Who would have seen that coming?
I am shocked, I tell you. schocked. Actively shocked, extending my thoughts and prayers and stuff. Amazon will surely implement strong, proactive... somethings in order to never get caught again.
America's Federal Trade Commission has made Amazon a case study for every cautionary tale about how sloppily designed internet-of-things devices and associated services represent a risk to privacy – and made the cost of those actions, as alleged, a mere $30.8 million. The regulator on Wednesday charged, via the US Dept of …
On the evidence of this case, they will do the bare minimum to prevent a repeat of *exactly* what just happened, rather than stepping back and asking themselves how they ought to be handling this. I'm not sure what the legal definition of negligence is, but this certainly fits my definition.
(The case file had several incidents, over several years.)
> they will do the bare minimum to prevent a repeat
I admire your wide-eyed optimism... They will do nothing at all, because doing anything costs money, and it has worked just fine like this for so many years, one can assume it will keep working for the coming years too. At least until the next earnings statement (and the subsequent boni).
The attitude of most 'Big Tech' companies seems to be that if the profit in doing it is greater than the fines if they get hauled up for it, then they'll do it.
The most effective way to change this would be to make the directors personally responsible, with imprisonment being a possibility - the attitude would soon change then!
Didnt Stalin say kill one person and you are murder, kill a million and your a hero or something like that.
Anybody doing a single example of what these devices have done in a real life would be charged and locked up for a long time, but these heroes of industry do it a million times and absolutely nothing happens.
... attitude of most 'Big Tech' companies seems to be that if the profit in doing it is greater than the fines if they get hauled up for it, then they'll do it.
Tech companies, big/medium/small (everywhere) have always known that regulating bodies are toothless, basically because they were designed that way.
In the US, corporations being awarded personal rights made things much worse.
https://www.npr.org/2010/01/21/122805666/supreme-court-rips-up-campaign-finance-laws
As a result, any and all fines they may eventually be slapped with end up being bad joke, nothing but a small part of their cost of doing business.
So don't expect anything much from them. ie: regulators or companies.
The only way to get anything done it to apply fines in relation to their gross income (pre-tax/profits), like 25% or so and extend full penal responsibility of whatever went down to the board.
30 million for Amazon is a very small portion of a very small drop in their cash bucket.
But ... How about 3 billion?
That would get everyone's attention, from shareholders to CEO down to the pointy haired assholes in charge of whatever should have been done but wasn't.
Many years ago, a well known political actor from mid century Latin America once said something roughly akin to this:
A man's most sensitive appendage is his pocket.
Undoubtedly true.
.
I think far more effective would be a a phone call to a real life Saul Goodman, and a class action.
The findings of the commission have already done most of the legwork, it's just a case of identifying who was affected and waiving the potential of a life changing cheque in front of them.
The compensation payout just might see Amazon so beggared it will have no choice but to learn a very very expensive lesson.
If you have shares in that diabolical company, I'd sell now before it gets left with nothing but a pair of boxer shorts to cover its embarrassing cock-up.
"The findings of the commission have already done most of the legwork, it's just a case of identifying who was affected and waiving the potential of a life changing cheque in front of them."
There's not going to be any finding of who was affected to any great extent as they had no security that would have logged that. I think that most people here expected this was going on from day one given all of the evidence dribbling out from time to time. Just on a preponderance of the technology, it was prime for abuse and the hoards of idiots that self-installed the hardware to spy on themselves shouldn't see a dime in recompense.
There's would be no way to adequately repay the people in any case. For one, the lawyers are going to collect the vast majority of any money that's earmarked for victims (self-inflicted for the most part). This is why I advocate crippling fines to the company as a punitive measure to make other companies take notice. Megacorps can wind up doing more damage than can ever be paid back through their negligence and ones that show the level of greed to do such a thing need to go away. A fine of tens of millions assessed against Amazon is likely one day of returned merchandise pallet sales. They pay more than that monthly for HVAC in their buildings.
Step forward EU (and UK) GDPR and also Californian CCPA.
Do what you are supposed to, and fine %tges of global turnover- not the pissy amounts mentioned here. Some of the £$€bn’s scale Meta have been betting stuck at that sort of scale to incentivise change.
If not, fine them again. Double. Repeat.
"The attitude of most 'Big Tech' companies seems to be that if the profit in doing it is greater than the fines if they get hauled up for it, then they'll do it."
