Is Your Smart Speaker Spying on You?
Do you ever get that weird feeling that someone — or something — is listening to your most private conversations?
Many of us have placed microphones around our homes that are constantly connected to the internet. And yet the laws that regulate the use of audio have not caught up with the trend.
As you read this sentence, you’re probably sitting near at least one device that could record you as you speak. Your smartphone has cameras and microphones, and so does your computer. But it’s the “smart speakers”, or personal assistants, that are the devices that actively harvest audio. Court battles are already taking place over the precious recordings that they hold.
VoiceLabs predicts that there will be 33 million smart home devices in homes by the end of 2017. That’s 33 million microphone arrays that have intimate access to everything we talk about. And when you factor in the apps that are listening to you speak, this vast network is clearly ripe for exploitation.
There will be 33 million smart home devices in homes by the end of 2017.
Is having a smart home really a smart move for privacy? And can we really enjoy the convenience of these devices without worrying about strangers listening in?
How Much Does Your Speaker Know About You?
In the United States, data from an Amazon Echo device has been offered as evidence in a US murder trial. This follows a lengthy court battle over whether Amazon should be forced to reveal the recordings. In the end, it was the defendant that authorized their disclosure.
But what about the “nothing to hide” argument? The murder trial is certainly an unusual case. But know this: your voice recordings are being pored over by unknown numbers of Amazon and Google staff already, and they’re being used to train algorithms that will make these devices even smarter in the future.
Amazon says that it would reject “overboard” requests for this kind of data. But that doesn’t necessarily mean you’re safe from snooping. Devices can also be activated unintentionally, and existing rules are there to be broken.
A US newsreader’s report triggered thousands of Echo devices to order children’s toys from Amazon. And in the UK, Google stepped in to stop Google Home devices responding to a Burger King ad that was deliberately worded to activate viewers’ devices.
So we know that companies are already pushing against the boundaries of privacy laws worldwide. That still leaves the question of what could happen if one was hacked.
Smart personal assistants do not constantly record audio in your home.
But they are constantly listening for the “wake word” that will cause them to spring into action.
Let’s not allow ourselves to be too complacent about this.
We know that any device with a microphone can be hacked so that it’s always-on. That’s why Mark Zuckerberg covers his Mac’s mic with a piece of tape, and why Edward Snowden unplugged the landline during the filming of Citizenfour.
And just because something isn’t recording, it doesn’t mean it isn’t analysing what you say. Despite Zuck’s clear attention to privacy, Facebook is one of the worst offenders. In the United States, its mobile app is constantly listening in to users’ conversations. In tests, journalists found that the Facebook app showed adverts for the things that they’d spoken about with their friends.
The Facebook app listens in to your conversations and displays ads based on what you talk about
The issue here is twofold. On the one hand, you have huge multinational companies trying their luck. And on the other, you have the risk of a malicious hacking attempt or surveillance mission.
Either way, simply relying on a device not to “listen” is not enough.
Smartphones and smart speakers have unwarranted access to our data. And they have a privileged position at the center of our daily lives.
Already, we’ve seen Google play a movie ad to Home users (then quickly backtrack and claim it was simply “timely content” – even though it was specifically announcing a movie release). There was an instant backlash among consumers, but it suggests that Google appears to be trying to find ways to sneak sponsored messages into spoken content that it delivers.
Google has already been caught out sneaking in ads to its Home responses.
Google is arguably the best placed company to try this kind of marketing, simply because its systems can access more data about us, gathered from more sources. Amazon doesn’t quite have the same stash of data, although knowing your purchasing habits is still enough to sell you more stuff.
In theory, all of the recordings are encrypted. But as we know, putting all of your trust into encryption can sometimes be unwise.
Let’s be clear. Eavesdropping happens in the real world, and your smart home device may be a less reliable witness than an African Grey. You can’t stop people looking over your shoulder. But in November 2016, members of Congress asked the FTC for better privacy laws to guard data collected by Internet of Things devices, suggesting that the specific risks of the smart home are starting to be recognized more widely.
Finding a Balance
If you’re concerned about the microphones that you’ve invited into your dwelling, the only real solution is to remove the device, or unplug them when you’re discussing anything sensitive.
You can also delete the history from your devices manually; providers may or may not do this for you given enough time.
Of course, you can also disable recording in Google Home completely. But then it becomes little more than a futuristic paperweight.