Amazon Brings on Former NSA Overseer to Do, Uh, Something

Illustration for article titled Amazon Brings on Former NSA Overseer to Do, Uh, Something
Image: Michael Kovac (Getty Images)

Amazon has appointed former National Security Agency director Gen. Keith Alexander to its board, the company disclosed in SEC filings released yesterday. There are no reasons anyone could find this alarming.

Advertisement

Alexander headed the incarnation of NSA that— as classified documents leaked by Edward Snowden revealed—engaged in rampant surveillance of citizens’ private phone records, email information, and internet activity. You know, clandestine domestic spying. The illegal kind.

“It turns out ‘Hey Alexa’ is short for ‘Hey Keith Alexander,’” Snowden quipped in a tweet last night.

Advertisement

While Alexander may not wield the NSA’s power any more, there are reasons to be concerned that a former spymaster is getting into bed with a company that controls enormous swaths of internet infrastructure. The analytics surveyor W3Techs estimates that Amazon Web Services is used to host roughly 6% of all websites, and by conservative estimates, a 33% share of the cloud market in total, well ahead of Microsoft Azure or Google Cloud.

Among Amazon’s many web hosting customers are household names, including Netflix, Facebook, Twitter, Reddit, and Spotify. The service is so ubiquitous that, when Dhruv Mehrotra, who conducts data investigations for Gizmodo, made a plugin to block connections to Amazon machines, it made the internet as a whole “pretty unusable.”

It’s not just Amazon’s scale that’s concerning, but the company’s intentions. Amazon has actively constructed neighborhood surveillance networks via its Ring doorbells, feeding footage to police departments throughout the US. Alexa doesn’t just listen for commands but keeps recordings, sometimes when it hasn’t been summoned. None of this even begins to touch the troves of data Amazon has at its disposal via its online advertising arm, or directly from customer browsing and spending patterns.

Bezos has also been happy to cozy up to government (and especially military) interests, even as other tech giants performatively shy away—chief among them the $10 billion Pentagon deal for cloud computing services which Amazon lost out on to Microsoft last year. Jeff Bezos wants that deal and is still battling over it, complaining that Trump’s personal grudge against him tilted the decision. (Oracle has also been fighting for it up until early this month.) It’s not clear if Amazon believes Alexander’s connections—either the ones he maintained from his NSA days or through the cybersecurity company IronNet he founded in 2014, which claims works closely with the defense and fossil fuel industries—might give the company a leg-up in obtaining this lucrative contract.

Advertisement

However, Amazon stressed in an email to Gizmodo that the company will be following strict conflict of interest rules for government contracting, implying, I guess, that he won’t be involved in any of the above.

Amazon went on to say that they selected Alexander for his experience in a top-level military position in charge of security, but Amazon’s pretty unclear on how exactly he’ll apply that expertise. While, yes, Alexander certainly does have what we might call unique experience in the realm of cyber security, Amazon also told CNBC that Alexander won’t play a role in managing Amazon Web Services. So, what exactly is this guy’s job? Maybe they’re just being nice and including him in their company. Probably nothing to worry about.

Advertisement

Staff reporter, Gizmodo. wkimball @ gizmodo

Share This Story

Get our newsletter

DISCUSSION

Oddly enough, if I were Bezos, I’d hire this guy to create a practical implementation of holistic identity as the next iteration of AI/ML based security.

If the surveillance state, biometrics, and Skynet had a baby, it’d be holistic identity. The more academic pieces of the infosec community have been kicking around this idea for a while and it’s mostly been intellectual masturbation - but it’s becoming very doable.  Basically, there’s multiple channels to holistic identity. It’s mundane things like you use today such as your social security number, your credit footprint, passwords, etc. Then you add emerging stuff like biometrics - voice patterns, fingerprints, etc. But you also add things like your online patterns. i.e. the way you use Facebook such that Facebook knows it’s you. But across multiple big platforms. Your spending habits with your bank (all of which are already surveilled and mined for abnormalities). You’d also add in camera footage and health metrics. Basically, the sum of your digital self becomes the way we identify you - and a machine decides what’s “you” from the whole of those patterns.

This guy would be a huge asset in making this a reality and while it sounds super scary, something as simple as unlocking your phone with your face was considered out of bounds 5 years ago. Now it’s just what we do. Humans can normalize anything.  I’ll be interested to see where this goes.