It's not just "Big Tech". It's everyone, in every industry. And we don't need fictional "Sauls". There are and have been real people fighting against $BigCorp and some have even won. There was even a Hollywood trope in the late 70's, early 80's of horror films with pollution mutated creature terrorising the locals, usually related to corporate discharge of mercury and or other toxic heavy metals into the ground water, something that is STILL going on.
One of the previous Presidents big "shout outs" was rolling back the powers of the EPA and reducing the hurdles to more coal mining and Alaskan oil drilling with fewer anti-pollutions measures. Regulation can be good, but the general populace has been brain-washed into thinking ALL regulation is bad because "muh freedumb!!!". Although we don't see many protests against regulated voltages supplied to homes and industry, or the regulations surrounding gas quality, octane rating and delivery methods to and at the pump.
Possibly the most shocking quote in the article is the one at the end where Amazon say "We did nothing wrong.".
I therefore expect more such cases in future and hope that consumers move away from what is clearly a broken implementation of this product concept.
> I therefore expect more such cases in future
Without doubt.
> and hope that consumers move away from what is clearly a broken implementation of this product concept.
Swing and a miss. "Security? I can answer the door without getting off my arse."
How're you going to win against that?
"Yes, quite - the driving concept behind most of this smart shit: people not wanting to get off their arse to do even the simplest of thngs."
Funny you should write "driving". The majority of new cars are being laden with solenoids, motors and actuators to do the simplest of things. When they go wrong, the whole car is borked. See Samcrac's repair on YouTube of a BMW SUV where the thing was totaled for what started with a kinked drain tube from the sunroof. It's a great example of how tying everything together into one network (CAN in this case) can make things unrepairable.
"It's a great example of how tying everything together into one network (CAN in this case) can make things unrepairable."
Yes, the happy goal of car makers everywhere - 100 grand for an exonobox, must be replaced with a new one when a 3 cent part fails.
And not thinking anything about what happens if their trust is taken advantage of. "Why no, they're making me secure from common criminals!!!"
But we've always prosecuted those who prey on the less educated, the less informed, the vulnerable. As we should. But in a case like this, the company gets to write off the fine against their income.
Possibly the most shocking quote in the article is the one at the end where Amazon say "We did nothing wrong.".
Yes.
I was at least expecting the usual "our customer's privacy is our top priority" statement. We all know that nobody ever means that when they say it, but I thought they'd at least go through the formality.
This is about all you can expect from any large US corporation.
Dupont dumping PFOAs, Love Canal (that sounds really rude) in NY, Monsanto's radioactive landfill in Soda Springs, the town where they sprayed the dirt roads with highly contaminated waste oil (I forget the name)... the list is endless. And the excuse is always 'we did nothing wrong' because 'there is no specific law saying we can't do it' or 'we thought it was safe'.
And in the US the govt seems very reluctant to enforce what laws they do have (probably due to being given large donations by said companies) and for an individual getting anything via the courts is horrifically expensive due to the way they work.
"This is about all you can expect from any large US corporation."
There's no need to add "US". It's all large corporations. One of the tropes in the Mars trilogy by Kim Stanley Robinson is the narrative about how mult-national companies became mega-national corporations that took over entire small countries as a flag of convenience while at the same time became free floating collections of capital that could rival the GDP of many more countries to the point where the execs wielded more power than any potentate in history. They were also not subject to any law but their own. I see hints of this now. These companies and their execs aren't being reigned in as they deliver not only campaign cash, but exposure through the company's media assets to the politicians that will play ball. In another decade or two it might be impossible to put an end to the arrangement.
I can't say of my own knowledge that US elections have been dirty, but they do have that appearance. To me, elections in a democratic society not only need to be proper, they need to be seen as transparent and free of corruption. Faith in the system can be the far more important component.
Most of the truly huge corporations are of US origin. The exception being some oil companies and a few remaining mineral companies. Polluting your own back yard does seem to happen more often in the US. I know someone will say China or Russia do worse but they overtly don't give a shit about their people. The US is supposed to be the land of the free and other such.
As for democracy, a good start would be non-corrupt politicians. The lure of $$$ seems to turn pretty much anyone these days. To a Brit the US election TV adverts seem like they are from another planet.
As far as elections go, the way you make them fair and open is in person voting, the requirement to show ID, and a standardized paper ballot that must be retained for 1 year for auditing purposes. But beyond that, you must take the money out of politics, like requiring all personal assets to be put into a blind trust, and all politicians having an annual audit of all money to the last penny requiring an explanation of anything they have that's more than their government salary. Further, require them to live under their own laws (in the US, Congress is generally exempt from any laws they pass) and do not allow anyone to hold the same office twice (no reelections) or hold another political office for 10 years after their term is up.
