Amazon's first transparency report plays coy with details

servers-820x420
By Chris Davies/

Amazon has opened up on customer privacy, issuing its first ever transparency report and denying ever having participated in the notorious NSA PRISM program. While the online shopping behemoth may be best known by most consumers for its retail division, the other side to Jeff Bezos' empire is a huge cloud business, offering server and hosting services to startups and established names in enterprise alike. It's the reputation of that which Amazon is hoping to gild now.

"Amazon does not disclose customer information unless we're required to do so to comply with a legally valid and binding order," Stephen Schmidt, Vice President of Security Engineering & Chief Information Security Officer at Amazon Web Services wrote in a company blog post. "Unless prohibited from doing so or there is clear indication of illegal conduct in connection with the use of Amazon products or services, Amazon notifies customers before disclosing content information."

As for the much-reviled PRISM program, Schmidt says Amazon has never participated in the NSA's snooping. In fact, he argues, the company has "repeatedly challenged government subpoenas for customer information that we believed were overbroad," as well as pushing for updated privacy laws in Congress.

That doesn't mean that no data was handed over, of course. For the five month period from January 1st, 2015, through to May 31, 2015, Amazon received 813 subpoenas for information disclosure, giving a full response to 542 of those, and a partial response to 126.

During the same period, 25 search warrants were received, thirteen of which were met with a full response, and eight with a partial response.

Amazon states that "0-249" national security requests were received, which covers things like Foreign Intelligence Surveillance Act (FISA) requests. Companies are legally unable to specify an exact number, hence the somewhat nebulous bracket.

As for back-door access, Amazon says it is against anything that would weaken users' rights to privacy. "We offer AWS clients strong encryption as one of many standard security features," Schmidt points out, "and we provide them the option to manage their own encryption keys."

While it's always good to see companies open up about transparency, it's fair to say that Amazon hasn't gone quite as in-depth with its explanations as, say, Google and other firms have done in their own reports. That may well improve over time, however, or as the hosting company's customers become more vocal about what they expect in return for their subscriptions.

SOURCE Amazon [PDF link]

Recommended