The company gathers a vast array of information on its US customers, and it started making that data available to all upon request early last year, after trying and failing to defeat a 2018 California measure requiring such disclosures
Center for Investigative Reporting and tech outlet Wired reviewed Amazon.com Inc documents that revealed a critical failure to protect the information of consumers as the e-commerce giant amassed a lucrative trove of personal data on millions of American consumers.
The company gathers a vast array of information on its US customers, and it started making that data available to all upon request early last year, after trying and failing to defeat a 2018 California measure requiring such disclosures.
Amazon executives and staffers detail these lobbying victories in confidential documents reviewed by Reuters.
In Virginia, the company boosted political donations tenfold over four years before persuading lawmakers this year to pass an industry-friendly privacy bill that Amazon itself drafted. In California, the company stifled proposed restrictions on the industry’s collection and sharing of consumer voice recordings gathered by tech devices. And in its home state of Washington, Amazon won so many exemptions and amendments to a bill regulating biometric data, such as voice recordings or facial scans, that the resulting 2017 law had “little, if any” impact on its practices, according to an internal Amazon document.
The architect of this under-the-radar campaign to smother privacy protections has been Jay Carney, who previously served as communications director for Joe Biden, when Biden was vice president, and as press secretary for President Barack Obama. Hired by Amazon in 2015, Carney reported to founder Jeff Bezos and built a lobbying and public-policy juggernaut that has grown from two dozen employees to about 250, according to Amazon documents and two former employees with knowledge of recent staffing.
One 2018 document reviewing executives’ goals for the prior year listed privacy regulation as a primary target for Carney. One objective: “Change or block US and EU regulation/legislation that would impede growth for Alexa-powered devices,” referring to Amazon’s popular voice-assistant technology. The mission included defeating restrictions on artificial intelligence and biometric technologies, along with blocking efforts to make companies disclose the data they keep on consumers.
The document listed Carney as the goal’s “primary owner” and celebrated killing or amending privacy bills in “over 20 states.”
In an August interview with Reuters, Amazon CEO Andy Jassy declined to comment on why the company has opposed major privacy-protection bills but said: “We have always been very passionate about the privacy of our customers.” An Amazon webpage that explains Alexa calls privacy the technology’s “foundational principle.”
In a statement, Amazon said: “The premise of this story is flawed and includes reporting that relies on early, incomplete drafts of documents to draw incorrect conclusions.” The company said it protects consumers’ privacy and doesn’t sell their data. “We know we must get privacy right in order to meet our customers’ high expectations.”
Amazon said the 2018 document listing Carney’s goals to defeat privacy regulation is “out-of-date” and does not reflect the company’s current public-policy objectives. The company said it has opposed “poorly crafted” state privacy bills. It said it would prefer a federal law that “requires transparency about data practices, prohibits the sale of personal data without consent, and ensures that consumers have the right to request access to and delete their personal information.”
Amazon’s lobbying against privacy protections aims to preserve the company’s access to detailed consumer data that has fueled its explosive online-retailing growth and provided an advantage in emerging technologies, according to the Amazon documents and former employees. The data Amazon amasses includes Alexa voice recordings; videos from home-camera systems; personal health data from fitness trackers; and data on consumers’ web-searching and buying habits from its e-commerce business.
Some of this information is highly sensitive. Under a 2018 California law that passed despite Amazon’s opposition, consumers can access the personal data that technology companies keep on them. After losing that state battle, Amazon last year started allowing all U.S. consumers to access their data. Seven Reuters reporters obtained and examined their own Amazon dossiers.
One found that Amazon had more than 90,000 recordings Alexa devices made of the reporter’s family members since 2017. In some, young children are heard asking questions about sexual anatomy, including: “Alexa, what is a vagina?”
Another reporter found that Amazon had detailed accounts of her Kindle e-reader sessions and a customer profile which included her family’s “Implicit Dietary Preferences.”
Alexa devices also pulled in data from iPhones and other non-Amazon gear – including one reporter’s iPhone calendar entries, with names of people he was scheduled to contact.
Most consumers don’t understand how much personal information they cede to technology firms, said David Choffnes, a privacy researcher at Boston’s Northeastern University.
“When’s the last time you let a stranger into your house and let them listen to your conversations, watch your TV, look at the comings and goings on your video cameras?” he asked. “The company is a stranger in your personal space, following you around.”
Asked about the information it harvests, Amazon said customers appreciate that it personalizes services for them, such as shopping recommendations or music selections on smart speakers, “based on the data we collect.”
