"Amazon to Pay $31m After FTC's Security and Privacy Allegations"

Amazon will pay close to $31m to the Federal Trade Commission (FTC) to settle allegations relating to Alexa and its Ring home security business.  The larger of the two civil penalties ($25m) will settle charges that Amazon violated the US Children’s Online Privacy Protection Act Rule (COPPA Rule) and deceived Alexa customers about the smart voice assistant’s data deletion practices.  According to the complaint which was filed by the Department of Justice (DoJ) on behalf of the FTC, Amazon “prominently and repeatedly” assured its users, including parents, that they could delete Alexa voice recordings and geolocation information.  However, Amazon actually kept some of this information for years and used it unlawfully to improve the Alexa algorithm.  The complaint continued by saying Amazon’s history of misleading parents, keeping children’s recordings indefinitely, and flouting parents’ deletion requests violated COPPA and sacrificed privacy for profits.  The FTC noted that COPPA does not allow companies to keep children’s data forever for any reason and certainly not to train their algorithms.  Separately, Amazon’s Ring business, which it bought in 2018, will pay $5.8m to settle charges that it compromised consumer privacy and failed to implement security best practices.  The FTC complaint alleged the firm deceived customers by failing to restrict employees and contractor access to customers’ videos and that it used customer videos to train algorithms without consent.  The complaint also alleged that Ring was slow in improving customer account security to mitigate the threat from brute-force attacks despite users suffering multiple credential stuffing attacks in 2017 and 2018.  As well as the fines, Amazon will be required to delete inactive child accounts and some Alexa voice recordings and geolocation information and will be banned from using this data to train its algorithms.  Ring will be required to delete data, models, and algorithms derived from videos it unlawfully reviewed and to implement a privacy and security program featuring safeguards on human review of videos, multi-factor authentication for employee and customer accounts, and other measures.  An Amazon statement noted that the firm disagrees with the FTC’s claims on Ring and Alexa and denies breaking the law.

 

Infosecurity reports: "Amazon to Pay $31m After FTC's Security and Privacy Allegations"

Submitted by Anonymous on