Taking the money out of politics and ensuring the vote woulr go a long way towards correcting a lot of America's political problems.
It's a bit refreshing for them to come out to just say it. Technically they are correct, in a capitalistic system they did nothing wrong.
Would have been nice to have them do this earlier since it might have effected change but at this point its way too late in the game for the rules to change. So all it's really good for is hearing them say the truth, which is kinda nice, but not worth much else since we're way past the point where the truth could lead to any meaningful change.
"Possibly the most shocking quote in the article is the one at the end where Amazon say "We did nothing wrong."
As things stand, this report is an excellent example of a simple fact; There is no rule of law affecting corporate leadership within the USA. That any senior leadership within any major corporation can pay a small sum of money; NOT to a court of the law under the direction of a judge and jury, but instead to a regulatory institution. This report, just like many others shows that there is no rule of law; that today the United States is a lawless, classically feudal nation.
"Remember, folks, Amazon barely makes any profit"
But the insiders make a killing on the stock. Jeff didn't take a huge salary when he ran Amazon, but as the founder, his tranche of stock was where his money was made. That's not to say that the perks of being CEO don't come with loads of non-salary compensation that can be substantial. If your housing, car, insurance, holidays and clothing was all paid for by your company, tax-free, a £100,000 annual salary would be pure gravy.
"If your housing, car, insurance, holidays and clothing was all paid for by your company, tax-free, a £100,000 annual salary would be pure gravy."
Is that actually how it works in the US? Here in the UK, and across the EU, any "gifts" like that from your employer or company is "payment in kind" and therefore taxable income, even medical and dental benefits. At least for us "little people". I'm sure our corporate masters have ways around those inconvenient laws.
"Is that actually how it works in the US?"
Yes and no. It depends. The tax codes are ... convoluted is probably the best way to describe it. Dealing with taxes is the only place I bring in an outside expert when it comes to money. The rules change year to year, and sometimes quarter to quarter ... or even month to month, in some cases. Anybody making over $100,000 (maybe less) and trying to do their own taxes is either asking to pay too much to the government(s), or just looking for trouble. Yes, "government(s)" ... it varies from state to state, too, just to keep things interesting for those of us who have properties scattered about the place. And some municipalities also tax individuals for the privilege of living in their friendly confines.
Yes, this is another one of those things that needs reform ... but never will, at least probably not in my lifetime.
I just do as I'm told, follow the rules, and probably wind up paying far less than my "fair share" (whatever that means!), while still paying far more as a percentage than the likes of Trump and the other filthy rich.
Clear as mud? Not for me, either. It's Friday, I'm buying ...
"across the EU, any "gifts" like that from your employer or company is "payment in kind" and therefore taxable income"
In the US, there are tax implications for "payment in kind" compensation, but if you take a company the size of Amazon, good luck ferreting all of that out in an audit. Many of those things can be buried in the books to obscure where they are going. I'd expect that a large company would have many leased company vehicles. If one of them was "assigned" to the CEO rather than just one of several in a car pool, who would know? Who's to say that the CEO isn't choosing from several each day without any particular one being for his use only. The same would go for meals. Clothing could be accounted for under "uniforms". I have people I know that have large companies that maintain furnished homes or flats for use by visiting managers/execs. It can be much cheaper and more secure than a hotel. Those properties are also much more plush and can have self-catering or chefs brought in for the C-Level visitors. The comms are more guarded/monitored and the phone systems tie into the company switchboard via VOIP so a visitor can have calls put to their extension be directed to that property for the duration of their stay. What if an exec stayed at one of those homes on a longer term basis? As long as they didn't register the address as being their own, it can be explained away as short-term accommodation to any auditor.
The larger the company and the more complex the accounts, the easier it is to hide things. The tax collectors can also be discouraged from digging too deeply for political reasons.
Every time I think I have found the nadir of human intelligence, I find a new low point.
Ok, fair enough, Joe Average and partner may not be as aware of the possibilities of remote blackhattery on common electronics, but surely there are better mechanisms than stuffing everything on a remote server?
This sort of crap will never find a place in or on my property,
Having recently had a disturbing encounter with a person who would be best defined as "of ill repute", I will soon be getting a remote surveillance system fitted at my home (isolated, rural...). It's no good simply having cameras, it needs something more active and I'm not available to respond to incidents (phones are banned at work). Thus, a third party will look when a camera is triggered to see what's going on and whether or not to hand over to the rozzers.
