According to the Information, Amazon is considering opening up access to private transcript data from its Alexa devices to third-party developers, raising concerns of privacy for users.
Amazon’s Echo system was one of the first mass-marketed home assistants available, giving it a head start over other devices such as Google Home. However, while Amazon currently does not allow developers access to everything users say, Google Home does; with Apple moving into the market as well, Amazon cannot afford to lose the lead it gained early on.
At the moment, developers making apps that will use Alexa are only permitted to see non-identifying information, such as location data, how often users talk to their devices, and how many times a specific “skill” is used. If full transcripts were visible to developers, the greater amount of data could be put to use in order to improve and fine-tune their applications.
Skill developer Ahmed Bouzid, an ex-product head for the Alexa team, said that the current access only gives developers “7o percent of what they need to know.” However, according to the Information, some teams already have full access to all the data that Alexa gathers; it is unclear who is exempt from the standard limitations or why.
I strongly suspect that every “Voice Recognition” device vendor is already selling these transcripts to anyone willing to pay. Internet connected Smart TVs, Smart speakers like Alexa and Google Home, Windows 10’s Cortana, Apple’s Siri, Game systems like the X-Box, and the Sony PSx, heck even your smart refrigerator and your kids toys … All of them are recording every sound that they capture when activated. There is nothing to stop them from eventually recording everything within their range 24 hours a day, 365 days a year, and they could also eventually do so whether or not you have actually “Activated” the voice recognition features on your devices.
Are these devices a risk to privacy? You only have a corporate marketing weasel’s word that any given device isn’t sending every sound that it captures up to the mother-ship in the cloud.
Think about how you talk in private while in your house or driving in your car. What gets recorded in the bathroom? Or in the bedroom …
“Are you having sex? If so you may be interested in this new lube product we are selling and it’s ON SALE!”
“Did you yell at your kids just now? We are sending a text and a copy of the recording to Child Protective Services, just to be safe. It’s for the children after all, how could you possibly object? Do you have something to hide”
If you value your privacy at all, you’ll disconnect those Voice recognition devices from the internet entirely.
These devices already pipe up in response to a radio or TV and there is no reason to think that they are not currently “inadvertently” recording more often that you suspect. Amazon has resisted pressure to hand over customer recordings to law enforcement. Why would that be?
I have zero faith that the firmware won’t eventually be modified to allow the equipment to monitor much more than they currently do. Remember, Mirai malware was used to hijack internet-facing webcams and other devices into massive botnets.
A “hacked” device (and keep in mind that these companies can use the “hacking” buzzword to provide plausible deniability) may be recording everything it hears, store it locally and then wait to deliver its payload only when “activated”. Such “stealth” data could then be encapsulated so that the stealth traffic appeared to be normal while its stealth payload is uploaded to the cloud. That kind of traffic shaping would be difficult to detect even for those who actively monitor their Internet connections to detect unwanted traffic.
So you trusting types can go ahead and believe that the last remaining vestiges of your privacy haven’t been compromised by devices that are listening to you, (and in the case of the Kinect watching you) and I will keep on being paranoid that these devices are doing much more than advertised.