Posted by Mei-Ling Huang, Partner
Amazon’s Alexa breaches privacy
Amazon’s Echo – the voice controlled smart speaker – was launched in a bid to conquer the big tech market. Accusations of digital spying soon followed as more and more voice activated tech was released.
Back in 2015, Samsung came under criticism for tucking the following sentence away in its SmartTV security policy:
“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”
Amazon’s Alexa in the news
This week, an Alexa user from America asked Amazon to launch an investigation after her Echo device recorded a private conversation she had with her husband and sent it to someone in her address book, with no instruction to do so.
The couple only realised that the device had been recording their conversation when one of her contacts telephoned her and told her to unplug her Alexa devices as she was being hacked, having been sent an audio of them talking about hardwood floors.
Despite the fact the user’s family home has multiple Echo devices that control everything from the heating to the lights, unsurprisingly, she has said that she felt invaded and that she would never plug the devices back in because she could not trust them.
A customer service representative from Amazon has confirmed that the conversation had indeed been recorded and sent to a random number in the user’s contact list, but no explanation was given as to why or how the device had activated itself and recorded the conversation, let alone why it was then sent out at random.
An updated statement was later provided by Amazon, explaining that:
“Echo woke up due to a word in background conversation sounding like ‘Alexa’. Then, the subsequent conversation was heard as a ‘send message’ request. At which point, Alexa said out loud ‘To whom?’….the background conversation was interpreted as a name in the customer’s contact list. Alexa then asked out loud, ‘[contact name], right?’. Alexa then interpreted background conversation as ‘right'”.
Sounds like an unlikely series of events, and Amazon’s response has resurrected debate over whether Alexa is in fact always listening, and if so, whether that is something we need to be worried about.
The General Data Protection Regulation (GDPR) came into force today (25 May 2018) and brings with it important changes to data protection laws. The gathering and processing of personal data is a valuable asset for many organisations such as Amazon, and failing to protect the security of that personal data can quickly, and seriously, damage a company’s brand.
Technology has made it increasingly easy to share data and we would expect companies like Amazon to have the necessary IT security in place to prevent such serious breaches of data protection legislation.
A private conversation being recorded and sent to someone without your knowledge – it’s the worst nightmare of every smart home speaker owner. Amazon maintains that the incident was a malfunction rather than evidence that Alexa is always listening. Either way, it is a clear invasion of privacy which, if it happens again under the GDPR, could have serious consequences for the organisation committing the breach.
At Royds Withy King, we have specialist Dispute Resolution and GDPR teams who are on hand to assist with any of your queries relating to the security of your personal data and what actions can be taken in the event of a data breach.
For more information, please contact Lucy Nash:
01865 792 300 Email us
Minimise the impact with our dispute resolution solicitors