If you have misgivings about permitting the internet-connected devices in your home to listen in on what you and your roommates and family are doing, then you might feel like you’re alone. Plenty of people have enabled Siri to listen in on their conversations from an iPhone, and lots of people have an Amazon Echo sitting in their living room or kitchen. Few people seem concerned. After all, if you browse a list of common privacy myths, you’ll likely notice that they all involve people believing that they’re safer from surveillance or more protected from privacy invasions than they really are.
So it may not surprise you to learn that Stacey Gray, a legal and policy fellow at the Future of Privacy Forum, reports for Re/Code that many people don’t understand the ways in which always-on microphone-equipped devices are collecting information. For an illustration of the problem at hand, Gray points to the Amazon Echo, which can be activated by the spoken command “Alexa;” Mattel’s Hello Barbie; or Apple’s Siri, which can be activated by the command “Hey, Siri” on an iPhone or iPad.
As consumers grow accustomed to voice as a useful way to interact with these and other devices, they also bump into questions about how or when these devices are listening in on their conversations. Some are designed to stay on at all times, like security cameras or baby monitors, and Gray notes that others “use the microphone like an electronic ‘on button,’ allowing the detection of a spoken ‘wake phrase’ that triggers the device to activate and begin transmitting data.” In either case, these devices don’t necessarily pose privacy threats dangerous enough to make people think twice about adopting them, but there are privacy implications be aware of.
As noted in Gray’s new study on the privacy implications of such devices, published by the Future of Privacy Forum (PDF), each category of device presents different privacy implications, influenced by factors such as whether the collected data is stored locally (which is increasingly rare) or whether it’s transmitted from the device to a third party or to external cloud storage. Another important factor is whether the device is used for voice recognition (the biometric identification of an individual by the characteristics of his or her voice) or for speech recognition (the translation of voice input into text).