Amazon might have a Cambridge Analytica-size problem

Amazon could be the next big tech firm to find itself in the eye of a data privacy storm.

  • This year the Cambridge Analytica scandal broke, implicating Facebook and creating mass data privacy concern.
  • Concerns have been raised of Amazon user information being leaked to third parties on a regular basis.
  • With the amount of sensitive information and huge number of users on the Amazon platform, this is no small concern.

2018 hasn't been a good year for Facebook. In March, the Cambridge Analytica scandal broke, implicating the company in data harvesting activities for political purposes. The story is far from over, with recent reports stating that the UK Parliament has seized Facebook internal company papers linked to an ongoing investigation into the matter.

Shortly after the scandal broke, Apple CEO Tim Cook twisted the knife, revealing in an interview with MSNBC that he believed Facebook should have shown some self-restraint. He addressed his own company's customers, stating their value to Apple and promising, "We're not going to traffic in your personal life."

Of course, the sentiment is admirable — even for hardened cynics who see the marketing angle of such a statement. However, it doesn't change the fact that all the big tech firms currently process our data inside a black box. Before the Facebook/Cambridge Analytica scandal, Google was under the microscope due to Edward Snowden's disclosures of NSA spying activities.

Now, Amazon could be the next big tech firm to find itself in the eye of a data privacy storm. The issue? America's biggest marketplace is heavily dependent on Chinese sellers, who are unwittingly allowing some of China's biggest payment processors access to Amazon customers' personal data.

How Chinese payment processors access Amazon user data

Amazon is a global marketplace, meaning that it's very easy for virtually anyone to become a seller on the platform. When you make an order on Amazon, your personal data including name, address, and basic credit card information and purchase details are passed through to the seller. The seller also needs to have a receiving account, so they can receive the proceeds from your purchase. Amazon requires that the receiving account is linked to the country where the seller is operating.

For this reason, many Chinese sellers use big payment processing companies based in China such as Pingpong, and Lianlian. The payment provider needs access to the seller's Amazon account to set up their receiving account, and here is where the data privacy issue occurs.

A seller has a couple of options for how a third party can plug into their Amazon account. The highest level of access is using the seller's secret key. Someone with a seller's secret key can access all the same data as the seller themselves, including customer data of people who have ordered from the seller.

Even the fact that sellers receive customer data may come as a surprise to many. After all, we assume that Amazon is the company receiving and processing our data, not some small seller on the other side of the world. However, since Amazon accepts pretty much any seller, many will need customer data to fulfill and process payment for the order.

Amazon does provide the option of using an API for payment providers to access a seller's account. However, they provide only the very thinnest of instructions to their sellers on how to do this and explain the dangers of giving out private keys in the vaguest of terms. From discussions taking place on Weixin, China's version of WhatsApp, it's apparent that Chinese sellers are being asked by payment providers to release their secret keys.

Even discussions on Amazon's own community pages imply some sellers have disclosed their secret keys. This means that payment providers, which are huge Chinese companies, now likely have access to the customer data of a currently unquantified number of American Amazon users.

The extent of the damage

While the amount of data breached is unquantified, the sheer scale of Amazon and its ties to China provide some insights into the potential extent of the damage. There are an estimated 90 million Amazon Prime subscribers in the US, with 46% of subscribers buying something at least once per week.

34% of Amazon's top sellers are based in China, with 250,000 new Chinese sellers having joined Amazon in 2017 alone. Pingpong is just one example of a Chinese payment services provider and it has processed more than $1 billion worth of US payments.

Regulators have taken greater steps to intervene in matters user data privacy, but regulatory control only has a defined geographical scope. A court can hold Amazon accountable for its actions in securing customer data in its own jurisdiction, however it cannot rule against the use of data that has already leaked to foreign companies. Nevertheless, the US has been slow to introduce user privacy laws compared to the EU, which has attempted to control the issue with its far-reaching General Data Protection Regulation (GDPR.)

Because Amazon is a global company, the issue is not necessarily limited to US customer data. However, this is taking place against the backdrop of an extremely tense period in US-China trade relations. During 2018, both countries have imposed an increasing series of tariffs on imports from the other, leading to a situation which many economists believe could be extremely damaging to the global economy. Sectors including technology, healthcare, and agriculture are being impacted by the tariffs.

It remains to be seen whether or not Amazon user data may become a pawn in the trade war between President Trump and China's leader Xi Jinping. Amazon is a US company, after all, and any misuse of US Amazon user data by Chinese companies would be likely to be seen as an attack on the US. With the famously unpredictable President Trump in charge of Chinese trade negotiations, it could go either way.

Regulators must hold big tech accountable

The privacy issues with Amazon customer data highlighted here further underline the level of trust we are placing in big tech companies. We rely on their systems, processes and overall integrity to keep our data safe. Increasingly, these firms are demonstrating that they do nothing to earn our trust.

However, once the Facebook/Cambridge Analytica scandal broke, regulators including the US Senate and the UK Parliament were quick to intervene. This has cast a shadow over Facebook's practices, and the company is finally being held to account for its actions. Perhaps it's only a matter of time before Amazon comes under the same level of scrutiny.

LinkedIn meets Tinder in this mindful networking app

Swipe right to make the connections that could change your career.

Getty Images
Sponsored
Swipe right. Match. Meet over coffee or set up a call.

No, we aren't talking about Tinder. Introducing Shapr, a free app that helps people with synergistic professional goals and skill sets easily meet and collaborate.

Keep reading Show less

What’s behind our appetite for self-destruction?

Is it "perverseness," the "death drive," or something else?

Photo by Brad Neathery on Unsplash
Mind & Brain

Each new year, people vow to put an end to self-destructive habits like smoking, overeating or overspending.

Keep reading Show less

A world map of Virgin Mary apparitions

She met mere mortals with and without the Vatican's approval.

Strange Maps
  • For centuries, the Virgin Mary has appeared to the faithful, requesting devotion and promising comfort.
  • These maps show the geography of Marian apparitions – the handful approved by the Vatican, and many others.
  • Historically, Europe is where most apparitions have been reported, but the U.S. is pretty fertile ground too.
Keep reading Show less

Douglas Rushkoff – It’s not the technology’s fault

It's up to us humans to re-humanize our world. An economy that prioritizes growth and profits over humanity has led to digital platforms that "strip the topsoil" of human behavior, whole industries, and the planet, giving less and less back. And only we can save us.

Think Again Podcasts
  • It's an all-hands-on-deck moment in the arc of civilization.
  • Everyone has a choice: Do you want to try to earn enough money to insulate yourself from the world you're creating— or do you want to make the world a place you don't have to insulate yourself from?
Keep reading Show less