Big Brother, Inc: Amazon devices share your network connection without your consent?

AP Photo/John Locher

Say, remember when everyone warned consumers about network security and urged them to encrypt their wireless networks at home? Good times, good times. Starting today, your Amazon Echo and Ring systems will default to opening a “small slice” of your wireless networks as part of their new Sidewalk program to neighbors, and, er … anyone else within range of your house.

What could go wrong? Not much, says the New York Times:

Depending on your perspective, Sidewalk is either terrific news about some potentially cool capabilities for your smart-home devices or a ham-fisted and terminally awful privacy and security gamble that offers little benefit to device owners while further expanding Amazon’s already sizable reach into American households. We think it’s actually a little of both. …

Somewhat understandably, plenty of people are expressing grave concern that allowing strangers to connect to your networked devices is inherently risky. The main worry is that, per Murphy’s Law, inevitably something will go wrong and either a hacker or some unwitting device owner will have access to someone else’s personal data. In short, the concern is that Amazon is opening a window that wasn’t there before and is greatly increasing risk to its customers. …

On a practical level, however, we actually trust Amazon’s software and security chops as much as or more than we trust those of just about any other major tech company. Amazon’s retail business is a trusted partner that supports more than a million transactions a day, and its cloud services are relied upon by a who’s who of the Fortune 500 (including The New York Times), along with the CIA and who knows how many state and government agencies. “I know there have been some issues with Alexa recordings, but in terms of security I would trust Amazon as one of the top one or two companies around,” Alrawi says. “And from our labs, when looking at Amazon Alexa devices, they’re one of the ones that rank highly in terms of security.”

The NYT asked one internet service provider for comment, and the anonymous spokesperson called it “straight-up theft.” They also warned that consumers allowing such use might find themselves disconnected for violating their terms of service. “It is not Amazon’s network to be sharing,” he added:

We spoke to one representative of a major internet service provider (they requested anonymity due to legal concerns) that has been in high-level conversations with other ISPs. The rep confirmed those concerns, further stating: “Amazon does not have the right to do this, full stop. I can speak for the industry when I say we all have similar types of terms of service, which are designed to protect our networks and the data and privacy of our customers, and it is not Amazon’s network to be sharing—they are putting their customers in violation of their agreements with their providers, and it is straight-up theft.” When asked to comment, an Amazon spokesperson stated, “Most standard ISP terms would not prohibit activities like participating in Sidewalk.”

Well, that’s comforting. Not everyone is as sanguine about the potential dangers for consumers in opening a hole in their network security either. Technology columnist Geoffrey Fowler at the Washington Post, owned by Amazon founder and CEO Jeff Bezos, says we should be worried — very worried:

Sidewalk will blanket urban and suburban America with a low-bandwidth wireless network that can stretch half a mile and reach places and things that were once too hard or too expensive to connect. It could have many positive uses, such as making it easier to set up smart-home devices in places your WiFi doesn’t reach. (That can help your neighbors, and you.) But by participating, you also have no control over what sort of data you’re helping to transmit. In communities where Amazon Ring devices already over-police many doors and driveways, Sidewalk could power more surveillance, more trackers — maybe even Amazon drones.

Amazon seems oblivious to many obvious consumer concerns with its increasingly invasive technology. So let me say it: Remotely activating our devices to build a closed Internet of Amazon is not okay. …

Sidewalk authorizes your Echo to share a portion of your home’s Internet bandwidth. It’s up to 500 megabytes per month — the rough equivalent of more than 150 cellphone photos. Amazon caps it at a rate of 80 Kbps, which the company says is a fraction of the bandwidth used to stream a typical high-definition video. Still, this traffic could count toward your Internet service provider’s data cap, if you’ve got one. The bill will be paid by you, not Amazon.

The security issues could be much wider than Amazon or the NYT think, too, although Fowler’s concerns there are speculative. But he wonders what Amazon will eventually do with its consumer-funded private network:

Today Amazon talks about Sidewalk as a way to help the roughly quarter of American homes with smart-home appliances get and stay connected. But Amazon doesn’t usually have small ambitions.

At the very least, Sidewalk could massively increase the reach of Amazon’s thriving but controversial Ring security business, which police forces tapped for more than 20,000 requests for footage in 2020. Sidewalk would allow people and organizations to put Ring devices in places that weren’t possible before.

The most egregious issue for Fowler and other critics is Amazon’s opt-out position. Sidewalk automatically enables on their devices; consumers have to go through a multi-step process to turn it off. Why didn’t Amazon ask consumers’ permission before essentially hijacking a portion of their Internet service? As Fowler points out, a small slice of the network used constantly can add up to a lot of data.

And let’s not forget why security experts warned about locking our home networks in the first place. People with nefarious intent kept finding unencrypted home and business networks through which they could hack other users, download and upload illegal materials, and more. Investigators occasionally arrested the homeowners for those violations before realizing that the network had been hijacked by the real perps. Opening holes in that security while saying “trust us” should be a big concern for all of us — and perhaps yet another indication that Amazon has grown big enough to become a privacy threat. Or at least a “straight-up theft” threat.