Don’t believe it. A number of “articles” and emails have been making the claim that smart home controllers, such as Cortana, Amazon Echo and Google Home, are spying on you. Like so much disinformation on the Net, these articles are not simply true. Worse yet, they border on disingenuous. Yes, these personal assistance devices are listening to what you say. But they simply don’t have the capability of recording everything they hear. Nor is it necessary to put tape over your laptop camera, and worry about snoops sniffing your packets. To put it bluntly: you aren’t so interesting that Big Data wants to know about your mundane life.
How do we know? It’s all about data. And money. Amazon, Google and other data service companies are looking for useful information that tells them what you want or what is important to you. The “wake word” which triggers the microphones alerts the companies that something you need — and that’s the data they can use. They really can’t and don’t want to use your complaining about in-laws, griping about work or emoting about what is wrong with the world. Moreover, any information they capture must be stored. The cost of storage, while relatively low, increases substantially if they are recording 24 hours worth of data for each customer, rather than 30 seconds per day of “wake word” commands. It would simply be cost-prohibitive for these companies to “spy” on you.
Similarly, hackers aren’t interested in your life as much as your passwords, bank accounts and important identifying information. Little, if anything, captured by the smart home controllers will be useful to them. Moreover, Amazon and Google both have security measures that prevent snoops from wiretapping your home. The audio zipping from your home to Amazon and Google’s data centers is encrypted, so even if your home network is compromised, it’s unlikely that the gadgets can be used as listening devices. A bigger risk is someone getting hold of your Amazon or Google password and seeing a log of your interactions online.
What has triggered much of the conspiracy-fueled talk of home device spying is a warrant issued by Bentonville, Arkansas police. They demanded that Amazon to provide them with voice recordings, transcripts and other information captured by one of the company’s Echo speakers as part of a murder investigation. Detectives noticed (the defendant’s) Echo in his kitchen while searching the home. They learned the music was being streamed wirelessly during the night, which they said could have been “activated and controlled” using the Echo, detectives said in an affidavit for the Amazon search warrant. knowing who asked the device to play music at what time may help to reconstruct that fateful night, similar to the way police uses cell phone records to place suspects at a certain location during a certain time. However, it is unlikely that the courts will support the Bentonville police; case law suggests that without a defendant’s consent, such information is Constitutionally protected. A similar case made headlines in the past year when Apple refused to comply with a court order demanding that it help authorities to access an iPhone belonging to one of the shooters in the December 2015 San Bernardino attack. The Supreme Court has repeatedly emphasized that “[w]hen it comes to the Fourth Amendment, the home is first among equals,” but what of the smart home? The Wiretap Act and Stored Communications Act (SCA) extend some Fourth Amendment-esque protections to electronic communications. The relationship between the two laws is complex, but in general, the Wiretap Act prohibits the interception of oral, wire, and electronic communications while the SCA prohibits the surreptitious access to communications at rest. The government wisely found another way to unlock the iPhone.
Not only do you have the Constitution protecting you, but users also have the ability to review – and delete – any recordings made from their home devices. In fact, neither Google Home or Amazon Echo currently offer users the ability to record voice memos or send audio messages. Both Home and Echo also allow users to view the data that has been collected about them by going to their My Activity page and delete what they don’t want collected about them.
Some privacy advocates properly point out that companies collecting your personal information might be sloppy. For example, Snapchat was telling its users that it would delete photos, that they would literally vanish once they were sent. But, of course, that’s not what Snapchat was doing. They were simply changing filenames, and the photos could be retrieved. We had a similar experience, by the way, with a search company called AskEraser. It said it was deleting all search queries—except for the ones that law enforcement wanted. These advocates argue that government needs to be clearer about how in-home data will be used by government and private businesses. Regrettably, such a debate is not likely to proceed very far in the next four years; the Trump Administration doesn’t appear to view privacy as an issue deserving of its attention.
If you are still really worried about being spied upon by in-home devices, you’d be better served to worry about your smartphone. The reality is that most every American uses a cloud connected smartphone which could more readily used to listen to our conversations in real time. If you want to feel paranoid about someone spying on you, it’s your phone and/or desktop, not your hard-muted home personal assistant, that may be up to no good. The hard mute function on smart home controllers makes it electronically impossible for the the devices to hear what you say when it’s muted as it physically disconnects the microphone.
Your TV may also be a more likely snooping culprit. According to recent ProPublica investigation, TV-maker Vizio boosts its profits by surreptitiously collecting data on customers’ viewing habits and IP addresses, and bundling that data with other data purchased from commercial data brokers. ProPublica says the resulting “enhanced data” is sold to advertisers so they can target customers not only on Vizio TVs but on other devices they may own. (note: ProPublica broke this story on November 9, 2015. Already, two class-action lawsuits have been filed against Vizio. The main allegation in both is that Vizio has violated the Video Privacy Protection Act, a 1980s federal law that prohibits any “video tape service provider” from selling records of what its customers have purchased or rented in a form that enables identification of individual customers.)
Our conclusion: while some public policy issues will need to be addressed by the Government in the coming years, there’s little if no likelihood that the current crop of smart-home voice-activated controllers pose a serious privacy threat. Relative to other personal devices, such as TVs and smartphones, these personal assistants may be far safer to use. But, if you continue to be concerned about Internet privacy, we urge you to read our blog about how to protect your privacy. Hint: get rid of your Facebook account!