Amazon Sued Over Illegal Retention of Child Recordings Through Alexa



Amazon is being sued by a Massachusetts woman for unlawfully recording and storing the voices of children with its Alexa-enabled devices; the lawsuit filed in Seattle this week, claims that Amazon is contributing to a massive database by harnessing private details of millions of Americans via voice recordings.
Children, as a matter of fact, don’t fully understand the “potentially invasive uses of big data by a company the size of Amazon” and they “use Alexa without any understanding or warning that Amazon is recording and voice-printing them”, according to the lawsuit.
Criticizing Amazon’s methodologies, the two law firms, Quinn Emanuel Urquhart & Sullivan and Keller Lenkner alleged that the company decides to retain the actual voice recordings in spite of having an option to encrypt user voices. According to the complaint filed by these firms on behalf of an anonymous minor, Amazon stores the voices to examine it in the future and deploy the same for commercial profit.
Referencing from the Lawsuit, “It takes no great leap of imagination to be concerned that Amazon is developing voiceprints for millions of children that could allow the company (and potentially governments) to track a child’s use of Alexa-enabled devices in multiple locations and match those uses with a vast level of detail about the child’s life, ranging from private questions they have asked Alexa to the products they have used in their home,
The company is “allowing workers around the world to listen to the voice recordings and creating voiceprints of the users, which can be used to identify them when they speak to other devices in other locations,” the lawsuit reads.
Referenced from the statements given by a spokeswoman to BBC, “Amazon has a longstanding commitment to preserving the trust of our customers and their families, and we have strict measures and protocols in place to protect their security and privacy.”
Commenting on the matter during his conversation with Yahoo Finance,” Travis Lenkner, one of the plaintiffs’ attorneys, said,
“The legal theory is very straightforward. These kids themselves never consented, if they even could. No one such as a parent ever consented on their behalf,”
“Amazon purports to obtain consent to record individuals who set up an Alexa-enabled device,” the complaint states. “But there is a large group of individuals who do not consent to be recorded when using an Alexa-enabled device and who use Alexa without any understanding or warning that Amazon is recording and voice printing them: children.”
“Every recording that is made of a child, by Amazon through the Alexa software in one of these nine states is ... a per se violation of the privacy laws of those states and carries statutory penalties along with it,”
Delving further into the matter, Lenkar explains “It builds voiceprints of individual users”, “so if a child uses an Alexa device in California, and then uses another one in Washington, Amazon theoretically knows it’s the same person.” The device creates a unique identity for each person based on their voice.”
The fact that Amazon could potentially overwrite the voice recordings and yet chose not to, given that doing so would not hinder the performance of the assistant, further worsens the matter on which the company is expected to provide answers in greater detail very soon.





Amazon granted patent for Bitcoin-style system

Cryptocurrency rumor mongers are likely to be dancing today as Amazon has successfully filed a patent for a Bitcoin-styled Proof-of-Work system. But don’t get ahead of yourself, it doesn’t look like the Seattle-based ecommerce giant will be accepting Bitcoin for payments.

Despite first being filed in December 2016, Amazon’s patent application was granted earlier this week and appears to outline a system that uses Proof-of-Work to prevent distributed denial-of-service (DDoS) attacks.

“One way to mitigate against such attacks is to configure a service such that requests to the service incur some sort of expense, thereby providing a disincentive to participating in the attack,” the application reads.

Planting a Merkle Tree

Amazon proposes to use Merkle Trees to present a Proof-of-Work challenge and make it too costly for a series of computers to perform a DDoS attack.

But what’s a Merkle Tree? In short, Merkle Trees are cryptographic tools where blocks of data are manipulated to give them a unique identifier also known as a hash.

These hashes are then manipulated again to create a parent hash. Parent hashes are always a combination of two or more child hashes. It’s layers on layers of hashed data.

Since computing power is required to build a Merkle Tree, performing such hashes could get very costly in terms of time, electricity, and resources. In turn, this makes DDoS attacks economically unfeasible.

In the case of Amazon’s patent, imagine having to construct a Merkle Tree before you’re allowed to access a website hosted on one of its servers. To an individual the cost might be insignificant, but to an organization trying to carry out a DDoS attack – which might involve many hundreds of computers – it could become prohibitively expensive.

