AWS has released a new tool that allows customers of its AI services to more easily stop sharing their datasets with Amazon for product improvement purposes: something that is currently a default opt-in for many AWS AI services.
Until this week, AWS users had to actively raise a support ticket to opt-out of content sharing. (The default opt-in can see AWS take customer’s AI workload datasets and store them for its own product development purposes, including outside of the region that end-users had explicitly selected for their own use.)
AWS AI services affected include facial recognition service Amazon Rekognition, voice recording transcription service Amazon Transcribe, natural language processing service Amazon Comprehend and more, listed below.
(AWS users can otherwise choose where data and workloads reside; something that is vital for many for compliance and data sovereignty reasons).
Opting in to sharing is still the default setting for customers: something that appears to have surprised many, as Computer Business Review reported this week.
The company has, however, now updated its opt-out options to make it easier for customers to set opting out as a group-wide policy.
Users can do this in the console, by API or command line.
Users will permission to run organizations:CreatePolicy
Console:
- Sign in to your organisations console as an AWS Identity and Access Management (IAM) user, assume an IAM role, or sign in as the root user (not recommended).
- On the Policies tab, choose AI services opt-out policies.
- On the AI services opt-out policies page, choose Create policy.
- On the Create policy page, enter a name and description for the policy.You can build the policy using the Visual editor as described in this procedure. You can also type or paste policy text in the JSON tab. For information about AI services opt-out policy syntax, see AI services opt-out policy syntax and examples.
- If you choose to use the Visual editor, select the service that you want to move to the other column and then choose the appropriate arrow to move it.
- (Optional) Repeat step 5 for each service that you want to change.
- When you’re finished building your policy, choose Create policy.
Command Line Interface (CLI) and API
- AWS CLI: aws organizations create-policy. (Examples and guidance here).
- AWS API: CreatePolicy
Editor’s note: AWS has been keen to emphasise a difference between “content” and “data” following our initial report, asking us to correct our claim that AI customer “data” was being shared by default with Amazon, including sometimes outside selected geographical regions. It is, arguably, a curious distinction. The company appears to want to emphasise that the opt-in is only for AI datasets, which it calls “content”.
(As one tech CEO puts it to us: “Only a lawyer that never touched a computer might feel smart enough to venture into « content, not data » wonderland”.)
AWS’s own new opt-out page initially read disputed that characterisation.
It read: “AWS artificial intelligence (AI) services collect and store data as part of operating and supporting the continuous improvement life cycle of each service.
“As an AWS customer, you can choose to opt out of this process to ensure that your data is not persisted within AWS AI service data stores.” [Our italics].
AWS has since changed the wording on this page to the more anodyne: “You can choose to opt out of having your content stored or used for service improvements” and asked us to reflect this. For AWS’s full new guide to creating, updating, and deleting AI services opt-out policies, meanwhile, see here.
See also: European Data Watchdog Warns on Microsoft’s “Unilateral” Ability to Change Data Harvesting Rules