Amazon said it wants one national privacy law rather than a “patchwork” of state regulations. Asked for details of any federal privacy legislation it has supported, Amazon did not name a specific bill. The company did provide three examples of what it described as statements of public support by its executives for federal consumer-privacy legislation.
In those cases, Reuters found, the executives were expressing either direct opposition to such a law, opposition to existing state privacy protections, or advocacy for industry-friendly measures opposed by consumer advocates. No major federal privacy legislation has passed Congress in years because members have been deadlocked on the issue.
‘A force for good’
Carney and his deputies set the tone for a more aggressive lobbying operation early in his tenure, drafting a strategy memo for a new global corporate-affairs department that combined public-policy and public-relations teams.
The memo was written in 2015 with the help of communications executive Drew Herdener and public-policy leader Brian Huseman. A draft version asserted that “journalists and policymakers should respect Amazon as a force for good” because it improves customers’ lives and creates “millions of jobs and broader economic prosperity.”
As executives edited the draft, Herdener summed up a central goal in a margin note: “We want policymakers and press to fear us,” he wrote. He described this desire as a “mantra” that had united department leaders in a Washington strategy session.
The final 4,200-word version, which Carney presented to Amazon’s board of directors in November 2015, vowed the department would ensure “journalists and policymakers don’t take for granted the good that Amazon does when they speak publicly about us and make decisions affecting our business or reputation.”
Carney told the directors that the company’s success had made it a “bigger and more frequent target for critics,” according to a copy of his presentation. Calling Amazon’s previous lobbying strategies “frugal” and “narrow,” Carney advised a more ambitious approach.
Amazon did not make Carney and his deputies available for interviews. In its statement, the company said Herdener’s “fear us” comment was an editing remark on an unfinished draft.
Among the Carney team’s first targets was a Washington state bill to regulate biometrics, including voice recordings, fingerprints and face scans. State House Rep. Jeff Morris, chair of the technology committee, introduced a measure in January 2015 seeking to give consumers more control over such data.
The bill eventually passed in 2017, but only after lobbyists for Amazon and other firms had chiseled away at its privacy protections by convincing lawmakers to insert alternative language, often verbatim, according to emails between lawmakers and Amazon lobbyists obtained by Reuters through public-records requests.
When the law passed, Democratic state lawmakers touted it as the “first of its kind in the country to protect individual privacy rights associated with biometric identifiers.”
Amazon’s public-policy team had a different take in a 2017 U.S. policy update on digital devices: The team, it said, had negotiated “favorable changes” that meant the law would have “little, if any, direct impact on Amazon’s practices.”
Amazon representatives never took a public position on the bill, relying instead on trade groups the company funded to oppose it at hearings, according to Amazon documents and public records of the debate. That was part of a larger strategy, former staffers said, allowing Amazon to avoid public heat for opposing consumer-protection measures.
Outside lobbyist Kim Clauson took the lead in fighting the Washington bill. Clauson said in emails to Morris that the bill’s definition of “biometric identifier” was overbroad and that consumer notification and consent requirements would only confuse people.
The emails show Clauson won an exemption for voice recordings, sparing Alexa devices from regulation. In February 2016, she emailed Morris and Rep. Mark Harmsworth, a Republican co-author, seeking changes to the biometric-data definition. A technology-committee staffer confirmed in an email to the authors that the bill had been amended with “the exact definition for biometric information provided by Amazon.”
In 2017, the two legislators widened that definition in a way that might apply to voice recordings. That drew a rebuke from Clauson, who emailed Harmsworth saying: “We do not agree to the definition.” She sent him a bill markup from privacy consultant Leslie Dunlap calling the definition “not acceptable.” Amazon paid Dunlap’s firm $15,000 a month, a 2017 Amazon public-policy planning document shows.
The lawmakers again narrowed the definition and exempted voice recordings, the emails show.
Clauson and Dunlap declined to comment.
Harmsworth and Morris have since left the Washington legislature. Both said the economic impact of Amazon and the technology industry factored into their decisions. Morris said the authors sought a “middle ground” that protected consumers without harming companies including Amazon, a major state employer. Both said Amazon did not have outsized influence.
“It’s not like Amazon is telling us that we’re going to write this bill the way they want it,” Harmsworth said.
Consumer advocates considered the resulting law essentially worthless, said Shankar Narayan, a lawyer at the time for the American Civil Liberties Union of Washington state. “It’s riddled with so many holes; it’s like a Swiss cheese,” Narayan said. “It falls in the category of bills that try to make you feel better about biometrics without providing meaningful protection.”
Amazon said it opposed the original bill, along with other companies, because it hampered innovation. “We worked to educate lawmakers on the unintended consequences,” the company said.
With inputs from agencies