Ctrl + N

More than 100 million Alexa devices have been sold. 

That's a staggering amount of people who are giving Amazon an intimate portrait of their lives.

The Washington Post's technology columnist Geoffrey A. Fowler has a fascinating column out this morning that breaks down all the ways these smart speakers have been eavesdropping on you — allowing the tech giant to track you, as he so frankly puts it, “in more ways than you might want.” 

“Many smart speaker owners don’t realize it, but Amazon keeps a copy of everything Alexa records after it hears its name. Apple’s Siri, and until recently Google’s Assistant, by default also keep recordings to help train their artificial intelligences,” he writes. (Amazon founder and CEO Jeff Bezos also owns The Post.) 

And Amazon is not alone. “Bugging our homes is Silicon Valley’s next frontier,” he writes. “For as much as we fret about snooping apps on our computers and phones, our homes are where the rubber really hits the road for privacy. It’s easy to rationalize away privacy concerns by thinking a single smart speaker or appliance couldn’t know enough to matter. But across the connected home, there’s a brazen data grab going on and there are few regulations, watchdogs or even common-sense practices to keep it in check.”

The warp-speed expansion of the Internet of Things — tech researchers estimate there will be about 20 billion connected things by 2020 — presents a tricky problem for lawmakers when it comes to protecting consumers' security and privacy. There is no national standard for security on IoT devices, leaving it up to each company to determine how best to do so. Congress introduced a bill this year that would set a minimum security standard for connected devices the government uses, but it does not take the broader view on protecting average citizens. 

The states have gone further on addressing both Internet of Things security and privacy issues posed by smart speakers specifically. California became the first state of pass an IoT security bill last year requiring companies to provide “reasonable” security features to ward off hackers, and there's a bill working its way through the legislature that would ban smart home speakers from keeping or storing recordings without explicit consent. “The Anti-Eavesdropping Act, which cleared its first committee [last Wednesday], would also ban smart speaker device manufacturers from sharing with third parties recordings of verbal commands or requests heard by the devices,” per the Mercury News. “Under the bill, Amazon, Google, Apple and other makers of smart speakers may store recordings only when consumers give their permission in writing.” Fowler notes the Illinois Senate recently passed a bill on the same issue. 

As California has been a leader on security and privacy issues, it's conceivable that Congress start paying more attention to smart speakers as lawmakers look for ways to crack down on Big Tech. “They are giving us false choices. We can have these devices and enjoy their functionality and how they enhance our lives, without compromising our privacy,” California bill's sponsor, Assemblyman Jordan Cunningham (R) told Geoff. “Welcome to the age of surveillance capitalism.”

Most people don't realize that Alexa records everything you say to it. The Post's Geoffrey A. Fowler went through his recordings and made a song out of them. (Jonathan Baran, James Pace-Cornsilk/The Washington Post)

This problem gets only more complicated when consumers might not even understand the full extent of the technology they're letting into their homes. These devices can record even when they say the “wake word.” “Alexa keeps a record of what it hears every time an Echo speaker activates. It’s supposed to only record with a “wake word” — “Alexa!” — but anyone with one of these devices knows they go rogue,” Geoff writes. He reviewed his own history of what Alexa has archived on him in the last four years (and you can, too). “I counted dozens of times when mine recorded without a legitimate prompt. (Amazon says it has improved the accuracy of 'Alexa' as a wake word by 50 percent over the last year.)" 

As Geoff notes: “Any time personal data sticks around, it’s at risk. Remember the family that had Alexa accidentally send a recording of a conversation to a random contact? We’ve also seen judges issue warrants for Alexa recordings. Alexa’s voice archive made headlines most recently when Bloomberg discovered Amazon employees personally listen to recordings to train its AI. Amazon acknowledged some of those employees also have access to location information for the devices that made the recordings.”

