Key Points
-
Facebook, Microsoft, Google and Amazon have admitted to eavesdropping on users’ private conversations.
-
Investigations reveal that the industry powerhouses engaged hundreds of human contractors to manually transcribe recordings collected via smart speakers.
Who has been listening?
Facebook, Microsoft, Google and Amazon have admitted to eavesdropping. It was recently revealed the industry giants paid hundreds of contractors to manually transcribe users’ conversations in an attempt to improve speech recognition technology and artificial intelligence algorithms. This revelation has left many users reeling.
How is the data being collected?
Bloomberg first reported in April that Amazon had a global team that was charged with listening to snippets of users’ Alexa audio requests. Alexa is Amazon’s virtual assistant. It wasn’t long before similar stories were published by news outlets around the world. Apple’s Siri and Alphabet Inc’s Google Assistant were also found to be listening in.
The incidents are not limited to virtual assistants and extend to other smart speaker and internet-enabled voice technology. Earlier this month, Vice Media published an article detailing how Microsoft listened to personal conversations of Skype users conducted through the application’s translation services. Just when you thought things couldn’t get any worse for Facebook (following its record-breaking USD $5 billion settlement with the U.S Federal Trade Commission for breaches of privacy practices), it was found that the social media powerhouse was transcribing audio clips captured via its Messenger application.
In many instances the recordings were made knowingly. However, a recent article published by the Guardian suggests that Apple collected confidential information without users’ knowledge through accidental triggers of the Siri digital assistance. The Apple Watch (which is Siri enabled) was reported to be highly susceptible to accidental triggers. A finding that is particularly alarming given the watch’s ability to record up to 30 seconds of audio.
What data is being collected?
What exactly is being recorded? Everything! Bedroom conversations, phone calls containing sensitive information, arguments and in certain instances audio of alleged criminal activity and violence.
For its part, Microsoft contends that audio data it transcribed was de-identified and made available to contractors through a secure online portal. Reports reveal each audio recording was assigned a unique serial number. While this may provide affected users with some degree of anonymity, it does not go far enough and will be of little comfort in situations where a recording details personal information e.g. a phone call from Bill to Claire suggesting they meet up for a coffee at café X.
Closer to home, Chair of the Australian Competition Consumer Commission, Rod Sims told media that companies need to be 100% transparent about the way users’ conversations are being handled and used. The comment follows findings that the service terms of many of the implicated operators did not adequately disclose the fact that conversations were being transcribed manually by human contractors. It is unclear whether any Australian users have been affected by the trend. To date, all reports appear to be from overseas.
What are the privacy implications?
How does the trend stack up against the Australian Privacy Principles (APPs)? The APPs are set out in Schedule 1 of the Privacy Act 1988 (Cth). They deal with the collection, use and disclosure of personal information.
Broadly speaking, under the APPs personal information may only be collected and used:
- if required
- with consent, and
- by fair and transparent means.
Regarding Facebook, Microsoft, Google and Amazon, the collection of users’ data is not an issue because in each case users voluntarily signed up to use the technology. The privacy concerns relate to the use and handling of the data after it was collected.
APP 6.1 states that personal information (including sensitive information) can only be collected and used with the consent of the individual to whom the information relates. Noting that where there is a lack of disclosure about the type of information that is being collected or how it is being used, it is unlikely that consent will be established.
According to reports, one thing that is notably absent from the implicated operators’ service terms and privacy statements is an acknowledgement that users’ audio conversations were being disclosed to and manually transcribed by third party contractors. There are also concerns that users’ audio conversations were being recorded without their knowledge through accidental triggers of smart speaker technology. For these reasons, it is very unlikely that users were sufficiently aware of the circumstances surrounding the use and handling of their personal information and as a result could not consent to the use of their information for those purposes.
Key takeaway
The recent events illustrate that organisations must take a proactive approach in discharging their privacy obligations. It is of paramount importance that organisations adopt transparent privacy practices and update their privacy statements (including those set out in any service terms) to reflect changes in the way they use and handle customers’ personal information.
Post by Vanja Simic and John Kell