Merkle Trees are also used in Proof-of-Work blockchains like Bitcoin as part of its consensus mechanism. But for now that’s as close as Amazon will get to Bitcoin.

Amazon's Alexa storing all the voice recordings





Amazon’s Alexa may delete your voice recordings but it keeps the automatically produced transcripts in the company's cloud, according to reports.

According to CNET report, all the voice commands said to the virtual assistant should be deleted from the server, but the company saves all the text logs. 

The company stores all its data on its cloud servers, which could not be deleted by the users. Meanwhile, the company claims that they are working to make the data inaccessible. 

"When a customer deletes a voice recording, we also delete the corresponding text transcript associated with their account from our main Alexa systems and many subsystems, and have work underway to delete it from remaining subsystems," an Amazon spokesperson said in an email.

After revelation of the report, more than a dozen consumer advocacy groups plan to file a complaint against the company with the Federal Trade Commission.

The company is violating federal laws as they are not seeking parental consent before collecting data on children through Echo devices. 

Amazon Hit by an “Extensive” Fraud; Reveals That Unidentified Hackers Were Able To Siphon Funds from Merchant Accounts




Amazon.com Inc. reveals that unidentified hackers were able to siphon assets from merchant’s accounts for over six months just the last year from the MNC.

The company believes that it was hit by quite an extensive fraud attack, this serious  attack which occurred between May 2018 and October 2018, had the attackers break into around 100 seller accounts and channel money from either loans or sales into their own respective bank accounts, as indicated by a U.K. legal document.

A redacted filing has been made by Amazon's legal advisors from November which was now made public.

While the MNC was still "investigating the compromised accounts" and trusted that hackers figured out how to change subtleties of the accounts on the Seller Central Platform to their very own at Barclays Plc and Prepay Technologies Ltd., which is mostly claimed by MasterCard Inc., as indicated by the filing. Amazon found that the accounts were likely undermined by phishing strategies that fooled the sellers into surrendering the confidential login data.

Since the attorneys for Amazon have asked a London judge to favour pursuits of account statements at Barclays and Prepay, which "have become innocently mixed up in the wrongdoing," the case is progressively being featured as the one where the world's greatest online retail platform is being abused and how troublesome it is for Amazon to locate the real culprits.

While Barclays declined to remark explicitly on the case and delegates for Prepay didn't return emails looking for their comments for the same. Amazon expressed its requirement for the documents “to investigate the fraud, identify and pursue the wrongdoers, locate the whereabouts of misappropriated funds, bring the fraud to an end and deter future wrongdoing," the company's legal counsellors said in the court filing.

The first fraudulent transfer is said to have been occurred on May 16, as indicated by the filing and Amazon said Tuesday that it issued more than $1 billion in loans to merchants in 2018.

Regardless it's unclear how much the hackers stole.


Hundreds of millions of Facebook users data exposed on Amazon cloud servers




Security researchers have found a large data trove exposed  to public on Amazon's cloud computing servers.

The security experts at a cybersecurity firm, UpGuard found two separate sets of Facebook user data on public Amazon cloud servers, the firm wrote a detail blogpost. 

One of the dataset that was exposed belonged to the Mexican media company Cultura Colectiva, which contained more than 540m records, including likes, comments, reactions, Facebook IDs, account names, etc. While, the other set belonged to a defunct Facebook app named ‘At the Pool’, which was significantly smaller, but contained plaintext passwords for 22,000 users.

‘’The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each. What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third party developers,’’ the blogpost.

‘’Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak,’’ it further added.

However, Facebook has launched an investigation into the matter, but they do not the nature of the data, how it was collected or why it was stored on public servers. The company said it will inform users once they will find evidence that the data was misused.




Saudi Arabia behind Jeff Bezos' phone hack




The investigators of Amazon chief’s release of intimate images believes that Saudi Arabian authorities were behind it.

According to the security officer of Amazon boss Jeff Bezos 
the Saudi Arabian authorities hacked into his phone, and obtained private data from it. 

Gavin De Becker, a longtime security consultant, launched the investigation after the National Enquirer published intimate texts between Bezos and his mistress, a television anchor Lauren Sanchez.

