The news: The Federal Trade Commission (FTC) and the Department of Justice (DOJ) are jointly fining Amazon $25 million for privacy violations related to data gathered by its Alexa voice-assistants and Ring cameras.
IoT nightmare scenario: The complaint against Amazon states that the company “prevented parents from exercising their deletion rights under the US Children’s Online Privacy Protection Act, Amazon kept sensitive voice and geolocation data for years, and used it for its own purposes, while putting data at risk of harm from unnecessary access.”
- The FTC’s charges cost Ring and Amazon a hefty sum: $5.8 million for Ring and $25 million for Alexa-related issues. But Amazon says it didn’t do anything wrong.
- “While we disagree with the FTC’s claims regarding both Alexa and Ring, and deny violating the law, these settlements put these matters behind us,” the company said.
- The FTC discovered that one employee had unrestricted access to thousands of videos, and “focused his prurient searches on cameras with names indicating that they surveyed an intimate space, such as ‘Master Bedroom,’ ‘Master Bathroom,’ or ‘Spy Cam.’”
- Hackers invaded people’s accounts and used their Ring devices to harass them. The complaint describes how women in bed and children of color faced vulgar and racist abuse from the intruders.
Our take: The charges against Amazon could have significant implications on privacy regulations for tech giants and serve as a cautionary tale for the IoT devices and associated services whose connected devices may have similar vulnerabilities.
- The Alexa settlement still needs approval from a federal court but will require Amazon to delete inactive child accounts, voice recordings, and geolocation information.
- Amazon also will not be allowed to use the data for its algorithms or to feed its targeted advertising systems.