The feds & your Amazon records

December 4, 2007 at 9:36 pm 6 comments

When should US law enforcement authorities (the feds) get access to your details and records at Amazon? Not exactly a rhetorical question given that Amazon is asked several times a year to hand over customer records.

If your answer is “Never, it is none of their business” then that’s probably not correct, especially in a post-9/11 world. In any case, it is widely acknowledged that the right to privacy is not absolute, e.g. in preventing crime or terrorism.

Note that the question was “when”, not “if”. In the US, the feds have access to personal information for their investigations if there is:

(a) a compelling need and close nexus, or

(b) the records may be relevant to the investigation.

While (a) is the norm, clearly (b) presents a very low threshold for the feds to access your records. That explains why they tend to try to find ways to argue that (b) should apply or that some laws, such as the USA Patriot Act, specifically allow for (b).

What happens when the feds get your records under (b)? In most cases, the records turn out to be not relevant but, hey, once they’ve got them, why not just add it to their huge databases so that they can mine it again and again without going through the bother again?

A recent case when Amazon took on the feds is interesting and relevant although it does not carry the same weight as judgements by more senior courts. As The Register reports, “Amazon refused to reveal individual names [but did give email addresses], citing the buyers’ First Amendment right to privacy. The grand jury thought this was silly, and as it continued to push for at least some of the names, the asked US Magistrate Judge Stephen Crocker for protection.”

Recently unsealed court documents (PDF) show that the Judge agreed and the feds, now finding that they no longer needed the information, withdrew.

According to the court documents, the judge used some colourful language. My favourite is, “The subpoena is troubling because it permits the government to peek into the reading habits of specific individuals without their prior knowledge or permission… it is an unsettling and un-American scenario to envision federal agents nosing through the reading lists of law-abiding citizens while hunting for evidence against somebody else.”

“If word were to spread over the Net – and it would – that the FBI and the IRS had demanded and received Amazon’s list of customers and their personal purchases,” he continued, “the chilling effect on expressive e-commerce would frost keyboards across America.”

What about outside America? The impact would be as much, if not more, as the First Amendment would not apply.

For many non-US users of online services- be they ecommerce sites, SaaS providers, or search engines- this aspect of US law is often overlooked. Think about the online services you use and consider which ones store your data in the US.

In all those cases, US law applies and the feds can get your details and records without your knowledge. The only question is whether it will be via (a) or (b).

Data location does indeed matter.


Entry filed under: government, network, personal_info, privacy, trust, USA, Web_2.0.

NZ: CardSpace – SAML interop Et tu, Passport Canada?

6 Comments Add your own

  • 1. The feds & your Amazon records  |  December 5, 2007 at 1:27 am

    […] Original post by Identity and Privacy Blog […]

  • 2. Odale  |  December 5, 2007 at 3:18 am

    Thank God for blog info!! Even the big media conglomerates recognize the service provided by bloggers and yours is one of the ones so necessary! Thanks for the awareness.

  • 3. extrapreneur  |  December 5, 2007 at 6:15 am

    funny name to call your blog, as it’s not private, anyone could come in.

    check out my blog at

  • 4. Granted Privacy vs Real Privacy « Identity Blogger  |  December 5, 2007 at 9:23 am

    […] to look into your window. Real privacy is when you buy curtains. That’s a good way of looking at this excellent post by Vikram Kumar about the privacy of Amazon purchases. Amazon, like most large […]

  • 5. Vikram  |  December 5, 2007 at 7:37 pm

    Odale, thanks for the comments. Writing a blog can be hard work and comments such as yours keeps me going.

    Extrapreneur, while a public blog about privacy might seem a contradiction in terms, it does allow for a wide discussion.

    I checked out your blog, pretty cool. Good to see you’re back in business!

    Must confess I’m not a Top Gear fan so didn’t know what your reference to The Stig meant. Wikipedia quickly put me right. Thanks for that!

  • […] question given that Amazon is asked several times a year to hand over customer records. … Identity and Privacy Blog […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter


%d bloggers like this: