Published: Fri, Apr 28th, 2017
Technology is amazing. For many it is also a scary unknown world. Devices are covered in buttons, or have touchscreens with pages of options. Manufacturers use acronyms or made up terms in an attempt to make things more user friendly, but often make it more difficult. Manufacturers needed a way to make technology more approachable, something that could be used by anyone.
The introduction of voice recognition that could understand commands in plain English. It started with Apple’s Siri in 2011 and has now spread to most phones, watches and several in-house ‘hubs’ like Google’s Home and Amazon’s Echo. Users could tell the device what they wanted and the device would respond. Dim the lights, done. Change the radio station, done. Send a text message, done. However, with all new technologies come new issues. For voice activated devices there are two which users should be made aware of. One is kind of amusing. The other is a bit more daunting. However first we should quickly look at how they work.
How it works – The tech bit
Voice activated devices work in conjunction with a server somewhere on the internet. The device itself isn’t that smart. It is smart enough to listen for its catch word. For Apple it is ‘Siri’. For Amazon it is ‘Alexa’. The device listens for that catch word constantly. When the catch word is detected it will then start recording what follows, typically until there is a break on the speech which it interprets as the end of the command. It will then send this recording to the server provided by the manufacturer or a third party. The server converts the audio into a command and then returns that command back to the device, and the device follows that instruction. The server is generally smart enough to know when the recording was a mistake, and will tell the device to do nothing, or if it was an attempted command that wasn’t clear, where it will tell the device to ask for the command again. So a conversation about someone called Alexa is unlikely to get a response, but a request for Alexa to ‘make the volume green umbrella’ will get a response that Alexa did not understand the command. This communication between the device and the server will happen in a fraction of a second.
Some devices can also be connected to lighting, heating, televisions, curtains etc. to allow the device to control various items in the house.
While devices should ignore accidental use, things will not always go to plan. A correct command, given by someone else, could trigger the device.
One of the first devices to gain voice control was the Xbox One gaming console through its Kinetic Sensor add-on. This allowed the user to control some features of the Xbox One by stating the command. The issue with this soon arose when, during online multiplayer games, another player would yell out “Xbox turn off”, which would play through the speakers of the other players, immediately turning off the other player’s Xbox One.
A similar issue occurred more recently with the Amazon Echo. Earlier this year an issue arose as a journalist provided a TV report on a six-year-old girl who had used her parent’s Echo to purchase a dollhouse and four pounds of cookies from Amazon. While the ability for a child to order items through the Echo is a problem in itself, the TV report exacerbated the issue. As the broadcast played, Alexa devices heard the report from the TV speakers, believed it was a command, and placed orders for dollhouses of their own. (Fortune 10 January 2017 https://goo.gl/AVOedm). Operating as intended, the Echo had just ordered hundreds of dollhouses from Amazon. The orders were subsequently cancelled.
If you do have such a device, make sure that, before it makes a purchase, it asks you for a verbal security code, and don’t let your children hear the code.
Who is/will listen
In the past, several years there have been concerns raised about several interactive toys. The first were a range of Barbie dolls that would interact with the owner, understanding most of what the owner was saying. These worked in the same way as the devices above, by recording the speech and sending it to a third-party server to interpret. At the time these recordings weren’t being encrypted, and the security on the toy itself was not very good. It was hoped that things had improved since then but we see the same issues still appearing in some toys.
Devices like Google’s Home and Amazon’s Echo do encrypt the recordings, allowing them to be sent securely to the server to be interpreted, so that security issue is mostly resolved. The security issue is now at the server. Google, Amazon, or whoever else provides the service, now hold a collection of recordings that the device has made. Most will be mostly harmless, requests for lights to be turned on, weather reports, or to play the new single from Lorde. However, as the devices can sometimes pickup unintentional recordings, the recordings could contain items that are confidential or private. We can be sure that Google isn’t interested in those recordings, or is smart enough to know the legal implications of if it was to snoop on them. What we can’t be certain of is whether a third party could gain access to them. There is always fear of hackers gaining access to anything online, and they should always be considered a threat, but hackers would also have little interest in the private home conversations of most people.
What should concern more people is the access of such recordings by government departments, most notably the US government. In late December 2016, the police in Arkansas, USA subpoenaed Amazon to gain the voice recordings caught by an Echo. The police believed that the Echo may have caught some evidence that could assist in a murder enquiry (Fortune 26 December 2016 https://goo.gl/r4jW2N). The police believed that, while there were probably no deliberate incriminating recordings, accidental activation may have occurred and sent something of use to Amazon’s server for analysis. While initially opposed by Amazon, as at 7 March 2017 Amazon have now agreed to provide the recordings to the police with the permission of the defendant (NZ Herald 7 March 2017 https://goo.gl/Lj9G2S). Amazon had argued that any release was a breach of the 4th Amendment to the US Constitution, the right to be secure in one’s home. New Zealanders would not have access to a Constitutional defence. The US, especially recently under the latest and previous leaders, has been willing to overlook the rights of citizens of other countries if they see it as a threat to their security. Requests have already been made to many companies for documents and emails belonging to foreign nationals, and we believe that these requests could stretch to recordings from home devices.
If there is an option to, have the server delete all recordings as soon as possible. Unless you can be sure that nothing is being sent, or that recordings are being deleted as soon as they have been automatically analysed, don’t have such devices in your workplace or where confidential matters are being discussed.