Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Amazon Details Government Data Requests in First Transparency Report

Amazon has received nearly 1,000 information requests from government agencies in the first five months of 2015, according to the electronic commerce company’s bi-annual information request report.

Amazon has received nearly 1,000 information requests from government agencies in the first five months of 2015, according to the electronic commerce company’s bi-annual information request report.

A majority of tech giants have been keeping their customers informed on the number of information requests they receive and how many of them they comply with. Amazon hasn’t done so until Friday, when it released its first transparency report.

Amazon said it had received a total of 813 subpoenas between January 1, 2015, and May 31, 2015. The company provided all of the information requested for 542 of these subpoenas, it provided partial information in 126 cases, and no information in 145 cases.

As far as search warrants are concerned, Amazon received 25 and provided full or partial information in response to 21 of them. The company said it got 13 court orders and provided information in response to nine of them.

Information requests received by Amazon didn’t come only from U.S. government agencies. The company received a total of 132 non-US requests. Many of them appear to have been valid since the e-commerce giant provided full information in 108 cases and partial information in seven cases.

The transparency report shows that Amazon only received one removal request in the first five months of 2015 and the company complied with it.

Organizations are not allowed to disclose the exact number of national security requests they get, but Amazon says it has received between 0 and 249 such requests. Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), believes Amazon “almost certainly” received a National Security Letter (NSL) or Foreign Intelligence Surveillance Act (FISA) order.

Stephen Schmidt, VP of security engineering and CISO at Amazon Web Services, explained in a blog post that the company only discloses customer information when it’s required to comply with a legally valid and binding order.

Schmidt has also pointed out that Amazon has never taken part in the NSA’s controversial PRISM program, and the company repeatedly challenged subpoenas it viewed as being overbroad.

“While we recognize the legitimate needs of law enforcement agencies to investigate criminal and terrorist activity, and cooperate with them when they observe legal safeguards for conducting such investigations, we oppose legislation mandating or prohibiting security or encryption technologies that would have the effect of weakening the security of products, systems, or services our customers use, whether they be individual consumers or business customers,” said Schmidt.

Related: Microsoft Opens Transparency Center in Europe to Allow Governments to Examine Source Code

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...