Obviously that's fine when I'm not around. But I want no access to the cameras when the system is inactive. It's good that this story has happened, as I rather suspect I'll be asking the engineer some difficult questions.
"This sort of crap will never find a place in or on my property,"
Many people here know about tech so aren't as bamboozled, but the average punter was told that math, science and engineering were hard and only for nerds. School never taught them about privacy vs. security, how to asses risk and manage money. If somebody comes along and shows them wonders and a way to avoid getting off the couch to accomplish some mundane task, they'll jump at it and be more than happy to click the "I accept" box at the end of a EULA without reading (if they can read).
customers ... will perhaps take years to get over the ugly incidents Amazon’s laxness made possible.
Or perhaps they'll take legal advice. This has the signs of an impending class action suit, and then the ambulance chasers will get in on the act. "Do you have a Ring camera? Might you have been spied on in your home? Text RING to 12345 to find out if you're entitled to compensation".
And for once, I'd completely support them.
"This has the signs of an impending class action suit"
No shit, and a massive one at that.
I'm surprised that the land-sharks haven't already started the ball rolling. The entire concept of IoT is clearly designed, engineered, manufactured, marketed and sold specifically to be an extreme invasion of privacy, an accident waiting to happen, and a very dangerous attractive nuisance. Near as I can tell there is absolutely no compelling reason for these things to exist other than to make the shareholders money. They certainly don't benefit the supposed "owner", except perhaps superficially[0].
[0] OOH! Look! SHINEY!!!!
"the land-sharks"
That's the problem. They're likely to be the ones who get "compensated" (in that strange US-ese way where "compensation" actually means "ordinary payment for the job"). But the FTC has identified the accounts. They've also identified the more egregious cases. How about the FTC and victims get together, agree a meaningfu*l tariff and send an enforceable bill to Amazon .
And no, the bill can't be paid by vouchers only redeemable at Amazon. We'll have no truck with that sort of thing.
* Meaning big enough to require an explanation in the annual accounts.
I can't see a logical reason why I might want to install a webcam in, say, my bathroom but it still doesn't mean those that do should expect it to be compromised.
Perhaps authorities should be asking of Amazon et al some more searching questions like this: You clearly log access to these recordings (and if you don't log then, oh man, are you in the deepest of shit) so 1.) Immediately provide details of every such incident where a camera feed was viewed by your own employees where there was NOT an open tech. support case assigned to that device; and 2.) Justify why any feed can be viewed by employees when there's no defined need to see it.
2.) Justify why any feed can be viewed by employees when there's no defined need to see it.
Laziness, and a wilful disregard for privacy and security that almost certainly violates data protection legislation in many countries.
Laziness probably comes from some of the use cases mentioned in the report. So tech support needs to diagnose problems. Therefore they need access. Many systems exist where multiple people need access to sensitive data, and there are standard 'best practice' solutions. So encryption and shared keys. Data are encrypted to prevent casual access, if tech support is assigned a case, they can access data specific to that case and that access is logged and audited. Even just an audit trail that can track tickets to access would be a simple step. If there was no open case assigned to that agent, why were they accessing that data? Then make it very clear to staff that unauthorised access will be considered gross misconduct, and result in termination & loss of benefits.
It's not rocket science, and is common in law enforcement, medicine, finance, law etc due to data sensitivity, legislation, risk of harm or reputational damage. Big Tech really needs to start taking security and privacy seriously, and litigation is an obvious stick to beat some sense into them with. Governments should support this, and can impose meaningful fines. It also wouldn't harm lawful intercept because companies already need to comply with that legislation.
"Big Tech really needs to start taking security and privacy seriously"
They do. Anf they know how. You don't think their corporate accounts, sales and other relevant "business critical" systems are locked down and tracked/audited for their own protection? This does, of course, demonstrate the lie when they don't apply the same levels of security and usage tracking to customer data and then act all surprised when it's compromised, mis-used or stolen.
This does, of course, demonstrate the lie when they don't apply the same levels of security and usage tracking to customer data and then act all surprised when it's compromised, mis-used or stolen.
Yep. A sharp lawyer should have a field day with this one. Amazon obviously recognises the risk of improper or unauthorised access to it's own sensitive and private data, so why act so negligently when it comes to it's customers, when it's providing a service on their behalf?
Considering medicine has been around thousands of years and they've only in the last 20 years started taking medical privacy seriously, I don't expect tech privacy in our lifetimes. This is why I severely limit tech in my house, and do my best to make sure any data that is collected is useless to the collector.
