By: Kirby Smith
Is Alexa Recording Everything I say?
As Alexa has grown in popularity, one of the major concerns potential consumers express is around privacy. “Is Alexa recording everything I say and sending it to Amazon?” Where answers cannot be provided with 100% certainty, this article will attempt to examine what the true risks and best practices are that one should follow with Amazon Echos in the home. (Note: this article will focus primarily on Alexa Services. Google Home and other smart speakers operate differently.)
I have owned Amazon Echos since November of 2014. Since I own a business that configures and installs smart homes, I pay very close attention to the devices and the apps. I have also worked with hospitals that were interested in using Alexa for their patients, which carries HIPAA implications and has forced me to consider privacy across a broad band. For those who have deep worries and anxiety about the government or big business listening, I don’t believe there is any reassurance that can be given to take that away. My best advice to someone with level of concern is not to use the device (and for that matter, get rid of your smart phones and computers, too – more on this later). However, for those who want to understand the level of risk and learn how to mitigate what you can, I will attempt to explain how everything works.
First, let’s start with some background on Amazon Echo. There is the physical hardware, called Echo, and the service behind it, typically called Alexa.
The Echo Hardware
Echo is essentially a fancy Bluetooth speaker. It can fall into two categories, speaker only models and speakers with interactive touch screens. If you were to break down a basic unit that does not have a screen, you would find:
- Buttons: (Ø) = Mute/Stop Echo from listening, (-) = Volume down, (+) = Volume up
- A colored light ring (or line on the bottom of the models with screens), which indicates the activity taking place. Most important: when the device is listening, the Ring turns blue and pulses.
- An array of microphones that can pick up your voice from across the room, even distinguishing your voice from background noise in the environment. It has been suggested that the Echo name comes from the fact that it is listening to sounds spatially (think echoes) and isolating voice sounds.
- Multiple speakers (the higher the quality of the Echo, the more speakers it will have to convey added bass and treble).
- Small circuit boards that include chips that make the buttons work, control sounds and video (if there is a screen), and process input sounds from the mics.
The Alexa Service
Like a computer, Alexa has memory used to store what it hears. However, this memory is only large enough to hold the equivalent of a long sentence. Locally it hears sounds but does not “activate” until it hears its wake word (which can be “Alexa”, “Echo”, “Computer” or “Amazon”). I will use the standard “Alexa” for simplicity. Until the word Alexa is heard, the memory continuously over-writes itself. Once the wake word is heard, the memory begins to store the sentence following the wakeup. From here, the sentence is encoded and sent to servers and software in the Cloud, which are collectively called Alexa Voice Services. Alexa Services is where the sentence is processed for understanding and acted upon if legitimate. The following image is from Amazon’s site:
Where it says, “Audio was not intended for Alexa,” I listened to the actual recording and most of the time it was something unintelligible from a television, non-sensical random words, or other extraneous background sound. In short, I didn’t hear anything that sounded like something truly important. Most of the time it recorded things like “Turn on the living room lights” or “What’s on the shopping list”. I personally did not find anything that alarmed me, and I also learned that it is very easy to delete them. In fact, by turning on the switch under Menu/Privacy/Review Voice Recording: Enable deletion by Voice, you can tell Alexa things like, “Alexa, delete everything I said today,” if you want to easily remove recordings.
Alexa in the News
I do not intend to make light of the concern that Amazon may be collecting private information from us through Alexa. Let’s examine and address some of the headlines about Alexa and its lack of privacy and compare it to other real-world situations.
A family that had Alexa accidentally sends a recording of a conversation to a random contact:
“A Portland family tells KIRO news that their Echo recorded and then sent a private conversation to someone on its list of contacts without telling them.”
“Echo woke up due to a word in background conversation sounding like ‘Alexa.’ Then, the subsequent conversation was heard as a ‘send message’ request. At which point, Alexa said out loud ‘To whom?’ At which point, the background conversation was interpreted as a name in the customers contact list. Alexa then asked out loud, ‘[contact name], right?’ Alexa then interpreted background conversation as ‘right. As unlikely as this string of events is, we are evaluating options to make this case even less likely.
Amazon’s response was that this was a very rare occurrence where things just happened to occur in the right sequence to send the snippet of conversation. There were numerous news reports and television/radio discussions about it. This was reported in May of 2018. Following this, with all the attention, there have been very few articles reporting similar occurrences.
However, consider for a moment your smart phone – something similar happens so often there is a name for it. It is called a “butt dial”. Your phone is in your pocket, purse, or even on the table and you accidentally dial someone. I have been treated to things I didn’t want to hear more times than I can count. While there is great alarm about Alexa violating our privacy, we do not seem to apply the same alarm to our phones. It begs the question, with Siri and Google assistant listening to us – not only at home, but everywhere we go – the larger threat may be our phones.
Amazon Staff Are Listening to Alexa Conversations
“Over 100 million Amazon Echos have been sold as of the start of 2019: That’s no small number. But some people might be looking to throw away their device after it emerged that Amazon employs thousands of people around the world to listen to voice recordings captured in Echo users’ homes and offices.
According to Bloomberg, the recordings are transcribed and annotated before being fed back into the software. The aim is to eliminate gaps in the voice assistant’s understanding of human speech so it can better respond to commands.”
Once again, there was media outrage. However, let’s step back and examine what is happening. First, note that by the time they are being reviewed by a human, the recordings are anonymous. If you created this product, how would you improve its understanding? You would have to examine its performance by checking what was said by your clients against the device’s understanding. To prevent overstepping privacy, you would strip away identifying information and then have people “quality check” it. I used to work in a call center. To improve customer service (as you are notified when you call) the calls are recorded and reviewed by supervisors and managers.
Amazon’s explanation was:
“‘Amazon uses this information to train its speech recognition and natural language understanding systems, so Alexa can better understand requests and ensure the service works well for everyone,’ the spokesperson says. ‘We have strict technical and operational safeguards and have a zero-tolerance policy for the abuse of our system. Employees do not have direct access to information that can identify the person or account as part of this workflow. While all information is treated with high confidentiality and we use multi-factor authentication to restrict access, service encryption, and audits of our control environment to protect it, customers can delete their voice recordings associated with their account at any time.’”
Looking at the spectrum of devices that listen, it was admitted by Apple and Google that they do the same thing with phones, computers, watches, DVRs, and oddly, smart TVs. I have heard people say, “If you value your privacy, get rid of Echos in your home.” With so many people living in an eco-system of smart devices, simply eliminating Amazon Echo seems short-sighted.
What Can You Do?
So, what should you do, short of not using any smart devices? If you, like myself and many others, decide the pros of these devices outweigh the cons, but you are worried about your privacy, go to your settings on the device. Find the privacy settings and disable everything that might be collecting data. Quoting Forbes, April 12, 2019 article, Amazon Staff Are Listening To Alexa Conversations — Here’s What To Do:
On the Echo, you have the option to disable voice recordings for the development of new features. However, even if you do opt out, it’s possible that recordings will be analyzed by hand over the regular course of the review process.
The Alexa Privacy Settings page is available via www.amazon.com/alexaprivacy or through the Alexa Privacy tab in Settings in the Alexa App.
You can also switch the device off and only use it when needed, or ensure it only responds to one person’s voice. At the same time, it’s possible to listen to the voice recordings associated with your account and delete all previous voice recordings in your settings.
You can also configure certain Echo devices to play a short audible tone any time audio is sent to the cloud.
A Larger Issue – The Big Guys Collecting Your Data
As I stated earlier, the larger issue is the full eco-system of consumer data. Right now, it is my opinion that Google and Facebook have far more access to your information…wherever you are.
In response to concerns, many social media services have moved privacy up on their Menus within their apps. Let’s compare Alexa Privacy controls to others:
Amazon Alexa provides five straight-forward groups of information that you can control. These allow you to review your actual raw information (listen to what it recorded), look at and delete any history related to your smart home devices (such as when you turned off the bedroom lights), and manage each type of information stored (such as shopping lists, credit cards, you name, email, etc.).
If you wish to manage your Google information, the directions are on Google’s privacy page. This is where I personally became overwhelmed. As I scrolled (and scrolled… and scrolled…), I was shocked by how many different areas Google is collecting my data. It involved websites, ads, maps, phone locations (meaning my locations), sites I visited, stores I shopped at, purchases on sites (including Amazon), music I listened to, and more. The take-away is that even if you are not using a Google app, there is a large, almost universal eco-system of Google accessible information that is monitoring and storing almost everything you do. And this system is connected to Facebook. Although I had not posted pictures of a trip to California, a friend took a picture of me at a store there. Facebook’s facial recognition tagged me, Google gained the information, linked it to the store I was in, and I began receiving ads for the store. Also, I found no easy way to review all the information Google had stored about me. There was just too much.
The combination of Facebook and Google means by cross referencing data, the two can know almost everything I am doing whether I use an electronic device or not, or whether I am at home…or not. So, in the grand scheme of things, I find Alexa listening to be the smaller threat than the activity monitoring of the larger social media companies.
Europe has so far led the way in enacting laws to protect consumer privacy. As explained in The New York Times, June 8, 2019 digital edition, the article titled- Why Is America So Far Behind Europe on Digital Privacy?
In the past year, Congress has been happy to drag tech C.E.O.s into hearings and question them about how they vacuum up and exploit personal information about their users. But so far those hearings haven’t amounted to much more than talk. Lawmakers have yet to do their job and rewrite the law to ensure that such abuses don’t continue.
Americans have been far too vulnerable for far too long when they venture online. Companies are free today to monitor Americans’ behavior and collect information about them from across the web and the real world to do everything from sell them cars to influence their votes to set their life insurance rates — all usually without users’ knowledge of the collection and manipulation taking place behind the scenes.
We must hold our government accountable for putting laws in place to protect us. The bottom line is, until changes are made, be an informed user. When you are using a device, check to see how transparent the company is when it comes to allowing you to control the data collected about you, and how they inform you about what you can do to protect your privacy. Then take whatever steps you need to find a level of protection and privacy that helps you sleep at night.