AWS Finally Releases Data Documenting Government Surveillance Efforts


Printer-friendly version Email this CRN article

Schmidt said Amazon's policy is to notify customers before disclosing any of their information. The only time the company won't do that is when there's a legal prohibition or clear signs that the service is being used for criminal purposes.

Still, the company is no pushover and typically flexes its legal muscles to ensure governments adhere to legal boundaries, according to Schmidt.

"We have repeatedly challenged government subpoenas for customer information that we believed were overbroad," Schmidt said.

Those challenges have resulted in court rulings that "have helped to set the legal standards for protecting customer speech and privacy interests," he said.

Amazon has also lobbied Congress to modernize "outdated privacy laws." The company believes law enforcement agencies must be obligated to obtain search warrants from courts before they can go after the communications of customers.

Amazon recognizes "the legitimate needs of law enforcement agencies to investigate criminal and terrorist activity, and cooperate with them when they observe legal safeguards for conducting such investigations," Schmidt said. But the company opposes laws that either mandate or prohibit specific technologies that make customers more vulnerable to intrusion.

AWS users have the option of using security features available on the platform, including managing their own encryption keys, Schmidt noted.  

While Amazon's position might represent a principled stand against government surveillance, it's also good business, according to one AWS partner.

"In our experience, one of the top questions that any corporation or individual has when moving their data to the cloud is, is my data safe?" said Aater Suleman, CEO of Flux7, an AWS partner based in Austin, Texas.

While there are many ways to define safety in the online world, the three most common concerns of his customers, Suleman said, are hackers breaking in, the cloud vendor accessing their data and the vendor sharing their data with a third party.

Printer-friendly version Email this CRN article