> I can't see a logical reason why I might want to install a webcam in, say, my bathroom
She Came In Through The Bathroom Window
https://www.youtube.com/watch?v=NVv7IzEVf3M
She came in through the bathroom window
Protected by a silver spoon
But now she sucks her thumb and wanders
By the banks of her own lagoon
Didn't anybody tell her?
Didn't anybody see?
..................your friendly (but invisible) Police Force has been selling RING (and taking a cut) in many municipalities.
The curious will want to know that PC Plod has also been snooping big time.....
Link: https://www.theguardian.com/technology/2019/aug/29/ring-amazon-police-partnership-social-media-neighbor
Link: https://www.theguardian.com/commentisfree/2021/may/18/amazon-ring-largest-civilian-surveillance-network-us
Bezos and his leadership mates should all be charged with criminal trespassing and conspiracy to stalk for each example and given the matching jail sentence multipled.
Perfectly good laws already exist. Well, in some states anyway-
https://en.wikipedia.org/wiki/Voyeurism#Legal_status
In some countries voyeurism is considered to be a sex crime. In the United Kingdom, for example, non-consensual voyeurism became a criminal offence on May 1, 2004.[27] In the English case of R v Turner (2006),[28] the manager of a sports centre filmed four women taking showers. There was no indication that the footage had been shown to anyone else or distributed in any way. The defendant pleaded guilty. The Court of Appeal confirmed a sentence of nine months' imprisonment to reflect the seriousness of the abuse of trust and the traumatic effect on the victims.
...In the United States, video voyeurism is an offense in twelve states[36] and may require the convicted person to register as a sex offender.[37][failed verification] The original case that led to the criminalisation of voyeurism has been made into a television movie called Video Voyeur and documents the criminalisation of secret photography. Criminal voyeurism statutes are related to invasion of privacy laws[38] but are specific to unlawful surreptitious surveillance without consent and unlawful recordings including the broadcast, dissemination, publication, or selling of recordings involving places and times when a person has a reasonable expectation of privacy and a reasonable supposition they are not being photographed or filmed by "any mechanical, digital or electronic viewing device, camera or any other instrument capable of recording, storing or transmitting visual images that can be utilised to observe a person.
Then I guess stalking laws might be added, if voyeurs created 'favorites' lists to repeatedly perv at their victims. IANAL, but I suspect Amazon would argue that the victims consented to voyeurism and became voluntary cam-girls/boys by installing their iSpys in places where their privacy could be violated by Amazon at will. But then if Amazon's amassed millions of images of people under 18 or 16, then Amazon's in possession of child pornography, which is a strict liability offence in many countries. Children can't consent, and I'm fairly certain adults can't consent to illegal activity either.
So just prosecute Amazon for a few million counts of voyeurism, possession of CP and have all their execs jailed for.. well, eternity if sentances run consecutively. If they manage to argue for a less than lifetime sentance, all involved will be required to register as sex offenders anyway. CP's probably the best angle to pursue because it's probably Amazon has amassed a lot of images that would fall under those laws, and as a strict liability offence, there's no real defence, especially as they've allowed those images to be accessed and shared.
That telephone in your house? Nasty agencies have been able to use those to listen for decades. Mobile? Internet? VOIP? Differing levels of convenience for privacy invaders.
Quite what Alexa would use the the hours of discussions around my dining room table over the rules of High Frontier or Next War : Korea I have no idea.
I'd be more concerned if they had listened in on e.g. WFH conversations where some of that content could constitute insider information; if the recipient knew what to do with it.
And no, I don't have an Alexa in the house. But a mobile and/or internet connection are unavoidable necessities.
The problem is that reverting back to parchment and quills only gets you so far - and in conflict with the goose you're asking to donate those quills.
I have the same reservations about the hard push to go electronic on payments - nothing makes you more trackable what you spend your money on and where.
On the plus side, at least social media is easy to replace.
Just get a megaphone..
I'm not sure how this comment relates, but nontheless.
For avoidance of doubt, I want NO data to leave my property without my express permission. Hence, no Alexa, and no landline. Internet is filtered by PiHole, and various other steps taken where possible (though avoiding everything is impossible).
But the odds of the law shifting in favour of consumers to this extent are basically zero. Assume your data IS compromised, and probably any devices you plug into as well.
