Amazon has doubled down on its private surveillance infrastructure by activating Sidewalk, a private network to connect Amazon’s servers with smart home devices and gadgets sold by Amazon and its partner companies. With concerning privacy and security implications, this network automatically connects users’ Amazon Echo, Ring security cameras, and more to other devices and gadgets beyond their front door.
With this initiative, Amazon is once more confirming that its true allegiances do not lie with its customers; instead, the company is moving to expand its already capacious surveillance infrastructure.
A Wolf in Prime’s Clothing
Created in 1994 as an online bookstore, Amazon has grown over the past 25 years to become one of the world’s largest digital marketplaces, a growing delivery service company, a profitable cloud services provider, and even a leader of the space race.
Today, Amazon is a trillion-dollar company systematically engaged in surveillance capitalism. Powerful companies and government agencies like the U.S. Department of Homeland Security use Amazon’s cloud services platform to host myriad surveillance and policing tools. The company has a promiscuous relationship with law enforcement and intelligence agencies, including the sharing of customer information and unchecked government contracts.
Amazon is also directly involved in the government surveillance business as a vendor of dangerous surveillance technologies like facial recognition. After mounting pressure from the ACLU and other civil liberties groups, Amazon announced a one-year moratorium on police use of its software in June 2020, and extended it a couple of weeks ago. (They did not explicitly mention if the moratorium covers agencies like the FBI or ICE.)
A few years ago, Amazon zeroed in on the lucrative business of the private security industry — including Ring, a company developing “smart” home solutions like doorbells equipped with security cameras. Soon enough, after Amazon’s aggressive marketing tactics that included free camera giveaways and influencer police officers, police departments and law enforcement agencies became very interested in the possibility of accessing all sorts of private information without worrying about getting a warrant or going to a judge. Now, one in 10 U.S. police departments can access videos from millions of privately-owned home security cameras without a warrant.
One Network To Rule Them All?
Last week, we finally met the next frontier of Amazon’s power: Sidewalk.
Sidewalk’s architecture is not complex: Individuals that own specific Amazon devices, like an Amazon Echo or a Ring camera, contribute a small portion of their internet bandwidth to allow those devices to become bridges of the network. These devices, officially called Sidewalk Bridges, carry the Sidewalk’s network backbone using Bluetooth technology and other signals suitable for covering large areas.
In this way, they become the nodes of this new mesh network connected to Amazon’s servers that spreads throughout neighborhoods. It will allow Amazon’s and its partner companies’ Sidewalk-enabled devices (like Bluetooth trackers, wearable devices, and similar gadgets) to be always online, with a maximum reach of half a mile away.
Here’s how this new initiative threatens our privacy rights and increases surveillance:
1. Sidewalk is an opt-out regime
Amazon decided to launch Sidewalk without consent from their users, only allowing them to opt out. Amazon automatically turned on Sidewalk; if users don’t want their Amazon devices to be part of the network, they will have to disable it manually. (Here is how.)
The same applies to other Sidewalk-enabled devices like smart locks or tiles. Their users also need to go through a process to opt out of the network.
This decision undermines people’s control over their devices and data because it exploits “default bias” to the detriment of the consumers. Behavioral economics explains that the “default bias” drives people who have to choose between different options to remain with the default option, even when other options are available. In other words, people rarely go through the steps to reject the default setting — in this case, having your device get connected to Sidewalk and being a bridge, provided the device is capable of doing that. That is why the best privacy regimes are opt-in — not opt-out. Amazon knows this, but making Sidewalks opt-in would mean explaining the system and convincing people of its benefits, a step the company apparently wants to avoid.
2. Sidewalk will strengthen Amazon’s data collection and surveillance infrastructure
Amazon has posted a whitepaper addressing privacy and security measures for the Sidewalk network. The paper, however, fails to explain how these measures would prevent unnecessary data collection for commercial gain and government surveillance.
The whitepaper discusses encryption protocols built into the network and how the design limits the amount of data collected and shared. But much of the whitepaper discusses high-level technical issues or unclear protocols, leaving consumers in the dark about what customer data Amazon collects from Sidewalk. For example, in its FAQ, Amazon says that there is an option to share the approximate location information of Sidewalk devices. But the technical whitepaper does not provide any explanation as to how this would work or what “approximate” means.
Unsurprisingly, the company explains it will keep complying with law enforcement requests and argues that “data minimization policies and encryption policies reduce the scope and usefulness of data that we would be able to produce if legally required.” However, it doesn’t explain why, how, or what sort of data might not be useful in a hypothetical case.
This is significant because Sidewalk will likely become an integral part of the Ring security camera business. As Techcrunch reports, “Ring received over 1,800 legal demands during 2020, more than double from the year earlier.” Still, Ring refuses to answer how many users or accounts had footage given to police. The company’s Sidewalk whitepaper gives no reason to believe policies and practices will vary between Ring and Sidewalk.
4. Sidewalk is Amazon’s private internet
Lastly, Amazon is virtually on the way to creating a private internet.
On the official website, Amazon mentions that there will be a Sidewalk standard that other companies and developers can use to build Sidewalk-enabled devices. This would essentially create a private network that connects all sorts of devices — inside and outside our homes — with Amazon as its only gatekeeper. This would leave Amazon practically acting as an ISP, open to the same security risks, but without being subjected to the regulations ISPs are. (Amazon is also building Project Kuiper, a low Earth orbit satellite constellation capable of providing broadband service.)
Perhaps worse, the government would be able to get all the information it needs from one place. Now, and because of its commercial activities, Amazon already has access to a person’s home address, live location, shopping habits, and much more. A private network that links security devices adds more behavioral data to this collection. For example, if one person takes a stroll around her neighborhood carrying a Sidewalk-enabled device, the Sidewalk ecosystem might reveal where the person went and when. A panopticon-style surveillance system like this is a nightmare for civil rights and civil liberties. We do not want an all-seeing eye in our communities.
A couple of years ago, the ACLU said that buying a Ring camera is an individual decision that depends on many factors and considerations. Now, we have another factor to consider: Sidewalk and the possibility of contributing to Amazon’s growing surveillance infrastructure.