Amazon Alexa and Your Privacy

By Sierra Stone, SML Research Assistant

It’s sometimes tough to tell when Amazon’s Alexa/Echo is listening.

Devices like the Amazon Echo and Google Home are becoming increasingly popular. Most of these devices have the ability to both listen and store information. Three different types of devices are beginning to make our homes into our own: the manually activated, the speech activated, and the always-on. Devices like the Amazon Echo and Google Home are in the speech-activated category, while other home technologies like the Nest fall under the always-on category. These devices can be used for all kinds of things, from playing music to ordering groceries to keeping to-do lists. However, users and technologists are becoming increasingly aware that devices like these can present a privacy risk. The issue: it’s sometimes hard to tell when speech-activated devices are recording, and when they are, who’s listening.

This is a significant concern, considering that devices like the Echo, with its voice-activated agent Alexa, are usually kept in common areas of the home where sensitive information is readily shared and could possibly be stored. According to Amazon Alexa’s terms of use,

“You control Alexa with your voice. Alexa streams audio to the cloud when you interact with Alexa. Alexa processes and retains your voice input and other information, such as your music playlists and your Alexa to-do and shopping lists, in the cloud to respond to your requests and improve our services.”

This means that the device is always listening for you to say its “wake word”, and when it hears it, it remembers everything you say.

How do you know if Alexa is recording?

The Echo doesn’t record unless you say “Alexa”, or the other wake word of your choice. If you want to make sure Alexa isn’t listening at all, you can push the microphone button on the top of the device. When the button and the ring around the button turn red, Alexa won’t listen to you — but you won’t be able to ask the device to do anything, either.

You can see the history of what the Echo device has heard in the History section in the Alexa app.

How do you manage your Alexa data?

If you’ve connected your device to the Alexa app, you can delete and edit things you’ve said to Alexa. You can see details on your past entries, and even listen to them to know exactly what Alexa is hearing.

How to better protect your data

There are a few ways to protect your data when using an Amazon Alexa:

1. When you really don’t want to be heard, mute the device by pressing the microphone button so on the top until the light ring turns red.

2. Erase old recordings and clear your search history on your Amazon account.

3. If you’re connecting multiple Amazon accounts to one Echo device, make sure you’re aware of what information is shared from each.

What can Amazon do with your data?

According to Amazon’s privacy notice, they cannot distribute any of your data to third parties without your consent. They say that you will receive notice if information may go to other parties, and that you have the right to choose to share it or not. However, the company also states that they have the right to release any information if it’s needed to comply with the law. Amazon also highlights that your information is securely encrypted, but doesn’t go into detail about the encryption mechanism.

How could Echo/Alexa be designed to better protect privacy?

One of the Echo’s bigger privacy problems is that it’s often hard to tell when Alexa is recording. The design of the device doesn’t do a very good job of letting the user know it’s listening. Users leave the device on in their homes for ease of use, only speaking to it when needed. When Alexa hears its wake word, the ring around the top of the device turns blue. However, the ring doesn’t have very good visibility — it’s easy to miss from a distance or from certain angles. This could easily lead to confusion as to whether or not Alexa is recording.

To better protect privacy it would make sense to design Alexa so that it has three very visible different states:

More visible light rings could make it easier to tell when the Echo is listening.
ON, ready to listen, but not recording
ON, listening, and recording (after the user says the wake word)
OFF, not listening or recording.

A design that visibly shows each state would be extremely helpful. Instead of a ring on the top of the device, a thicker colored ring around the middle of the device could illuminate a different color for each state. This way, users would have a more definite idea of when they’re being recorded and when their data is being stored.

With Amazon’s Echo device and Alexa agent becoming more and more popular, consumers should be aware of how they can protect their data. Amazon offers some privacy protection mechanisms, but there’s always room for improvement. We think Amazon could help by creating a more privacy-friendly design for their device.

Like what you read? Give Cornell Social Media Lab a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.