But it's still amazon, the left hand doesn't get a free pass because the right hand pulled the trigger. Amazon has shown willingness to utilise privileged information in the past why wouldn't they go snooping around?
Because if Amazon retail, which sells stuff, is looking at sales in their channel, well, that's sneaky but the entire retail world is sneaky.
If Amazon AWS is caught snooping at private AWS data, which contains HIPPA-compliant health info, financial records, government data, and some of the most sensitive data imaginable ... then they are toasty-toast.
I think the same thing would apply to Google. GCloud is different than Search etc. if that firewall breaks down that business will crash.
Amazon snooped on Netflix, and built a direct competitor. They’ve done similar to smaller *aaS firms.
In those cases they mostly looked at traffic volume, etc., not private customer data, but I don’t have any insight into which ethical lines they will and will not cross.
AWS wouldn’t have to go digging through private buckets and servers to gain valuable information on a potential competitor. They can determine how fast a company is growing and what services they rely on based off billing data and bandwidth usage alone.
Why? Says who? Who or what would make them 'toasty-toast'? The toothless regulators? Feckless IT managers who make purchasing decisions? Impoent developers whining on hacker news?
> if that firewall breaks down that business will crash.
Not sure why you're so confident about this.
a) GCloud is a distant 3rd place competitor in the cloud market anyway.
b) Google's real business is ads, and at some point the numbers might make sense to decide it's worth cannibalizing their dying cloud. (Especially if they're going to pull the plug anyway?)
c) None of the other data scandals has even slightly dented big tech.
Well, for starters they wouldn't be able to claim HIPAA or PCI-DSS compliance anymore. Anyone dealing with health information of Americans would expose themselves to criminal charges if they ever use AWS again. Though it's a private sector response, Visa/MasterCard/etc would also push anyone dealing with credit card numbers off of AWS.
At least PCI-DSS certification (I don't know about HIPAA) further involves annual audits to make sure that certain proactive things are being done as well, specifically including things like data access logs. Those audits aren't as comprehensive as they ought to be, but they'd catch something egregious like marketing people looking into data owned by AWS customers.
I'm pretty sure (though much less than the above) that this would also be a de facto GDPR violation, meaning that nobody who wants to do business in Europe could safely use AWS anymore either. Amazon itself uses AWS and wants to do business in Europe, so that's a pretty good incentive.
Many years ago, I went through a PCI-DSS compliance "audit" at a previous company. The audit was carried out by some third party whose job it is to sign off on those things.
We had to deliberately downgrade certain software to "approved" older versions and temporarily close some ports while they ran their scanning utility on our servers. After they rubber-stamped it, we re-upgraded and enabled whatever we needed to run again.
They certainly would not have been able to detect if data center technicians (this was pre-cloud) were accessing our data behind our back. Maybe some companies take the PCI certification process more seriously than my previous employer did.
They would be 'toasty-toast' foremost, because thousands of customers would sue them to pass the liability buck.
Second, because IT managers and executives would freak out everywhere, with legit cause. Nobody on the planet running an SaaS would want AWS to be using their data.
Third, it's probably illegal, so there's that.
Finally, the PR fallout would be huge.
If Blue Shield had a major client leak of HIPPA info, and it was because 'AWS staff were looking at it' it would be a big deal for AWS. They would have to prove to everyone that it was just a few bad apples etc..
Most of the other scandals have not dented tech because they are not really scandals. If FB has a breach and some consumer email addresses get leaked ... well that's not so bad. If AWS is looking at BestBuy AWS data, then BestBuy will sue and drop them, and others will follow suit.
>"Second, because IT managers and executives would freak out everywhere"
Remember when we though that whoever is in charge would be Toasty-toast it it turned out that Government was spying on innocent people without due process?
Or if an aircraft company knowingly produced unsafe aircraft and killed 300 people as a result?
For the past 10 years I have seen countless corporate or breaches and fuckups, and one thing they have in common, there seem to be no consequences for those in power
It's not 'we' thought the government would be in trouble if they were caught spying, it's 'some' people. Most people have more nuanced views. Especially in areas of national security most people accept some degree of oversight, so the issue then becomes a matter of details. What was the oversight? What are the material repercussions? Who is harmed? How? All of those things add up in complicated ways among the general population.
The Boeing issue is also complicated. These are not black and white decisions, and just because there was an Engineer 'who said something was wrong' doesn't always help, because there's always a person of credibility that disagrees with systems, many of them are safe. Boeing has paid a huge price for their screw up, with grounded fleets, cancelled purchases.
When Facebook does bad stuff - remember that consumers greatest power is the choice to not use Facebook. So either people continue to use it - or not. Apparently they are, so that's a measure of their real concern for their data given the breaches.
If HIPPA information was looked at by AWS, then there would be lawsuits immediately for example, there would be an investigation and if it was 'just a guy' then I think AWS would be ok, but there would be a lot of scrutiny.
But if there was a whistle-blower at AWS who said 'people are looking at sensitive data all the time' then it would be over for them. While individual consumers may not collectively have any real power to do serious damage, big companies do.
Put yourself in the shoes of an Exec running on AWS infrastructure: all of your most sensitive data leaked, possibly to potential competitors? So the issue is raised far beyond IT personnel etc..
Just like you'd ground your Boeing jets if there were a safety issue, you'd probably move away from AWS.
If they want utility levels of trust they should get nationalized.