Alexa voice recognition audit teams had access to customers' location data

Posted:
in General Discussion edited April 24
More allegations about how owners of the Amazon Echo smart speaker range are having their privacy infringed by the retailer have surfaced, with the latest claim involving an internal team of Alexa auditors having access to customer data that can reveal their home address.




It was revealed earlier in April Amazon employs thousands of workers to listen to snippets of audio recorded by Echo devices when users speak to Alexa, Amazon's digital assistant, for training purposes. Amazon did not advise the recordings of Alexa conversations were heard by employees, including background conversations not connected to the request.

In a new report, it is alleged those working on analyzing and transcribing the voice recordings for training purposes have access to far more data than first thought. Five employees familiar with the program advised to Bloomberg the team has access to location data, allowing it to determine a customer's home address in some cases.

Using the geographic coordinates provided along with the recording, the team members can find out the addresses using third-party mapping software.

Though there is no sign that Amazon employees are misusing the data by tracking down individuals, two team members were concerned over the "unnecessarily broad access" to customer data that would make otherwise anonymous data easy to identify.

The employees working on the recordings are largely based in Boston, Romania, and India, but some are provided extra information in an Amazon-produced tool that shows data about the device itself. While most of the data cannot be used to trace to a particular user, with items like device ID and customer ID numbers being relatively anonymous, location data is also offered in the tool.

One demonstration showed to the publication had a recording's coordinates pasted into Google Maps, quickly showing what could be the user's address.

On entering a customer ID into a separate tool, the home and work addresses, as well as phone numbers entered into the device at setup, can be viewed. Users who share contacts with Alexa can also find names, numbers, and email addresses appearing in the same tool.

It is thought Amazon is already restricting the amount of employees who can access the data, and the level of access. One dashboard tool that showed a user's contacts in full last year has been updated to have some digits from phone numbers obscured from view.

"Access to internal tools is highly controlled, and is only granted to a limited number of employees who require these tools to train and improve the service by processing an extremely small sample of interactions," an Amazon Spokesperson advises. "Our policies strictly prohibit employee access to or use of customer data for any other reason, and we have a zero tolerance policy for abuse of our systems. We regularly audit employee access to internal tools and limit access whenever and wherever possible."

Comments

  • Reply 1 of 12
    Most Echo owners won’t care about this in the same way that most Facebook users don’t care about things Facebook does.

    To be fair, though, this is a Bloomberg report. Should I believe it any more than the spy chip report?
    edited April 24 hmurchisonmagman1979watto_cobra
  • Reply 2 of 12
    Every time I think about how nice it'd be to use these types of devices and services, stories like this break and remind me that I've made the right decision in not buying these things.
    watto_cobra
  • Reply 3 of 12
    StrangeDaysStrangeDays Posts: 8,244member
    Remember when the tech sites manufactured a privacy controversy about your own Mac having your own location data from your own iphone backups? Yeah. That’s funny.

    Business as usual when anybody else does it or far worse.
    edited April 24 hmurchisonwatto_cobra
  • Reply 4 of 12
    Mike WuertheleMike Wuerthele Posts: 4,753administrator
    Most Echo owners won’t care about this in the same way that most Facebook users don’t care about things Facebook does.

    To be fair, though, this is a Bloomberg report. Should I believe it any more than the spy chip report?
    Given that Amazon confirmed that the data is available, I'd say yes.
    magman1979watto_cobra
  • Reply 5 of 12
    I use my devices to check on the weather, my travelling time to work, my planned journeys etc. So course it needs your location, and in addition, my bank holds far more data on me than I care to think about, is a bank employee any different than an Amazon employee whose role is to understand the data they process?
  • Reply 6 of 12
    bulk001bulk001 Posts: 480member
    Is this sourced from the same Bloomberg that so many users here call fake news? Or is it only when they report on Apple you (conveniently) can’t believe them? 
  • Reply 7 of 12
    AppleExposedAppleExposed Posts: 1,375unconfirmed, member
    bulk001 said:
    Is this sourced from the same Bloomberg that so many users here call fake news? Or is it only when they report on Apple you (conveniently) can’t believe them? 

    This is AMAZON dude, a company known to openly listen in, while Apple is a company known to protect user privacy. No one called Bloomberg "fake news", it was, in fact.

