Tag Archives: Amazon

Amazon’s “Ring” On The Congressional Privacy Hot Seat



The House Oversight and Reform Subcommittee on Economic and Consumer Policy, asked for a range of information, including copies of all agreements the company has reached with local governments going back to 2013, details on integration of any facial recognition tools and instances where law enforcement has requested video footage from Ring.

Click to access 2020-02-19.RK%20to%20Huseman-Amazon%20re%20Ring%20%281%29.pdf


“The Subcommittee on Economic and Consumer Policy is writing to request documents and information about Ring’s partnerships with city governments and local police departments, along with the company’s policies governing the data it collects,” Krishnamoorthi wrote.  “The Subcommittee is examining traditional constitutional protections against surveilling Americans and the balancing of civil liberties and security interests.”

Ring reportedly works closely with local governments and police departments to promote its surveillance tools and has entered into agreements with cities to provide discounts on Ring products to their residents in exchange for city subsidies.  Reports also indicate that Ring has entered into agreements with police departments to provide free Ring products for giveaways to the public.

Ring reportedly tightly controls what cities and law enforcement agencies can say about Ring, requiring any public statement to be approved in advance.   In one instance, Ring is reported to have edited a police department’s press release to remove the word “surveillance.”

“The Subcommittee is seeking more information regarding why cities and law enforcement agencies enter into these agreements,” wrote Krishnamoorthi.  “The answer appears to be that Ring gives them access to a much wider system of surveillance than they could build themselves, and Ring allows law enforcement access to a network of surveillance cameras on private property without the expense to taxpayers of having to purchase, install, and monitor those cameras.”

The Subcommittee demands Amazon provide information about these partnerships dating back to January 1, 2013.”


Military Veterans Can Jump-Start Careers In IT With This New, Free Program


Veteran and Apprenti graduate Mike Cooper addresses the crowd at the 2018 Amazon Apprenti graduation. Also in attendance (from left to right) was Apprenti Executive DirectorJennifer Carlson, Washington Gov. Jay Inslee and Ardine Williams, Amazon’s senior vice president of business operations. (Photo provided by Apprenti)


“Many veterans face a frustrating catch-22 upon exiting the military: Most jobs require experience, but it’s almost impossible to get experience without a job.

That’s where a program like Apprenti comes in. It removes the burden of experience and education by immediately placing qualifying veterans in relatively well-paying technology apprenticeships, where they will learn the skills required to succeed in the industry.”


“A lot of those who come to us are not prepared to go back to college for four more years and use their GI Bill that way,” said Jennifer Carlson, executive director of both Apprenti and the Washington Technology Industry Association Workforce Institute, based in the state of Washington.

“They want to go to a job,” she continued. “This is a great transition point with a much more accelerated time investment to a career.”

It’s a simple process: Veterans take a free online assessment that tests them on both basic math abilities and soft skills like leadership qualities and critical thinking. They have two tries to pass it and must wait three months before trying again if they don’t.

Once they pass, the top one-third of candidates will be offered interviews at tech companies including but not limited to industry giants like Microsoft and Amazon. They will stay in this apprenticeship — earning a median salary of $51,000 per year, plus benefits — for a minimum of one year, and if all goes well, they will be offered a permanent job upon graduation.

The program is GI Bill-eligible, so veterans will be able to use the benefit to pay for living expenses. And some of the larger companies Apprenti places candidates in are even willing to help out with university tuition for veterans seeking a more formal education once they are hired on full-time.

According to Carlson, 85 percent of the participants Apprenti places are retained by the company with which they did their apprenticeship. She also said that 46 percent of placements begin the program without a degree of any kind, but they still land jobs with titles like software developer and system administrator.

“These are middle-skills jobs, not entry-level ones like a help desk,” she said. “These are jobs that have natural career progressions, and you’re going to grow with your company.”

These apprenticeships are different from internships, which usually require affiliation with a university, only last about three to five months and tend to be less focused on doing one specific job.

None of that applies to these apprenticeships, which are open to anyone 18-and-over, last at least a year and ensure you receive training in the role in which the company hopes to retain you.

