Everyone is talking about the Bloomberg report that Amazon employees listen to voice recordings created when you talk to Alexa. But Amazon is far from alone. Here’s how tech companies can — and look — at the personal data you upload.
From reading your notes to harassing minors
Let’s talk about some examples of Evernote employees talking about reading your private notes, and Google and Facebook employees harassing people.
Google once fired a site reliability engineer for using his access to Google servers to spy on and spy on several minors, listen to their Google Voice call logs, access their chat logs, and unblock himself on one teenager’s friends list. Site Reliability Engineers have access to everything because they need it to do their jobs — and employees can become scammers and abuse that access, as this engineer did in 2010.
Facebook fired a security engineer who used his Facebook access to spy on several women online in 2018. Motherboard reported that other employees were fired for harassing their exes and other such creepy things.
We do not recommend giving apps access to your email. But, if you do that, in these apps, people can read your email, be it Gmail, Outlook.com, or any other email account. The Wall Street Journal reports that the human engineers who worked for some of the companies responsible for these applications sifted through hundreds of thousands of emails to train their algorithms.
This is not an exhaustive list. Facebook once had a bug where private photos were shared with app developers and your employer could read your private messages on Slack—in other words, they’re not as private. Even the NSA has reportedly had to fire people for using government surveillance systems to spy on their exes. And every company that has your data will turn it over to the government when the warrant arrives, just like Amazon did when Alexa overheard the double homicide.
The cloud is just someone else’s computer
When you use a service that uploads your data to the «cloud» service, it simply stores this data on the company’s servers. And that company can see the data if it wants to.
It’s simple enough, but reports of employees listening to our voice recordings are still shocking. Maybe we all assume that there is too much data and people couldn’t study it, or maybe we think there should be some kind of law that prevents tech companies from peering into these things. But, at least in the US, we are not aware of any law that could prevent companies from viewing this data — as long as they are honest about it, perhaps by disclosing this fact in a terms of service document that no one reads. ,
However, even with voice assistants, it’s not just Amazon. As Bloomberg himself says, even privacy-focused Apple has people listening to Siri recordings to help train the algorithms that make these voice assistants work. And Bloomberg says some Google reviewers are also listening to recordings made on Google Home devices.
Legitimate reasons why people might look at your data
Leaving aside creepy stalkers and other people abusing their access, here are some good reasons why a company employee might need to verify your details:
Government requests : the warrant can force the company to look at your data for anything meaningful and turn it over to the government
Learning algorithms A: Due to the way machine learning works, the algorithms used in the software require some human input in the learning process. That’s why people listen to Alex and Siri’s notes, and that’s why Evernote wanted people to view your notes.
Quality assurance . Companies may examine records or other data to find out how their service is performing. Even if you are talking to a robot, someone else can listen to the recording later to see how it went.
Customer Support . The Company may request permission to view your data to help you if you need support. At the very least, we hope the company will only do so with your permission, which can be as simple as sending a tweet as it was with Google Photos.
Violations reported : The Company may review your data to review reports of violations. For example, let’s say you have a private conversation on Facebook. If another person reports harassment or other violation to you, Facebook will consider the conversion.
The only way to stop it: end-to-end encryption
All of this is due to the way the internet works. Despite all the talk about «encrypting» protecting your data, data is typically only encrypted when it’s in transit between your devices and company servers. Of course, the data can be stored in encrypted form on the servers of this company, but in such a way that the company can access it. After all, the company needs to decrypt the data in order to send it to you.
The only way to prevent this is to use end-to-end encryption or client-side encryption. This means that the software you use will encrypt the data on the devices you use, storing only the encrypted data on the company’s servers so that the company cannot access it. Your data will be yours.
But it’s less convenient in many ways. Services like Google Photos would not be possible because they couldn’t automatically perform tasks on your photos on the company’s servers. Companies will not be able to «deduplicate» data and will have to invest more money in storage. For voice assistants, all processing must happen locally and companies cannot use voice data to better train their assistants.
If you lose your encryption key, you will no longer be able to access your data — after all, if the company can give you access to your files again, that means the company can access your files in the first place.
RELATED:Why Most Web Services Don’t Use End-to-End Encryption