Amazon may monitor employee keystrokes to protect customer data

In an internal document, the company says it doesn't have a good way of verifying workers.

David Ryder via Getty Images

According to an internal company document obtained by Motherboard, Amazon plans to monitor how its employees use their keyboards and mice to prevent customer data leaks. The retailer is reportedly leaning toward licensing tools from a company called BehavioSec.

"The software does not rely on personally identifiable information or other static data," a FAQ page from BehavioSec states. Instead, the company claims it uses "behavioral biometrics" to generate a profile of how someone types and uses their computer. Its software then utilizes that profile to verify that a hacker or imposter hasn't compromised an employee's device. BehavioSec's website lists Cisco and Deutsche Telekom as "partners," suggesting Amazon wouldn't be the first company to use its software. Amazon reportedly looked at other employee monitoring solutions. However, due to "challenges around collecting keystrokes data," concluded it was best to turn to more "privacy-aware" models like BehavioSec.

In the document, Amazon claims it needs such software to combat various security threats. The company points to at least four cases where its security team identified incidents where someone posed as a service agent to obtain customer data. "We have a security gap as we don't have a reliable mechanism for verifying that users are who they claim they are," the company states in the document.

With more of its employees working remotely due to the pandemic, it's also worried about a higher risk of "data exfiltration." Amazon points to several hypothetical scenarios it wants to protect itself against, including one where a customer service employee forgets to lock their computer, and a nosy roommate steals the company's data. By 2022, it estimates the software could help it reduce imposter takeover by 100 percent.

"Maintaining the security and privacy of customer and employee data is among our highest priorities," Kelly Nantel, director of national media relations at Amazon, told Engadget. "While we do not share details on the technologies we use, we continually explore and test new ways to safeguard customer-related data while also respecting the privacy of our employees. And we do this while also remaining compliant with applicable privacy laws and regulations."

While Amazon's reasons for considering BehavioSec appear to be well-intentioned, the company doesn't have the best history with employee monitoring software. A recent report from CNBC found Amazon's Mentor app was far too overbearing to do its intended job effectively, and it would needlessly penalize drivers for things like going over the occasional bump on the road.