In a recent report, Motherboard reveals, “Contractors working for Microsoft are listening to personal conversations of Skype users conducted through the app’s translation service.” This allegation was done on the basis of a cache of internal documents, screenshots, and audio recordings obtained by Motherboard. These files also reveal that the contractors were also listening to voice commands given to its Cortana.
While Skype FAQs does mention that it collects and uses conversations to improve products and services and also that company may analyze audio of phone calls that a user wants to translate in order to improve the chat platform’s services; however, it nowhere informs users that some of the voice analysis may be done manually.
Earlier this year, Apple, Amazon, and Google faced scrutiny over how they handle user’s voice data obtained from their respective voice assistants. After the Guardian’s investigation into Apple employees’ listening in on Siri conversations was published, Apple announced it has temporarily suspended human transcribers to listen to conversations users had with Siri.
Google agreed to stop listening in and transcribing Google Assistant recordings for three months in Europe. Google’s decision to halt its review process was disclosed after a German privacy regulator started investigating the program after “a contractor working as a Dutch language reviewer handed more than 1,000 recordings to the Belgian news site VRT which was then able to identify some of the people in the clips.” TechCrunch reports.
On the other hand, Amazon now allows users to opt-out of the program that allows contractors to manually review voice data. Bloomberg was the first to report in April that “Amazon had a team of thousands of workers around the world listening to Alexa audio requests with the goal of improving the software”.
The anonymous Microsoft contractor who shared the cache of files with Motherboard said, “The fact that I can even share some of this with you shows how lax things are in terms of protecting user data.”
In an online chat, Frederike Kaltheuner, data exploitation program lead at activist group Privacy International, told Motherboard, “People use Skype to call their lovers, interview for jobs, or connect with their families abroad. Companies should be 100% transparent about the ways people’s conversations are recorded and how these recordings are being used.”
She further added, “If a sample of your voice is going to human review (for whatever reason) the system should ask them whether you are ok with that, or at least give you the option to opt-out.”
Pat Walshe, an activist from Privacy Matters, in an online chat with Motherboard said, “The marketing blurb for [Skype Translator] refers to the use of AI not humans listening in. This whole area needs a regulatory review.” “I’ve looked at it (Skype Translator FAQ) and don’t believe it amounts to transparent and fair processing,” he added.
A Microsoft spokesperson told Motherboard in an emailed statement, “Microsoft collects voice data to provide and improve voice-enabled services like search, voice commands, dictation or translation services. We strive to be transparent about our collection and use of voice data to ensure customers can make informed choices about when and how their voice data is used. Microsoft gets customers’ permission before collecting and using their voice data.”
The statement continues, “We also put in place several procedures designed to prioritize users’ privacy before sharing this data with our vendors, including de-identifying data, requiring non-disclosure agreements with vendors and their employees, and requiring that vendors meet the high privacy standards set out in European law. We continue to review the way we handle voice data to ensure we make options as clear as possible to customers and provide strong privacy protections.”
How safe is user data with these smart assistants looped with manual assistance?
According to the documents and screenshots, when a contractor is given a piece of audio to transcribe, they are also given a set of approximate translations generated by Skype’s translation system. “The contractor then needs to select the most accurate translation or provide their own, and the audio is treated as confidential Microsoft information, the screenshots show,” Motherboard reports.
Microsoft said this data is only available to the transcribers “through a secure online portal, and that the company takes steps to remove identifying information such as user or device identification numbers.”
The contractor told Motherboard, “Some stuff I’ve heard could clearly be described as phone sex. I’ve heard people entering full addresses in Cortana commands or asking Cortana to provide search returns on pornography queries. While I don’t know exactly what one could do with this information, it seems odd to me that it isn’t being handled in a more controlled environment.”
In such an environment users no longer feel safe even after the company’s FAQ assures them that their data is safe but actually being listened to.
A user on Reddit commented, “Pretty sad that we can not have a secure, private conversation from one place to another, anymore, without taking extraordinary measures, which congress also soon wants to poke holes in, by mandating back doors in these systems.”
I like how they claim it doesn’t contain user identifiable information, when it contains some arbitrary thing the speaker said that could..for example..personally identify them
— Mason Remaley 🔜 #PlayNYC (@masonremaley) August 7, 2019
After this revelation, people may take steps in a jiffy like uninstalling Skype or not sharing extra personal details in the vicinity of their smart home devices. However, such steps won’t erase everything the transcribers might have heard in the past. Will this effect also result in a reduction in sales of the smart home devices that will directly affect the IoT market for each company that offers it?
Just deleted Skype from my phone https://t.co/Dw0BCPwdBR
— Thomas Rid (@RidT) August 7, 2019
To know more about this news in detail, read the Motherboard’s report.
*** This is a Security Bloggers Network syndicated blog from Security News – Packt Hub authored by Savia Lobo. Read the original post at: https://hub.packtpub.com/microsoft-contractors-also-listen-to-skype-and-cortana-audio-recordings-joining-amazon-google-and-apple-in-privacy-violation-scandals/