On September 28, 2011, Amazon announced its long-expected new Kindle Fire tablet, running on Google's Android operating system. Almost lost amidst the announcement was the Kindle Fire's unusual Web browser, called Amazon Silk. According to Amazon, Silk was "cloud-accelerated," offloading some of the processing of requested Web pages from the tablet to Amazon's own cloud processing servers to speed up downloads.
This cloud-based approach, while technically innovative, also raises some significant potential privacy questions, since it effectively means that Amazon's servers are intercepting every Web page requested by users. The requested pages may contain the user's personal information, or other confidential data ordinarily not meant for third parties. Amazon, though, will have access to everything. Even Web pages generally encrypted in transit (via SSL encryption, and often indicated with an "https" rather than "http" in the URL) could be open for Amazon's viewing: as discussed in the FAQ (Frequently Asked Questions) file for Amazon Silk:
What about handling secure (https) connections?
We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://siteaddress.com).
Amazon Silk will facilitate a direct connection between your device and that site. Any security provided by these particular sites to their users would still exist.
While Amazon states that security "would still exist," functionally, there is no way for a user to verify this.
Another potential privacy issue involves Amazon's retention of the information it receives through the Silk browser. As stated in the Terms and Conditions for Amazon Silk:
Amazon Silk optimizes and accelerates the delivery of web content by using Amazon's cloud computing services. Therefore, like most Internet service providers and similar services that enable you to access the Web, the content of web pages you visit using Amazon Silk passes through our servers and may be cached to improve performance on subsequent page loads.
Amazon Silk also temporarily logs web addresses - known as uniform resource locators ("URLs") - for the web pages it serves and certain identifiers, such as IP or MAC addresses, to troubleshoot and diagnose Amazon Silk technical issues. We generally do not keep this information for longer than 30 days.
While Silk does give users an option to turn off cloud-assisted browsing, it will be on by default.
Given that Amazon states that Silk will be subject to its overall privacy policy, it is unclear whether that privacy policy will have to change and, if so, whether it will be a "material change" that could obligate Amazon to get opt-ins from all of its previous customers from whom it collected information. The Silk browser could also mean that every other Web site might have to notify its users that the site would be "sharing" personal information with Amazon.
It remains uncertain how Amazon will address these potential privacy concerns, and how other sites will need to as well. The attorneys in Olshan's Advertising, Marketing and Promotions practice group would be happy to answer any questions you may have about this or other privacy matters.