Last month, Bezos accused the newspaper’s owner of trying to blackmail him with the threat of publishing 'intimate photos' he allegedly sent to Sanchez unless he said in public that the tabloid’s reporting on him was not politically motivated.

"Our investigators and several experts concluded with high confidence that the Saudis had access to Bezos' phone, and gained private information," de Becker wrote on The Daily Beast website.

Last month,  the incident came into light when Mr Bezos acccused the owner of the tabloid of threatening him to publishing the ”intimate photos" that he allegedly sent to Ms Sanchez unless he did not publicly state that the tabloid's coverage of him was not politically motivated.





"US’ Giant Military Contract Has a Hitch", Says Deap Ubhi, an Entrepreneur of Indian Descent.





The founder of a local search site “Burrp!”, Deap Ubhi is a lesser known entrepreneur.

He joined Amazon in 2014 and motivated start-ups and other organizations to embrace cloud computing products.

He in less than a couple of years left, on a journey to start a company that furnished technology to restaurants.

Later on, he joined a Pentagon effort to employ techies. He wished to make a super effective search engine and according to what he said, also to help American people.

But as it turns out, Ubhi’s part in the Pentagon has landed him right in midst of one of the most prominent federal IT contracts.

A $10 billion deal of getting cloud computing to Pentagon, attracted the top tech companies when the project was announced in 2017.

Microsoft, Amazon, IBM, Oracle and Google, all wanted to seal the deal in their own ways.



But there was a catch to it all; the contract would go to only ‘one’ cloud vendor. And Amazon happened to close the deal with the capability of fulfilling Pentagon’s demands.

This is where Ubhi came in, especially his ties with Amazon, a place where he now works again.

Oracle, who under no circumstances could have landed the deal, vehemently criticized the one-vendor attitude.

The organization is now fighting in a federal court about Ubhi’s alleged inclination towards Amazon and its effect on the said deal.

Before the suit was filed, Pentagon had no found no suspicious influence of Ubhi and hence kept evaluating the deal despite Oracle’s lawsuit.

Further on, more information about Ubhi was discovered and Pentagon declined a request for disclosing it.

The winner of the deal was to be announced in April. When contacted by Amazon, both Ubhi and Pentagon refused to comment.

Oracle didn’t comment on the issue outside the court but during the proceedings it mentioned Ubhi’s outspoken inclination towards Amazon by providing the proof of a tweet via Ubhi’s handle.

According to the White house press secretary, the president of the US is not a part of this war of the vendors.



President Trump has never been involved in a government contract before so if he as much as even points at something regarding this situation it would be a first.

The cloud contract is being overseen by a Defense Department Procurement Official, commonly known as the Joint Enterprise Defense Infrastructure (JEDI).

The detection of the officials who’s actually chose the winner has not been made yet.

The Pentagon’s transition to cloud computing is being seen to by a team directed by the chief information officer, Dana Deasy.

Cloud computing would contribute a lot in the battlefield and hence the American government is keen on giving the contract to the best.

Reportedly, for some time Ubhi worked on a market research for JEDI while he was working at Pentagon.

Oracle in the court cited the internal documents where Ubhi articulated support towards a single cloud approach.

Oracle also thinks Ubhi had something to do with the decision to select a single cloud provider.



In return, Amazon said that Ubhi worked on JEDI only for seven weeks that too at the early stages and that there were over 70 people involved in the development.

Amazon and Ubhi’s ‘Tablehero’ were to engage in a partnership of which there is no proof as yet. Ubhi hasn’t been replying to the emails of investors either.

Pentagon mentioned that the single cloud would let the movement be faster and ensure more security. This statement was later asserted by the Government Accountability Office.

Both IBM and oracle filed heavy protests against the Government accountability Office which was later denied in Oracle’s case and rejected for IBM.

Oracle, which has a small cloud market shares, then took the issue to the federal courts of the US.

The Oracle lawsuit stands to profit Microsoft as it now has improved capabilities and hence could be a strong competitor to Amazon.

It doesn’t matter whether Ubhi molded the contract. Pentagon’s justifications support its decision to use a single cloud approach.

