Some of Your Favorite Retail Sites May Be Giving Your Data to the Government

By , dealnews contributor

As a consumer, you may feel comfortable with sharing some of your personal information with a retailer like Amazon, but do you know if that site is then sharing it with a third party, like the government?

The fabulous-yet-disturbing documentary, Terms and Conditions May Apply (recently screened at the Newport Beach Film Festival) explores this very concern as it highlights the resistance of some websites to safeguard our personal information. Much of the movie's wallop comes courtesy of interviews at the Electronic Frontier Foundation, a non-profit that fights for free speech, privacy, innovation, and consumer rights on the internet.

Latching onto the momentum of the movie, the EFF released its annual "Who Has Your Back?" report last week, which offers an in-depth look at the digital companies that protect your data from the government — and its findings may surprise you. Looking at the privacy policies of ISPs, email providers, cloud storage providers, social networking sites, and more, it's become clear that the "policies adopted by these corporations will have deep and lasting ramifications" on online consumer behavior.

Online Retailers and Social Media Outlets Ensure Some Privacy

In the 2013 report, the EFF examined 18 popular digital companies and services, including Dropbox, Microsoft, Amazon, Comcast, and Google. Each company was evaluated in six different categories and graded with a star, or the lack of one. The EFF wanted to know whether these outlets told users about government data requests, required warrants for content, or fought for users' privacy rights in courts, among other factors.

It may be shocking to learn that giants such as Amazon, Apple, AT&T, and Verizon do virtually nothing to keep your information from federal prying and spying. In fact, Verizon happens to be the only company that makes no efforts whatsoever to safeguard data, the EFF report finds. Apple and AT&T only fight for privacy rights in Congress, and do nothing else. Yahoo — the other 1-star company in the report — only fights for users' privacy rights in courts. Faring slightly better than the others, Amazon commits to fighting for privacy rights in court and Congress, but doesn't include transparency of any kind for the consumer, and it doesn't force the government to acquire a warrant before accessing its users' data.

As far as security via social media and search engines go, the EFF found that consumers' privacy mostly depends on the outlet. Twitter and received six out of six stars for their protections; Google earned five stars out of six, and Facebook three, but the aforementioned Terms and Conditions documentary shows how these "free" services know much more about us than we might think — and can hold onto that information indefinitely.

When "Secure" Doesn't Mean "Private"

Many shoppers tend to think of "sensitive information" as pertaining only to the financial data that they divulge during a transaction, but it can encompass all of your activity and personal data. Over time, and especially since the Patriot Act of 2001, many websites have rewritten their terms and conditions to make it easier for them to legally hand over this information to the government when it requests it. With such access, the government can now "spy" on citizens more stealthily, simply by following the data trail.

For example, Amazon has in its possession a wealth of data about its customers, especially those who use its increasingly convenient and robust cloud services. Noting that there's "plenty of room for improvement," the EFF says that though Amazon holds large quantities of information, it "does not promise to inform users when their data is sought by the government, produce annual transparency reports, or publish a law enforcement guide."

The EFF report brings up a salient caution that will never disappear: Consumers can't be too safe with their information in a non-secure environment. But despite consumer favorites like Amazon and Apple having scored relatively low in this year's EFF's investigation, there is a growing trend towards transparency and protecting consumer privacy in the digital age.

Lou Carlozo is a dealnews contributing writer. He covers personal finance for Reuters Wealth. Prior to that he was the managing editor of, and a veteran columnist at the Chicago Tribune.

Follow @dealnews on Twitter for the latest roundups, price trend info, and stories. You can also sign up for an email alert for all dealnews features.

DealNews may be compensated by companies mentioned in this article. Please note that, although prices sometimes fluctuate or expire unexpectedly, all products and deals mentioned in this feature were available at the lowest total price we could find at the time of publication (unless otherwise specified).


Leave a comment!

or Register
Amazon—and even Google—can "do no evil", even if access to personal data is demanded. Two methods achieve this:
1. Apply homomorphic encryption to data storage. A tool kit was released this week by IBM and Craig Gentry, the individual who refining it beyond academic theory.
With HE, data remains encrypted, even as it is processed. In theory, since data is never decrypted, it is always secure. But HE does not restrict the processes applied and it does not prevent cloud services from complying with gov requests, since they have the keys. It doesn't even give plausible deniability to the vendor.
2. Use Blind Signaling and Response. Unlike homomorphic encryption, BSR, decrypts data during brief periods of processing. But each process uses a temporary, self-expiring key under direct control of the user/owner. Data is utter gibberish for all process and purposes other than the original objective (whatever value exchange agreed to by the data originator).
Philip Raymond, Marlborough MA
The website for this documentary has an interesting set of terms and conditions themselves