“You are a hire. You are in that job. The company is paying you a training wage, which is where you get to earn and learn,” Carlson said. “Internship is try-before-you-buy, and apprenticeships are train-to-retain.”

A group of Apprenti participants pose in 2017 before they embark on their one-year apprenticeships with Amazon's web-services division. (Photo provided by Apprenti)

A group of Apprenti participants pose in 2017 before they embark on their one-year apprenticeships with Amazon’s web-services division. (Photo provided by Apprenti)

Apprenti has only been around since late 2016, but Carlson said that the number of graduates these companies keep has already grown from a “handful or two” to the hundreds. She expects to place over 450 apprentices in tech jobs around the country in 2019.

Carlson said that 58 percent of Apprenti placements are veterans, many of who are feeling stuck, despite often having professional experience and some education.

“When we look at where competency lies, you have a lot of people who choose to go to second-tier colleges and who are working while in school,” Carlson said. “They have skills, they did the college thing, they just didn’t do STEM. So they have the competency to do the work, but they have no pathway in, short of going back to school and taking on that debt.”

The other part of this equation is the boon to the tech sector, which Carlson described as being severely understaffed across the board. She said that the industry currently has 2 million vacancies, yet only 65,000 students a year are graduating with the necessary computer-science degrees to fill those roles.

Through her experience with the group based in Washington state, Carlson determined that tech companies were reeling both from this labor shortage and a lack of “people who were actually work-ready coming to them, which they didn’t feel many college students were.”

Enter Apprenti.

“Our thesis is that we can find highly competent people, without regard to pedigree,” Carlson said.

So, if you’re a veteran unsure what to do next and are interested in tech jobs — or just want to find work with benefits that could pay a median annual salary of $78,000 after a year of on-the-job training — Apprenti might be exactly what you need to jump-start a new career.”


Tech Giants Play the DC Influence Game to Win Pentagon Cloud Deal


Pentagon Cloud Deal

Illustration by POGO.


In a few months, the Department of Defense (DoD) will pick a company to build a cloud computing system for the U.S. military.

The prize is a two-year contract that could end up being extended for a full decade and be worth billions of dollars. The winner could also obtain a virtual monopoly over the federal cloud-computing market for the foreseeable future.”

“The odds-on favorite to win the Joint Enterprise Defense Infrastructure (JEDI) contract is Amazon Web Services, which currently manages a $600 million cloud system for the intelligence agencies and, through its network of “partners,” already has a stake in other federal cloud projects. Amazon’s dominant market position and past experience hosting sensitive government data give it a solid advantage over its primary competitors—Leidos, General Dynamics, Oracle, Microsoft, IBM, and Google. Despite pleas from these companies, who fear Amazon may have the inside track, DoD will not waiver from its plan to award JEDI as a winner-take-all, single-vendor contract.

Amazon is no longer an upstart online bookseller from Seattle. The company has taken its place among the federal government’s contracting heavyweights, employing the traditional methods of Washington influence in its quest to land the JEDI contract.

Amazon’s political action committee has given over $1 million in campaign donations to federal candidates in the past two election cycles, doling out the money to both parties in nearly equal shares. The company has spent over $37 million on lobbying since 2015, getting face time with Members of Congress and officials in the executive departments on matters involving cloud computing and myriad other issues. Those efforts appear to have paid off last year with the passage of the so-called “Amazon amendment,” a provision tucked into the defense authorization bill that will establish a program facilitating government purchasing through e-commerce portals like Amazon.com.

Amazon has also been taking advantage of the revolving door, hiring its share of former government officials. According to the watchdog group Center for Responsive Politics, 59 of Amazon’s 90 lobbyists (not all of whom worked, or are working, on cloud or IT issues) are “revolvers” who had previously worked for the federal government. Scott Renda, who oversaw an Office of Management and Budget (OMB) cloud computing initiative during his tenure in the Obama Administration, joined Amazon Web Services in 2014. Former Obama White House press secretary Jay Carney became Amazon’s senior vice president for global corporate affairs in 2015. Former U.S. Chief Acquisition Officer Anne Rung left the White House in 2016 to lead the government affairs division of Amazon Business. Rung spent two years as the leader of OMB’s Office of Federal Procurement Policy, which plays a central role in shaping how the government purchases goods and services.

From the other end of Pennsylvania Avenue, the company enlisted the lobbying services of former Senators John Breaux (D-LA) and Trent Lott (R-MS) and former Congressional staffer Rich Beutel. Beutel, the former lead staff member of the House Oversight and Government Reform Committee, was once described as “a player at the forefront of cyber [and] contracting.” Between 2015 and March 2018, Beutel represented Amazon Web Services before Congress and the White House on a range of issues, including cloud acquisition and deployment. Amazon Web Services was also a clientof Sally Donnelly, a well-connected political consultant who recently served as a senior adviser to Secretary of Defense James Mattis and was a consultant on the Defense Business Board, a DoD advisory panel of private-sector executives.

Pentagon Metro Amazon AWS Ad

Amazon placed targeted advertisements for its cloud service in Washington, DC’s Pentagon metro station ahead of the Department of Defense awarding the JEDI contract. (Photo: POGO)

For added measure, Amazon is making its presence known on local magazine coversand on the walls and floors of the Washington Metro. This public relations blitz may actually be targeting two audiences: the DoD officials who will choose the winner of the JEDI contract, and local politicians in DC and the neighboring suburbs in Maryland and Virginia hoping to be chosen as the site of the company’s second corporate headquarters.

Pentagon Metro Amazon AWS Ads

Amazon placed targeted advertisements for its cloud service in Washington, DC’s Pentagon metro station ahead of the Department of Defense awarding the JEDI contract. (Photo: POGO)

However, victory for Amazon is not a foregone conclusion. The competing tech and defense heavyweights also know how to play the influence game. Most of the companies—particularly General Dynamics and Google—are keeping pace with Amazon’s level of spending on elections and lobbyists. The revolving door spins just as rapidly at Amazon’s competitors: more than three-quarters of Microsoft’s 90 lobbyists previously worked in the federal government, while the board of directors of Leidos currently boasts former senior Pentagon officials Gregory Dahlberg and Frank Kendall. The revolving door took a big turn in the other direction last year at General Dynamics when James Mattis left the company’s board to become Secretary of Defense.

Meanwhile, former Google CEO Eric Schmidt, Google vice president Milo Medin, and Microsoft board member Reid Hoffman serve on the Defense Innovation Board, where they advise DoD on technology and acquisition matters. Oracle CEO Safra Catz was a member of the Trump transition team. She recently got a chance to discuss the JEDI competition at a private dinner with President Trump, who has made no secret of his animosity toward Amazon. Perhaps Catz or someone else at the dinner mentioned that she and four other Oracle executives made a total of nearly $35,000 in campaign donations to one of the President’s staunchest supporters in Congress: House Intelligence Committee Chairman Devin Nunes (R-CA). Oracle is reportedly leading a campaign with other tech companies to “unseat Amazon as the front-runner” for the JEDI contract.

DoD will award the JEDI contract in late September. For the next few months, Amazon and its competitors will flood the Washington area with lobbyists, campaign donations, attractive job offers, and eye-catching advertisements. The millions they spend now could pay off in the billions later.

In the meantime, we need to ask two important questions. First, is it a good idea to award the contract to a single vendor? The DoD reasons that scattering data across multiple cloud systems would inhibit the ability to access and analyze critical data, and that it has “multiple mechanisms” in place to prevent a monopoly. However, tech and federal procurement experts dispute the government’s justifications for making JEDI a single-award contract.

Second, should the government do more to develop an in-house capability to run a cloud system? The DoD will likely pay significantly more for a contractor to operate and manage the system, over which the contractor will retain exclusive ownership rights. Ten years is an uncomfortably long period of time to entrust such a vital function to one private company.”


How To Break Into the CIA’s Cloud on Amazon




“Last year, Amazon Web Services surprised a lot of people in Washington by beating out IBM for a $600 million contract to provide cloud services and data storage to the CIA and the broader intelligence community.

