How safe is your data when you shop online?
Many Americans hand over volumes of personal data to Amazon. The company knows what we buy, what we consider buying, even whom we might be buying things for.
And according to a new investigation by Reveal from the Center for Investigative Reporting and Wired, many Amazon employees have exploited access to that customer data.
Will Evans is a senior reporter at Reveal, where he has been covering this. The following is an edited transcript of his conversation with Marketplace’s Kimberly Adams.
Will Evans: When I started this, I was captivated by this idea of the customer service agent who can look up anybody, anywhere, anytime. And I had talked to some of these customer service associates and a manager, and they were telling me about how their colleagues could look up exes, they could look up celebrities, they could look up pretty much anybody and not get in trouble. And that was pretty wild to me. And one of the roots of the problem is that so many people have access to so much data.
Kimberly Adams: Right, because, as you found in your reporting, voyeurism was one way that some people used these tools and this access. But there were some financial motivations and, in some cases, criminal motivations.
Evans: Oh yeah, this data is valuable. And inside access is valuable, especially when it comes to all the money that’s being made on Amazon’s Marketplace. So the motivation is, if you are a dirty seller or some black-hat operator who wants to make money, if you find some inside Amazon employees who are willing to take bribes in exchange for data, that will go a long way in terms of being able to game the system to help your business, crush competitors and sabotage other small businesses. And so that’s exactly what was happening.
Adams: I have to say that part of your piece really struck me because a couple of years ago, I wrote a bad review of something on Amazon. Shortly thereafter, I started getting email after email after email to my personal account asking me to remove my review and offering me money to do so.
Evans: Yes, that’s it. That’s the classic scheme. That is why it’s hard to trust reviews. That’s what I learned from doing the story. And also, there is no way that they’re getting your email other than through nefarious ways, probably through bribery, one way or another. It’s someone paid someone to pay someone inside of Amazon to get your personal emails. I mean, it’s possible they went through one of these companies that does some other kinds of data mining to figure it out. But there’s no legitimate way of getting your personal email.
Adams: How long has the company been aware of these problems?
Evans: Well, it goes back years. I mean, I looked at internal communications that went back to 2015. I looked at memos that were going up to pretty high-level executives, [who] were getting them and getting warnings in 2017 and 2018, where you’d have these chiefs of security who were saying, “We don’t even, we don’t even know where all the data is.” And that was alarming. Because if you don’t know where it is, how do you protect it?
Adams: There is a big push at the federal level right now for more regulation of the tech industry. And in particular, even just this week, in response to some other reporting coming out of Reuters, a push for more privacy regulation. What effect do you think that your reporting is going to have in this larger movement?
Evans: Well, I think it should at least provide some, some knowledge of what was going on inside the company. Because when, as the excellent Reuters article pointed out, at the same time the company was lobbying to kill or water down privacy legislation, internally it was really struggling and had people who are tasked with privacy saying, “This is a big problem. We don’t have a handle on it. We don’t know where the data is. We need way more resources.” This is a brutal game of whack-a-mole, as one person put it. I mean, that’s what was going on. So when the company comes back and says, “Don’t worry, we got this. Customers, trust us. You don’t need to regulate us.” I mean, that’s just not true. That’s not what was going on inside the company.
Adams: How has this project changed the way that you use Amazon?
Evans: Well, to be honest, I have been reporting on Amazon for a while. I have also done a bunch of reporting on safety in Amazon warehouses and heard a lot of stories of warehouse workers who were seriously injured — I mean, life-changing injuries — in order to get packages out as fast as possible. And in doing that reporting, I just realized that it was disingenuous for me to be talking to all of these people and caring about their stories and their heartache and still ordering on Amazon, so we stopped doing that.
Related links: More insight from Kimberly Adams
Evans’ piece will also be in the December/January issue of Wired magazine.
We also have a link to that Reuters story that he and I were discussing. It’s one of a multipart series they are doing on Amazon, including an investigation into the company’s efforts to get around regulations meant to protect small businesses in India.
And a story alleging Amazon preferenced its own products on its platform in India and sometimes copied the merchandise of businesses selling on the site.
Here in the U.S., members of Congress are pushing dozens of bills to regulate the tech industry, including Amazon.
Many of those specifically deal with privacy. The International Association of Privacy Professionals keeps a list.
Although none of the privacy bills at the federal level have made it through Congress yet.