To be sure, it's not just Amazon. Even Apple, which prides itself on its tough stance on privacy, keeps copies of conversations with Siri. “Apple says voice data is assigned a 'random identifier and is not linked to individuals' — but exactly how anonymous can a recording of your voice be?” Geoff writes. “I don’t understand why Apple doesn’t give us the ability to say don’t store our recordings.” 

His full column is worth a read here:


BITS: Facebook told the U.S. government it is "willing to submit to greater oversight of its data-collection practices — from the launching of new services to the decisions of its top executives — to end a wide-ranging federal probe into a series of privacy abuses that came to light last year," my colleague Tony Romm reported. The changes, per Tony, would come with a multibillion dollar fine the Federal Trade Commission has considered slapping on Facebook. Tony's reporting yielded a sketch of such a settlement, which would include: 

  • Privacy review of new products: "Facebook would have to complete a more rigorous privacy review of new products and services before launching them... The company would have to document its decisions, and its efforts to anticipate potential privacy pitfalls, which would help the FTC assess if the social-networking giant fully weighed the effects of its data-collection practices on users." 
  • Policing third-party apps: "Facebook also would take a more active role in policing third-party app developers by reviewing their offerings and ensuring that they comply with Facebook’s own rules." 
  • Oversight of privacy from the top: "Every quarter, Facebook’s decision-makers, including chief executive Mark Zuckerberg, would assess the company’s privacy safeguards and sign off on them." 
  • Including the board: "Their regular reports would be submitted to a committee of independent members of Facebook’s board of directors, which would take on a more expansive role ensuring the tech giant properly handled users’ data."
  • Regular checkups: "The settlement could also require Facebook to undergo more rigorous, regular checkups by an independent, third-party watchdog that must be approved by the FTC." 

However, Tony notes: "Any settlement between Facebook and the FTC still could change dramatically. Negotiations are continuing, and the final say belongs to the FTC’s five commissioners, three Republicans and two Democrats. If the agency lacks at least three votes — or talks break down between Facebook and the FTC — the result could force the two sides to battle in court." 

NIBBLES: The FTC's members are split on the size and scope of the financial punishment for Facebook -- and the degree to which Mark Zuckerberg specifically should be held personally liable for a violation of a past agreement, the New York Times reported. The division comes despite Facebook's announcement last month it set aside $3 billion to $5 billion for the settlement and a consensus among the five commissioners that they wanted to pursue a "historic penalty that would show the agency's teeth," Cecilia Kang reports.

Facebook has fought back against the idea that Zuckerberg, the chief executive, should be held liable for any violation of a 2011 agreement with the FTC in which ir promised to overhaul its privacy practices. The company has said Zuckerberg "should not be held legally responsible for the actions of all 35,000 of his employees," per Cecilia. 

The commission is seeking to avoid a decision along party lines. "The FTC's Republican chairman, Joseph J. Simons, appeared to have the votes of the other two Republican commissioners, giving him the three needed to approve a deal. But a 3-to-2 decision along party lines, which Mr. Simons has said he wants to avoid, could lead to strong rebukes on Capitol Hill," Cecilia reports. 

BYTES: The European Union will launch a formal antitrust investigation into Apple, The Financial Times reported, in the wake of Spotify's complaint that the iPhone maker unlawfully favored its own Apple Music service by abusing its dominance in the App Store. 

"Spotify, which last month hit 100m paid subscribers to its service, is the market leader in music streaming but faces increasing competition from bigger technology players, namely Apple and Amazon," Rochelle Toplensky reports in Brussels. "... Spotify’s complaint centres on Apple’s policy of charging digital content providers a 30 per cent fee for using its payment system for subscriptions sold in its App Store. The policy applies to Spotify and other music subscription services but not apps, such as Uber. After considering the complaint and surveying customers, rivals and others in the market, the EU competition commission has decided to launch a formal antitrust investigation into Apple’s conduct, according to three people familiar with the probe." 


Tech news from the public sector:


Tech news from the private sector:


A teenage boy successfully hacked a common drone in a stunt aimed at showing how vulnerable web-connected devices and the Internet of Things are to attacks. (Reuters)