Amazon, in essence, has turned itself into the most valuable data target on the planet. The cloud is completely separate from the rest of the Internet and heavy duty encryption is keeping the spies’ secrets relatively safe from outsiders — but what about an attack from within?

In 2010, Army PFC Bradley — now Chelsea — Manning explained how she stole millions of classified and unclassified government documents: “Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis.” She “listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history.”

So if you wanted to pull off a similar feat at Amazon, how would you do it?

First, get a job at Amazon’s Commercial Cloud Service or C2S, sometimes called the “spook cloud.” According to thishelp-wanted ad, applicants must pass a single-scope background investigation—in essence, the kind of detailed 10-year background check required for a Top Secret security clearance. Of course, to a savvy spy or informant, obtaining top-secret clearance is not the barrier it once was.

Amazon keeps the C2S cloud, built specifically for the intelligence community, separate from the rest of its business and unconnected to the Internet. To access it, you’ll need a terminal on the Joint Worldwide Intelligence Communication System, or JWICS, which you would find only in a special room called a Sensitive Compartmented Information Facility. SCIFs are rooms, or even whole buildings, that are built to be impervious to outside signals intelligence collection. There’s no way to transmit data in or out except by the designated terminals. SCIFs add a layer of physical security from external threats and even a bit of protection for internal attacks, since they are in secure locations under surveillance. SCIFs abound in Washington and elsewhere; defense contractors routinely rent them. But there’s no logging in from, say, China.

(RelatedHow the CIA Partnered With Amazon and Changed Intelligence)

Once hired, awarded top-secret clearance, and given access to a SCIF on the JWICS network, you’ll need to navigate a variety of controls that intelligence agencies have put in place. (As Manning and then Edward Snowden showed, that’s not impossible.) You’ll also have to get past internal security features at AWS in order to get closer to stealing the intelligence community’s data.

Here’s where things get tricky, very much so.

Just as AWS encrypts all customer data in its widely used Elastic Compute Cloud environment, it does the same for C2S. “Our people don’t have direct access to customer data,” said Mark Ryland, AWS’ chief solutions architect for the worldwide public sector team.

“There are a whole set of strong controls in place to prevent that. And we always recommend that they encrypt sensitive data with features like AWS Cloud Hardware Security Module or AWS Key Management Service,” an AWS spokesperson later added in an email.

That’s a step or two above what’s become common practice for the government. Remember, one of the most important, even scandalous, details in the OPM hack is that the government stored its data unencrypted—naked, visible and vulnerable to anyone with access to the system.

Of course, data that’s encrypted can be unencrypted. This is accomplished via the exchange of what are called keys. For most decryption, you need two: a public key and a private key. It’s the private key that allows a particular person to decrypt a message.

Could you, as an AWS employee, get your hands on the NSA’s keys? To attempt it, you would need to find a co-conspirator at your own level in the company. “Even normal administrative access requires two employees, jointly, do certain operations,” Ryland said. AWS instituted this precaution years ago; the intelligence community only recently began to follow suit. Ryland said the number of administrators with access to the root keys is in the “tens.”

Perhaps you could steal an administrator password to gain access, as Edward Snowden is alleged to have done. (He denies it.) That alone won’t be enough. For sensitive operations such as accessing the key management system,AWS requires multi-factor authentication — for example, typing in the rapidly changing code on a physical device the size of a key fob. Both you and the co-conspirator will need such a device, provided by AWS, to show that you are who claim to be. You’ll also both need the correct password.

(RelatedThe NSA’s New Spy Facilities are 7 Times Bigger Than the Pentagon)

So, to review: to get at the root keys to unlock the CIA’s data, you would need two people, both with top-secret-level clearance. Assuming that the target has opted for the highest level of security that AWS provides, both of the insiders would have to have a separate multi-factor authentication device. They would have to go to a secure facility and log into the key management system to change the keys. The company also maintains that there are other features that prevent this that they can’t describe publically.