    Now on to the source, I have no idea who the original source is but if you think Amazon is a saint, you're nuts.
    magman1979watto_cobra
  • Reply 8 of 12
    dewmedewme Posts: 2,121member
    So you’re saying that Amazon can use Echo to determine my home address? Hmm. I guess that explains how all those packages keep showing up. 
  • Reply 9 of 12
    Most Echo owners won’t care about this in the same way that most Facebook users don’t care about things Facebook does.

    To be fair, though, this is a Bloomberg report. Should I believe it any more than the spy chip report?
    Given that Amazon confirmed that the data is available, I'd say yes.
    I didn't read the Bloomberg article, just this one, and the quote from Amazon doesn't read to me like any sort of confirmation other than "we have tools" and "we limit who can use those tools". It certainly doesn't sound like Amazon admitting that people who are transcribing the recordings from an Echo might also be able to put a physical address on where those recordings came from.

    dewme said:
    So you’re saying that Amazon can use Echo to determine my home address? Hmm. I guess that explains how all those packages keep showing up. 
    It only makes sense that Amazon would need to know your address to send packages to and if you're ordering with an Echo that that Echo would be tied to your account and also to your address. It doesn't make sense that when Echo is recording you speaking, whether you have made a request of it or not, that the person transcribing what you said could also, potentially, find your name and physical address. 
  • Reply 10 of 12
    macguimacgui Posts: 1,355member
    The issue isn't that AMAZON has your home address, it's that certain employees who apparently have no need to know your home address, have had access to it.
    watto_cobra
  • Reply 11 of 12
    dewmedewme Posts: 2,121member
    dewme said:
    So you’re saying that Amazon can use Echo to determine my home address? Hmm. I guess that explains how all those packages keep showing up. 
    It only makes sense that Amazon would need to know your address to send packages to and if you're ordering with an Echo that that Echo would be tied to your account and also to your address. It doesn't make sense that when Echo is recording you speaking, whether you have made a request of it or not, that the person transcribing what you said could also, potentially, find your name and physical address. 
    This is the inherent nature of any "audit" process. You are trusting that the organization that you have shared personal information with are engaged with auditors who are legally responsible for safeguarding all data associated with the audit. If you purchase any product/service from a vendor who collects information about you as part of the transaction, including personal information, business information, tax status information, you and/or your business location, credit status, contact information, communications and inquiries associated with the purchase, etc. Any and all of this information is exposed to state and federal tax and revenue enforcement agents/auditors because it is lumped together in the transaction logs, receipts, and records maintained by the vendors.  

    Yeah, I understand that this comes down to what is the purpose of an audit, which in this case is training, and what is the granularity of records maintained by Amazon. Should Amazon filter out any data that is not relevant to the audit from the records exposed to auditors? Sure, but they've chosen to place trust in their audit teams to use professional discretion about what portions of the information contained in the data records to use for their specific audit purposes. It's more like a laziness and cost issue, which are admittedly two principle drivers behind security and privacy breaches.  At the end of the day however, we've placed a large amount of trust in Amazon (and Apple and any vendor or government agency we deal with) as a whole and expect them to safeguard all of our data across all of their internal teams who have access to our data. We really don't know who sees what we share with them because we do not have visibility into everything they do internally or see an audit trail that shows who sees what. Once we've given over our information and data to them it's a potential black hole with an assumption of trust. Perhaps with blockchain technology things will change and we'll retain more control. But until somethings changes the issues that are reported are just a tiny tip of the iceberg on a huge personal information security concern that we have to live with to stay connected to others. 
  • Reply 12 of 12
    bulk001bulk001 Posts: 480member
    bulk001 said:
    Is this sourced from the same Bloomberg that so many users here call fake news? Or is it only when they report on Apple you (conveniently) can’t believe them? 

    This is AMAZON dude, a company known to openly listen in, while Apple is a company known to protect user privacy. No one called Bloomberg "fake news", it was, in fact.

    Now on to the source, I have no idea who the original source is but if you think Amazon is a saint, you're nuts.
    It has nothing to me thinking Amazon is a saint. If you can’t keep up with posts on the site maybe don’t comment from your ignorance? It has to do with people accusing Bloomberg as fake news when they are critical of Apple and embracing them when they are critical of anyone else. 
Sign In or Register to comment.