Feeds

Amazon sues US state on customers' privacy

50 million in tax probe

Beginner's guide to SSL certificates

Amazon has filed suit against a US state agency that is demanding the online retailer turn over not only the sales records of nearly 50 million transactions since 2003, but also the names and addresses of the purchasers, along with details of exactly what they bought.

The North Carolina Department of Revenue (DOR) is investigating Amazon for compliance with sales tax law. All well and good, says Amazon in its filing in the US District Court of the Western District of Washington, but: "All [the DOR] needs to know is what items Amazon sold to North Carolina customers and what they paid, and Amazon has already provided that information to the DOR," the filing reads.

But the DOR wants more - it wants to know exactly what books and video individual North Carolinians bought. And Amazon isn't buying it: "If Amazon is forced to comply with this demand, the disclosure will invade the privacy and violate the First Amendment rights of Amazon and its customers on a massive scale."

Sales records are one thing, says Amazon. "But the DOR has no business seeking to uncover the identity of Amazon's customers who purchased expressive content, which makes up the majority of the nearly 50 million products sold to North Carolina residents during the audit period, let alone associating customers' names and addresses with the specific books, music, and video content that they have purchased during the past seven years."

Amazon also notes in the filing that: "The DOR's actions threaten to chill the exercise of customers' expressive choices and to cause Amazon customers not to purchase certain books, music, movies or other expressive material from Amazon that they might otherwise purchase if they did not fear disclosure of those choices to the government."

Which is simply legalese for: "It's none of your damn business, North Carolina."

And it's not merely John Q. Public that Amazon is concerned about. As the filing states: "This privacy concern is even greater for public figures who have purchased items from Amazon, because their purchase histories may generate significant political or press interest or otherwise be made public."

Privacy is privacy, whether you're merely an average schlub who doesn't want your purchase of Richard Dawkins' The God Delusion known to your Bible-thumping neighbors, or if you're former North Carolina senator John "Randy" Edwards not wanting your wife Elizabeth's divorce lawyers searching to find out whether you own a copy of Girls Gone Wild: Best Breasts Ever.

Amazon's move points out the muddled mess that is privacy law when it comes to online information. As we reported just last month, even rivals Microsoft and Google have joined together with the Digital Due Process coalition to bring the almost 25-year-old Electronic Communications Privacy Act (ECPA) up to digital-age standards.

Expect more court actions and legislative deliberations before firm guidelines appear that cover what the government can request and what should remain beyond its reach. ®

Internet Security Threat Report 2014

More from The Register

next story
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
BT said to have pulled patent-infringing boxes from DSL network
Take your license demand and stick it in your ASSIA
Right to be forgotten should apply to Google.com too: EU
And hey - no need to tell the website you've de-listed. That'll make it easier ...
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.