Risky? Yes. Guaranteed effective? Nope. The root key option is only possible when the customer purchases that particular key management solution. AWS also allows their customers to upload their own private keys, which AWS employees themselves can’t see. “If you upload your own public key, we actually can’t log in as an administrator of your operating systems,” said Ryland.

Ryland wouldn’t speak specifically about the service packages purchased by his customers in the intelligence community, or many of the special security features available to them that are different from what AWS provides to general customers, (which was all he was really authorized to speak on). But after all that preparation, there’s a chance that there aren’t even root keys to steal.

Your next best target is the virtual compute environment, where the customer is dealing with the data directly, when it’s not encrypted. That data is accessible via a software layer called the hypervisor, software that allows different operating systems to use cloud services in roughly the same way. When you go to the AWS’s cloud, the system creates a small, virtual version of your machine in the cloud environment. The hypervisor is what manages all those virtual machines. (AWS uses Xen hypervisor software, as does its nearest competitor, Rackspace.)

Ryland was careful to say that he doesn’t consider interactive access to the hypervisor to be a “vulnerability,” per se, so much as “the one arguably weakest link, one that is super tightly controlled.” Could someone log into the hypervisor to see and copy AWS customer data? “It’s theoretically possible,” he said.

But he added that any AWS employee accessing the hypervisor interactively would do so “only under very controlled circumstances and at customer request, will we ever log into the dom0 of a hypervisor,” he says. AWS later added that the request would have to be “legally binding.”

The dom0 stands for the domain zero. The hypervisor essentially creates it for administrative purposes. Since dom0 is the domain that creates all the subsequent domains, it’s the virtual machine that supervisors all the other ones. Access to the dom0 at AWS requires director-level authorization from security officials in the company, and is accessed “only when absolutely required,” says Ryland.

So you would somehow need to get director-level authorization in order to do anything involving a hypervisor. Furthermore, once that authorization has been given and the AWS employee logs in, you’ll be working in a virtual environment loaded with booby traps, one that “basically logs every single operation that you carry out and alarms on certain types of operations,” says Ryland. “It’s all metered, alarmed, and it’s got tons of … metrics about behavior.” A would-be Snowden or Manning attempting to download a trove of NSA data onto a flash drive from the hypervisor would be trying to do it while internal alarms were going off.

Bottom line, you would have to perform this mission as the world is learning about your crime in real time, not months later on the front page of the Guardian. It wouldn’t be so much a burglary as a brazen heist.

Hope you have a good pair of running shoes.”


Undeletable Phone Tracking IDs – Your Calling Habits and Corporate Data Profits




“AT&T says it has stopped its controversial practice of adding a hidden, undeletable tracking number to its mobile customers’ Internet activity.

“It has been phased off our network,” said Emily J. Edmonds, an AT&T spokeswoman.

The move comes after AT&T and Verizon received a slew of critical news coverage for inserting tracking numbers into their subscribers’ Internet activity, even after users opted out. Last month, ProPublica reported that Twitter’s mobile advertising unit was enabling its clients to use the Verizon identifier. The tracking numbers can be used by sites to build a dossier about a person’s behavior on mobile devices – including which apps they use, what sites they visit and for how long.

The controversial type of tracking is used to monitor users’ behavior on their mobile devices where traditional tracking cookies are not as effective. The way it works is that a telecommunications carrier inserts a uniquely identifying number into all the Web traffic that transmits from a users’ phone.

AT&T said it used the tracking numbers as part of a test, which it has now completed.

Edmonds said AT&T may still launch a program to sell data collected by its tracking number, but that if and when it does, “customers will be able to opt out of the ad program and not have the numeric code inserted on their device.”

A Verizon spokeswoman says its tracking program is still continuing, but added “as with any program, we’re constantly evaluating.”

Verizon uses the tracking number to identify the users’ behavior and offer advertisers insights about users gleaned from that data. Verizon says the data it sells is not tied to a users’ identity. “None of the data that is used in the program is personally-identifiable,” the company said when it updated its privacy policy in 2012.

Verizon offers its customers an opportunity to opt out of the program. But opting out doesn’t remove the tracking ID.”

Photo Credit:  “Securitycameraking”