This is yet another example of a settlement or closing of a case in America where guilt has obviously been established, large or small fines assessed, but
1. They never have to admit guilt
2. No lessons can be learned because the details of the judgement are kept secret (though not possibly in this case, but in many)
How is that in any way justice, or an effective system of justice, or justice being seen to be done?
Yes yes, money talks. But it shouldn't.
I suppose the logic for sloppy handling of Ring camera video is that the product, being a doorbell, tends to look out onto the street and has the same kind of field of view as one of those optical door viewers. There shouldn't be any need for images to go to the cloud -- a company server -- except that its the universal way that everyone tries to charge rent for their products (and rendering them effectively useless in the process). Personally I don't feel the need for a remote wireless doorbell, its a clunky bit of 'because we can' technology doing a bad job of replacing both a doorbell push and a video camera.
Voice assistants are not just standalone devices like the Echo products, they're software that can be anything that has a microphone, processor and internet connection. They need to process data in the cloud at the moment. They can be turned off -- if they violate anyone's privacy its because someone has used them to do this.
A for these fines, its just the modern version of the shakedown. Data security is such a nebulous concept for anything other than the personal data that identifies us, it could mean anything, its widely collected (especially by government agencies -- talk about 'pot calling kettle black') and the only reason its not more widely used is that (fortunately) the collectors lack imagination (or, alternatively, its nowhere near as valuable as we think it is).
You will see lots of comments that have all come true.
WE TOLD YOU THERE WAS A SECURITY RISK
but millions went out an actually paid to have a spyware camera in their home. How many AD slurpers has your video been sold to?
Anyone who still has one of these working after today must be mad (IMHO)
long long ago, back when i had a shiny Reg badge, outlining a suggestion to thwart the nasty door-steppers preying on your elderly parents.
It was way before Amazon brought out Ring, but it detailed the exact way that Ring functions, minus the nasties of course. So, if anyone feels like bringing out a competing version I'll happily dig out my prior art to parry any attempt by Amazon at claiming it was their original IP.
GDPR doesn't go far enough! Facebook literally facilitated a genocide. You have this with Ring...we already saw similar with mobile phone company employees stalking customers message back in the day so firms can't say they didn't know.
The whole idea of "break things and disrupt" just means break as many laws as possible and take teh profits.
Fines should be in the $billions not millions.
I think fines should be a significant percentage of revenue immediately and then a continuing percent to be applied until proof that all the issues have been addressed. Additionally the companies have to put a banner on all their websites stating what fines they have paid and continue to pay and the reasons for it as approved by the regulator.
Additionally all the C suite personal also have to have a similar regime apply to them as well.
I am sick to death of these mega corporate companies and C suite pricks that get away with literally everything. Is it any wonder why so many people go 'down the rabbit hole' of conspiracy when this blatant abuse is page 1, chapter 1, sentence 1 of the typically 'American' play book.
Why would anybody install this crap inside or outside of their homes boggles my mind. Are our phones not enough loss of privacy themselves that some people feel the need to install still more snooping equipment? Don't even get me started about Alexa and her ilks. Might as well have a webcam in every room on 24 hours a day and put ads on TV, radio and social media about the URLs for creeps to watch.
“While we disagree with the FTC’s claims regarding both Alexa and Ring, and deny violating the law, these settlements put these matters behind us.”
Are you. Fucking. Kidding me! Look, I get that this pinhead PR prick was probably told to "cover our ass", but you would think they could do it with at least a bit more finesse than "deny deny deny nothing happened and were not doing anything about it."
I knew these IOT things were risky, but I thought of all companies Amazon might have at least the VAGUEST concept of principle of The SANS Controls, e.g. principle of least privilege, implicit deny... etc. etc., but I guess not
Recommended course of action: if you own one of these spyware boxes, unplug it, put it back in its the packaging it shipped with, and if possible, return it. Then delete your Amazon account. Yes, even if you have an active Prime subscription. In fact, ESPECIALLY if you do. Let the pain oof that sunk cost remind you of the cost of not reading the privacy policy and TOS/EULA. Realizing the sunk cost is how I rehabilitated myself from another platform (whom I will not name)'s manipulative pricing and deceit.
"Recommended course of action: if you own one of these spyware boxes, unplug it, put it back in its the packaging it shipped with, and if possible, return it. "
You're not thinking 4 dimensionally.
Order something even more expensive from the company and when you get it, shove the spy devices in the box and return that for a refund keeping that more expensive thing. Given what I've seen with the Amazon random pallet purchase videos, they don't check what comes back but just that there is something in the box being returned rather than just the empties.