“Alexa, I have a headache” — over 60% of respondents to a recent survey said that were worried about Amazon having access to their personal medical information. The study, conducted by leading speech technology company Intelligent Voice, came after NHS England announced a partnership with Amazon to deliver health advice via the company’s smart speaker platform.
Described as a “data protection disaster” by Privacy campaigners Big Brother Watch, the new service is aimed at reducing the burden on “hardworking GPs and pharmacists” according to Health Secretary Matt Hancock.
The fear comes from the way in which smart speaker platforms access information, which is very different to the way a web browser works.
A web browser connects directly to its source of information, normally using a secure connection protocol called “SSL”. This is designed to protect information in transit from being “snooped” by others. This type of privacy security is now taken for granted if, say, you are getting bank balance information, or accessing healthcare records.
Voice assistants work quite differently. First, they are “always on”, which means they are listening constantly for their “wake word”, like “Alexa”. Theoretically, no information is transferred from the voice assistant until that watchword is heard. However, in practice, other words can be misheard, so the speaker is activated, and a voice recording is sent to the cloud, and in one case, sent to another user
Once that voice recording is received, it is transcribed to text using powerful machine learning driven algorithms, and then it is scanned for “intent”, i.e. what is the command that you actually issued to the voice assistant. From there, the provider of the voice assistant (Amazon, Google etc) contacts the provider of the “skill” (the app that you are using, eg your bank or maybe Spotify) and gets the relevant information, which is then sent back to your voice assistant, and often read back to you. The voice recording? It is stored forever, unless you delete it yourself. And guess what? It seems that both Amazon and Google are listening in to those recordings as well.
This creates serious privacy issues. Amazon has recently announced a number of skills that it says comply with HIPAA (the US legislation governing how healthcare information is processed and stored), although it has not given many details of how it has achieved that. However, your voice requests are still being transmitted to a third party which keeps them forever and reads them: And of course, has access to the answers. So when you say “Alexa, what’s my bank balance”, or ask it a medical question, that information is available to the provider of your voice assistant.
So what can be done? Clearly, it is not in the interests of companies that thrive on data collection to give up their access to what has become known as the “new oil”. However, the technology does exist to provide low-power, high-quality speech and intent processing “on the edge”, i.e. on small devices that sit in the home that act much more like a web browser, connecting direct to your bank, etc, rather than using a cloud intermediary. Also, companies that are building new apps, or extending their current text-based chatbot technology to embrace voice, can provision their own speech recognition systems in their own data centres or private cloud, rather than relying on public (and inherently insecure) cloud providers. One popular telephony platform uses the Google Cloud Speech API for its transcription of voice recordings, which is a technological short cut that many companies employ: But just how private and secure are my speech conversations if they are being transcribed in this way?
Given the results of the survey, it seems a lot of consumers would be quite shocked to find the tortuous path their conversations follow, and where they end up.