SEATTLE — Amazon launched its first digital assistant five years ago.
Since then, about 120 million smart speakers have been sold in the U.S. They were designed to answer questions -- and make life easier. But the devices aren't the only things listening to you -- and your conversations.
Bloomberg just published an in-depth investigation into the Alexa digital assistant and its Echo speakers. It found that thousands of Amazon employees around the world are doing something called annotating, where they analyze conversations and make notes to improve how Alexa interacts with customers.
Alex Hammerstone, Risk Manager for TrustedSec, an information technology security company in Strongsville says what Amazon is doing is accepted business practice. He adds, "From a quality control standpoint it makes sense. It's a good business practice, but like anything else, you have to keep that data secure.”
And other smart speakers like those from Google and Apple also have human helpers to improve their artificial intelligence.
But keeping all that data secure is hard to do. As the Bloomberg investigation alleges, Amazon workers around the world are reviewing as many
as 1,000 audio clips per shift.
And what Hammerstone finds problematic, is that "It looks like they were also sharing things around the office as people do. If something was funny or didn't make sense, they would send things around in sort of a joking manner, which I thinks make people uncomfortable knowing your data is being used like that."
And this isn't the first information impropriety with Alexa. Last year, when a customer requested his recordings from Amazon, he received about 1,700 audio files of another customer’s interactions.
And then there was an Oregon family whose Echo recorded a private conversation, and sent it to someone in the dad's cell phone contact list.
Amazon told us, in part, Echo devices are designed to detect only your chosen “wake word”, which is a word that activates the device. Amazon added that no audio is stored or sent to the cloud unless the device detects the wake word or Alexa is activated by pressing a button.
But as Jim Stickley, a cyber security expert and CEO of Stickley on Security points out, "The problem we run into, is there are so many times we are talking about things in the house that have nothing to with the wake word and it just turns on.”
Amazon says that's rare. But for Hammerstone, the question you need to ask yourself is, "Is the convenience of that device worth it to trade off privacy?”
Now, there is a way to delete your conversations from Amazon's servers. However, I don't know if that means no one is ever going to have heard them. Amazon didn't answer that question. But here are the instructions and information from Amazon on privacy:
Below is the statement Amazon sent to WKYC:
We take the security and privacy of our customers’ personal information seriously. We only annotate an extremely small number of interactions from a random set of customers in order to improve the customer experience. For example, this information helps us train our speech recognition and natural language understanding systems, so Alexa can better understand your requests, and ensure the service works well for everyone. We have strict technical and operational safeguards, and have a zero tolerance policy for the abuse of our system. Employees do not have direct access to information that can identify the person or account as part of this workflow. While all information is treated with high confidentiality and we use multi-factor authentication to restrict access, service encryption, and audits of our control environment to protect it, customers can delete their voice recordings associated with their account at any time.”
For background, Echo devices use on-device keyword spotting to detect the wake word (Alexa, Amazon, Computer or Echo). The device uses technology that inspects acoustic patterns in the surrounding environment to detect when the wake word has been spoken. No audio is stored or sent to the cloud unless the device detects the wake word. As Bloomberg reported, when the wake word is detected, the light ring at the top of the Echo turns blue, indicating the device is streaming your voice request to the cloud. Only recordings after the wake work are ever streamed to Amazon.
“By default, Echo devices are designed to detect only your chosen wake word (Alexa, Amazon, Computer or Echo). The device detects the wake word by identifying acoustic patterns that match the wake word. No audio is stored or sent to the cloud unless the device detects the wake word (or Alexa is activated by pressing a button).”
Jim Stickley
TrustedSec