Alexa Busted for Eavesdropping

For many bringing a personal assistant into their home has been great. Others have not been as quick to embrace them, whether it is through a lack of understanding of new technology or just seeing no need for it. Other people have believed that their assistant is capable of eavesdropping on them though many have called them conspiracy theorists or cooks. Those people may have been vindicated by a recent incident involving an Amazon Alexa device in Germany.

A German man got more than he bargained with a GDPR request

One of the core components of the recent GDPR legislation enacted by the EU last year was the ability of a person to request all of the information that the company has on themselves. A German user requested his information from Amazon and got more than he bargained for. After waiting for two months he received his information and included in the package was 1,700 recordings of a different person shared as audio files.

When he opened the audio files he found something that he was not expecting. The recordings included full length conversations between a man and a woman. The problem was that it was not him on the recordings. When contacted Amazon chalked the issue up to human error and contacted the other user as well as regulatory bodies. The issue was was resolved by Amazon with both parties smoothly.

Listening to someone else’s life

In the audio recordings there was enough information to piece together the person’s personal habits and personal information. It even picked him up when he was in the shower (and who knows where else). Using names that the couple said it was possible to narrow down who the person was and by using Facebook and Twitter it was possible to figure out who the person was. At first the user contacted a German magazine who then contacted the victim. A few days later the victim was contacted by Amazon.

The problem is that a device like Alexa is constantly listening. It needs to be able to respond to queries at a moment’s notice so hence it needs to be actively listening. The problem is that the device was not only recording sound but it was also saving the audio files. As far as saving the audio files go this was not an isolated incident as a conversation with a Portland, Oregon woman was mistakenly sent to one of her husband’s co-workers.

This is a major issue that any manufacturer of a digital personal assistant need to address. The extent of how much these devices may have never been known if not for this man’s GDPR request. Just imagine if this man had used the information to extort the other person or had sold those recordings to someone else. Imagine if Amazon’s database of recordings were to be hacked? That would be a major PR nightmare, not only for Amazon but for the tens of millions of users of the Alexa devices. Let’s hope it never comes to this since we have an Alexa device here at the Nicely Done Sites World HQ.

Comments are closed.

Scroll to Top