon and its ties to China provide some insights into the potential extent of the damage. There are an estimated 90 million Amazon Prime subscribers in the US, with 46% of subscribers buying something at least once per week.

34% of Amazon's top sellers are based in China, with 250,000 new Chinese sellers having joined Amazon in 2017 alone. Pingpong is just one example of a Chinese payment services provider and it has processed more than $1 billion worth of US payments.

Regulators have taken greater steps to intervene in matters user data privacy, but regulatory control only has a defined geographical scope. A court can hold Amazon accountable for its actions in securing customer data in its own jurisdiction, however it cannot rule against the use of data that has already leaked to foreign companies. Nevertheless, the US has been slow to introduce user privacy laws compared to the EU, which has attempted to control the issue with its far-reaching General Data Protection Regulation (GDPR.)

Because Amazon is a global company, the issue is not necessarily limited to US customer data. However, this is taking place against the backdrop of an extremely tense period in US-China trade relations. During 2018, both countries have imposed an increasing series of tariffs on imports from the other, leading to a situation which many economists believe could be extremely damaging to the global economy. Sectors including technology, healthcare, and agriculture are being impacted by the tariffs.

It remains to be seen whether or not Amazon user data may become a pawn in the trade war between President Trump and China's leader Xi Jinping. Amazon is a US company, after all, and any misuse of US Amazon user data by Chinese companies would be likely to be seen as an attack on the US. With the famously unpredictable President Trump in charge of Chinese trade negotiations, it could go either way.

Regulators must hold big tech accountable

The privacy issues with Amazon customer data highlighted here further underline the level of trust we are placing in big tech companies. We rely on their systems, processes and overall integrity to keep our data safe. Increasingly, these firms are demonstrating that they do nothing to earn our trust.

However, once the Facebook/Cambridge Analytica scandal broke, regulators including the US Senate and the UK Parliament were quick to intervene. This has cast a shadow over Facebook's practices, and the company is finally being held to account for its actions. Perhaps it's only a matter of time before Amazon comes under the same level of scrutiny.

Higher ed isn’t immune to COVID-19, but the crisis will make it stronger

The pandemic reminds us that our higher education system, with all its flaws, remains a key part of our strategic reserve.

Sponsored by Charles Koch Foundation
  • America's higher education system is under great scrutiny as it adapts to a remote-learning world. These criticisms will only make higher ed more innovative.
  • While there are flaws in the system and great challenges ahead, higher education has adapted quickly to allow students to continue learning. John Katzman, CEO of online learning organization Noodle Partners, believes this is cause for optimism not negativity.
  • Universities are pillars of scientific research on the COVID-19 frontlines, they bring facts in times of uncertainty and fake news, and, in a bad economy, education is a personal floatation device.
Keep reading Show less

An ancient device too advanced to be real gives up its secrets at last

Researchers present what they’ve learned now that they can read the tiny text inside the Antikythera mechanism.

Exploded view of Antikythera mechanism (Peulle/Wikimedia)
Surprising Science

Though it it seemed to be just a corroded lump of some sort when it was found in a shipwreck off the coast of Greece near Antikythera in 1900, in 1902 archaeologist Valerios Stais, looking at the gear embedded in it, guessed that what we now call the “Antikythera mechanism" was some kind of astronomy-based clock. He was in the minority—most agreed that something so sophisticated must have entered the wreck long after its other 2,000-year-old artifacts. Nothing like it was believed to have existed until 1,500 years later.

Keep reading Show less

Hyper-innovation: COVID-19 will forever change the way we teach kids

The institutional barriers that have often held creative teaching back are being knocked down by the coronavirus era.

Future of Learning
  • Long-held structures in the education system, like classroom confines and schedules, have held back innovation for a long time, says education leader Richard Culatta.
  • In the coronavirus era, we have been able to shake some of those rigid structures loose, making way for creativity and, ultimately, a more open mindset.
  • When creativity and technology combine, learning can become so much more than delivering content to a student. Culatta gives two stunning examples: one of a biotech class, and another involving a student discovering a star.
Keep reading Show less

Algorithms associating appearance and criminality have a dark past

We'd like to think that judging people's worth based on the shape of their head is a practice that's behind us.

PATRICK KOVARIK/AFP via Getty Images
Culture & Religion

'Phrenology' has an old-fashioned ring to it. It sounds like it belongs in a history book, filed somewhere between bloodletting and velocipedes.

Keep reading Show less
Scroll down to load more…