Thursday, August 12, 2021, 03:16 PM EDT
Here's Why Amazon Wants To Monitor Employee Keystrokes In Its Latest Surveillance Push
Following call center company Teleperformance allegedly forcing employees to undergo AI camera surveillance, Amazon wants to monitor its own customer service employees. Soon, Amazon could use a system that captures all workers' keystrokes to run behavioral analysis and prevent malicious hackers or imposters from stealing data.
In a confidential document acquired by Motherboard, Amazon reports that there have been several cases of customer data being accessed around the world. India ranks at the top of the list, with 120 security incidents, followed by the Philippines with just under 70, and the U.S. with approximately 40 security incidents.
While each of these incidents are not explained, the document outlines several potential customer privacy threats, "including one where a customer support worker may walk away from their computer without locking it." If a tech-savvy and nosey roommate were to go to the computer, they could look up what public figures buy from Amazon. Alternatively, a customer support worker could extract thousands of customer records in under an hour using a USB Rubber Ducky device that allows for repetitive keystrokes and mouse movements to be executed incredibly quickly. It is also mentioned that a malicious hacker gaining access to the customer support device could also do the same damage remotely.
Though the principle of least privilege should most certainly apply, Amazon wants to keep tabs on things anyhow. This would be done through a solution that would capture all employees' keystrokes and mouse movements which can be used to build a profile for each person. This profile can then be used to verify if a worker is still at the keyboard or in control of the device at all.
Vice reached out to Amazon, which said in a statement that "Maintaining the security and privacy of customer and employee data is among our highest priorities." Senior Amazon PR manager Barbara Agrait also added that the company is continually "test[ing] new ways to safeguard customer-related data while also respecting the privacy of our employees," and "remaining compliant with applicable privacy laws and regulations."
As mentioned, perhaps Amazon could lock down what customer service employees have access to at any given time, only granting the least necessary privileges. Theoretically, the employees would only need to see information from customers they are currently chatting with or recently contacted. Despite this, it will be interesting to see if Amazon moves forward with the plan, as a company to provide the monitoring services has already been selected. Thus, we may hear more about the situation if the solution rolls out, so stay tuned to HotHardware for updates.