The major motivation behind the decision has always been helping the defense make better data driven decisions.


Amazon, Microsoft calls for Regulation on Face Recognition




Amazon is batting in favor of regulating and legislating the use of facial recognition technology and has written a  long, detailed blog post detailing its stand on the issue.

In the blog post written by the Vice-President of Global Public Policy at Amazon Web Services (AWS),  Michael Punke, the company revealed its "proposed guidelines" for the use of the technology by the companies, so that it cannot be used to discriminate. 

Punke wrote that the company “supports the creation of a national legislative framework covering facial recognition through video and photographic monitoring on public or commercial premises.”

Amazon has faced criticism after tests by civil rights groups and ACLU found out that Amazon's face Rekognition functions are less accurate for black people. In January, two researchers reported an Amazon Web  Services that determine the gender of the people in photos is also less accurate in the case of black women. 

However, Amazon refuted the claims of the studies saying that the Rekognition was “not used properly"  by the researchers.
Amazon wants legislation “that protects individual civil rights and ensures that governments are transparent in their use of facial recognition technology,” Punke wrote. 
The blog post is seen as the move to counter the facial recognition backlash.

Artificial Intelligence Is What’s Protecting Your Microsoft, Google And Similar Accounts





Artificially intelligent systems are quite on the run these days. The new generation believes a lot in the security system which evolves with the hackers’ trickery.

Microsoft, Google, Amazon, and numerous other organizations keep the faith in artificially intelligent security systems.

Technology based on rules and designed to avert only certain and particular kinds of attacks has gotten pretty old school.

There is a raging need for a system which comprehends previous behavior of hacking or any sort of cyber attacks and acts accordingly.

According to researchers, the dynamic nature of machines, especially AI makes it super flexible and all the more efficient in terms of handling security issues.

The automatic and constant retaining process certainly gives AI an edge over all the other forms.

But, de facto, hackers are quite adaptable too. They also usually work on the mechanical tendencies of the AI.

The basic way they go around is corrupting the algorithms and invading the company’s data which is usually the cloud space.

Amazon’s Chief Information Security Officer mentioned that via the aforementioned technology seriously aids in identifying threats at an early stage, hence reducing the severity and instantly restoring systems.

He also cited that despite the absolute aversion of intrusions being impossible, the company’s working hard towards making hacking a difficult job.

Initially, the older systems used to block entry in case they found anything suspicious happening or in case of someone logging in from an unprecedented location.

But, due to the very bluntness of the security system, real and actual users get to bear the inconvenience.

Approximately, 3% of the times, Microsoft had gotten false positives in case of fake logins, which in a great deal because the company has over billions of logins.

Microsoft, hence, mostly calculates and analyzes the technology through the data of other companies using it too.
The results borne are astonishing. The false positive rate has gotten down to 0.001%.

Ram Shankar Siva Kumar, who’s Microsoft’s “Data Cowboy”, is the guy behind training all these algorithms. He handles a 18-engineer team and works the development of the speed of the system.

The systems work efficiently with systems of other companies who use Microsoft’s cloud provisions and services.

The major reason behind, why there is an increasing need to employ AI is that the number of logins is increasing by the day and it’s practically impossible for humans to write algorithms for such vast data.

There is a lot of work involved in keeping the customers and users safe at all times. Google is up and about checking for breachers, even post log in.

Google keeps an eye on several different aspects of a user’s behavior throughout the session because an illegitimate user would act suspiciously for sure, some time or the other.

Microsoft and Amazon in addition to using the aforementioned services are also providing them to the customers.

Amazon has GuardDuty and Macie which it employs to look for sensitive data of the customer especially on Netflix etc. These services also sometimes monitor the employees’ working.

Machine learning security could not always be counted on, especially when there isn’t enough data to train them. Besides, there is always a worry-some feeling about their being exploited.

Mimicking users’ activity to degrade algorithms is something that could easily fool such a technique. Next in line could be tampering with the data for ulterior purposes.

With such technologies in use it gets imperative for organizations to keep their algorithms and formulae a never-ending mystery.

The silver lining though, is that such threats have more of an existence on paper than in reality. But with increasingly active technological innovation, this scenario could change at any time.