Many consumers have voiced concerns over privacy and the potential for unwanted eavesdropping with digital assistants like Amazon’s Alexa, Microsoft’s Cortana, or the Google Assistant. It turns out, that for one Amazon Alexa user in Germany – and let’s be honest, likely many more – those concerns are completely justified.
According to story revealed by c’t (a Heise publication out of Germany), 1,700 unwanted audio recordings, search history, and an array of other telemetry stored by Alexa, were sent to another, unrelated Amazon customer that had requested a copy of his personal data citing the EU’s General Data Protection Regulations (GDPR) act.
When the customer that sent the information request to Amazon received his data via Zip file a few weeks later, he could not identify the person in the recordings. This particular customer did even not use Alexa or own an Echo device, and as such, was certain the recordings were not of him. Investigative journalists from c’t, however, pored through the user data and recordings and were ultimately able to identify the Amazon customer and his female friend, who can also be heard in some of the recordings. In short, strangers were able to eavesdrop on the personal daily lives of multiple people and figure out who they were. It was all extremely creepy.
Though the original customer contacted Amazon when he realized he had received some else’s personal data, the data was only removed from the repository Amazon placed it on. Unfortunately, the victim was never alerted – at least, not until c’t contacted Amazon and explained the severity of the situation. After c’t reached out to Amazon, it was only a matter of days before the company engaged with all parties involved.
Amazon is claiming that this situation was a simple case of human error and that it is putting mechanisms in place to prevent similar mishaps moving forward. A spokesperson from Amazon said, “We resolved the issue with the two customers involved and took measures to further optimize our processes. As a precautionary measure we contacted the relevant authorities.”
If you recall, a few months back, Amazon also sent a recording of a couple to one of their contacts that were linked to an Echo device, allegedly because Alexa misinterpreted part of the discussion. Situations like these aren’t very widespread as far as we know at this point, but it’s obvious the risk is there and it is something to be aware of. In addition, as voice assisted devices get more sophisticated, privacy violations may indeed get worse and more frequent before things get better.