Ride the Lightning

Yes, Alexa Does Eavesdrop on You!

May 23, 2019

Recording and keeping the recordings? Sure, it happens to millions of us with its assistant Alexa in microphone-equipped Echo speakers. 

As the Washington Post reported, aside from muting Echo’s microphone, you cannot stop Amazon from making recordings of your conversations with Alexa. Many smart-speaker owners STILL don’t realize it, but Amazon keeps a copy of everything Alexa records after it hears its name. Apple’s Siri, and until recently Google’s Assistant, by default also keep recordings to help train their artificial intelligence systems.

The author of the article listened to four years of his Alexa archive and found thousands of fragments of his life: spaghetti-timer requests, joking houseguests and random snippets of “Downton Abbey.” There were even sensitive conversations that somehow triggered Alexa’s “wake word” to start recording, including his family discussing medication and a friend conducting a business deal.

Alexa keeps a record of what it hears every time an Echo speaker activates. It’s supposed to record only with a “wake word” — “Alexa!” — but anyone with one of these devices knows they go rogue. I have personally counted dozens of times when mine recorded without a legitimate prompt. What wakes it is sometimes explicable – and sometimes not!  Amazon says it has improved the accuracy of “Alexa” as a wake word by 50 percent over the past year. Not that I can discern!

What can you do to stop Alexa from recording? Amazon’s answer is straight out of the Facebook playbook: “Customers have control,” it says — but the product’s design clearly isn’t meeting our needs. You can manually delete past recordings if you know exactly where to look and remember to keep going back. You cannot stop Amazon from making these recordings, aside from muting the Echo’s microphone (defeating its main purpose) or unplugging the darned thing.

Amazon says it keeps our recordings to improve products, not to sell them (sounds a lot like Facebook's line). But anytime personal data sticks around, it’s at risk. Remember the family that had Alexa accidentally send a recording of a conversation to a random contact? We’ve also seen judges issue warrants for Alexa recordings.

Alexa’s voice archive made headlines most recently when Bloomberg discovered Amazon employees listen to recordings to train its artificial intelligence. Amazon acknowledged that some of those employees also have access to location information for the devices that made the recordings.

Apple, which is much more privacy-minded in other aspects of the smart home, also keeps copies of conversations with Siri. Apple says voice data is assigned a “random identifier and is not linked to individuals” — but exactly how anonymous can a recording of your voice be? Why doesn’t Apple give us the ability to say not to store our recordings?

The unexpected leader on this issue is Google. It also used to record all conversations with its Assistant but last year quietly changed its defaults to not record what it hears after the prompt “Hey, Google.” But if you’re among the people who previously set up Assistant, you probably need to readjust your settings.

Recently, the California State Assembly’s privacy committee advanced an Anti-Eavesdropping Act that would require makers of smart speakers to get consent from customers before storing recordings. The Illinois Senate recently passed a bill on the same issue. Neither is much of a stretch: Requiring permission to record someone in private is enshrined in many state laws.

The article's author found much more Internet of Things mischief. When he had a midnight snack, Google knew. His Nest thermostat, made by Google, reports back to its servers’ data in 15-minute increments about not only the climate in the house but also whether there’s anyone moving around (as determined by a presence sensor used to trigger the heat). You can delete your account, but otherwise Nest saves it indefinitely.

Then there are lights, which can reveal what time you go to bed and do almost anything else. Philips Hue-connected lights track every time they’re switched on and off — data the company keeps forever if you connect to its cloud service (which is required to operate them with Alexa or Assistant).

Every kind of appliance now is becoming a data-collection device. The Chamberlain MyQ garage opener lets the company keep indefinitely a record of every time the door opens or closes. MSonos speakers, by default, track what albums, playlists or stations you’ve listened to, and when you press play, pause, skip or pump up the volume. At least they hold on to your sonic history for only six months.

After quizzing these companies about data practices, the author learned that most are sharing what’s happening in his home with Amazon, too. Our data is the price of entry for devices that want to integrate with Alexa. Amazon’s not only eavesdropping — it’s tracking (potentially) everything happening in your home.

Amazon acknowledges it collects data about third-party devices even when you don’t use Alexa to operate them. It says Alexa needs to know the “state” of your devices “to enable a great smart home experience.” But keeping a record of this data is more useful to them than to us. You can tell Amazon to delete everything it has learned about your home, but you can’t look at it or stop Amazon from continuing to collect it.

Google Assistant also collects data about the state of connected devices. But the company says it doesn’t store the history of these devices, even though there doesn’t seem to be much stopping it.

Apple does the most admirable job operating home devices by collecting as little data as possible. Its HomeKit software doesn’t report to Apple any info about what’s going on in your smart home. Instead, compatible devices talk directly, via encryption, with your iPhone, where the data stays.

Amazon and other tech companies say they need our voice data to train their artificial intelligence.

“Any data that is saved is used to improve Siri,” Apple said.

“Alexa is always getting smarter, which is only possible by training her with voice recordings to better understand requests, provide more accurate responses, and personalize the customer experience,” Beatrice Geoffrin, director of Alexa privacy, said in a statement. The recordings also help Alexa learn different accents and understand queries about recurring events such as the Olympics, she said.

Noah Goodman, an associate professor of computer science and psychology at Stanford University, said it’s true that AI needs data to get smarter.

“Technically, it is not unreasonable what they are saying,” Goodman said. Today’s natural language-processing systems need to rerun their algorithms over old data to learn. Without the easy access to data, their progress might slow — unless the computer scientists make their systems more efficient.

But then he takes his scientist hat off. “As a human, I agree with you. I don’t have one of these speakers in my house,” Goodman said.

I'll confess to having Alexa – but I am darn careful about her use – and given what we know now about our devices connected to Alexa, I am reluctant to venture any further in the IoT world within my home.

Hat tip to Dave Ries.

Email:    Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
h
t
tps://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson