Why Anyone Can Peek Inside Amazon’s Law‑Enforcement Data Request Portal

Anyone can access parts of the portal that law‑enforcement agencies use to request Amazon customer data, even though the site is supposed to require a verified email address and password.

The portal unusually discloses how Amazon handles law‑enforcement data requests.

Amazon’s portal allows police and federal agents to submit formal requests and legal orders such as subpoenas, search warrants, or court directives. While the site is publicly reachable, agencies must register an account for Amazon to verify the government personnel’s credentials.

Only urgent emergency requests can be submitted without an account, but the requester must declare and confirm that they are authorized law‑enforcement personnel before submitting.

Although the portal does not display customer data or allow access to existing requests, some content loads without login, including the dashboard and a “standard” request form used by agencies.

The form lets officers request data using numerous data points, such as Amazon order numbers, Echo and Fire device serial numbers, credit‑card and bank‑account details, vouchers, delivery and shipment IDs, and even the social‑security numbers of delivery drivers.

It also permits agencies to submit related domain names or IP addresses to obtain records tied to AWS accounts.

Amazon is not the only tech company with such a portal; other large companies like Google and Twitter have established similar sites for law‑enforcement data requests.

Motherboard reported earlier this month that anyone with an email address can access the law‑enforcement data request portals created by Facebook and WhatsApp.