Craig Lloyd

Everyone is talking about the Bloomberg report that Amazon employees listen to voice recordings created when you talk to Alexa. But Amazon is far from alone. Here’s how tech companies can — and look — at the personal data you upload.

From reading your notes to harassing minors

Evernote logo on phone
Sam Kresslein / Shutterstock

Let’s talk about some examples of Evernote employees talking about reading your private notes, and Google and Facebook employees harassing people.

  • Evernote has allowed its employees to read your personal «Improve Your Experience» notes due to a privacy policy change made in January 2017. Evernote changed its mind and promised that employees would ask for permission first after many users got frustrated. But this illustrates the problem — Evernote can easily grant access to its employees. And even if you share data with Evernote with the expectation that company policy will keep it secure, the company can change that policy at any time.
  • Google once fired a site reliability engineer for using his access to Google servers to spy on and spy on several minors, listen to their Google Voice call logs, access their chat logs, and unblock himself on one teenager’s friends list. Site Reliability Engineers have access to everything because they need it to do their jobs — and employees can become scammers and abuse that access, as this engineer did in 2010.
  • Facebook fired a security engineer who used his Facebook access to spy on several women online in 2018. Motherboard reported that other employees were fired for harassing their exes and other such creepy things.
  • We do not recommend giving apps access to your email. But, if you do that, in these apps, people can read your email, be it Gmail, Outlook.com, or any other email account. The Wall Street Journal reports that the human engineers who worked for some of the companies responsible for these applications sifted through hundreds of thousands of emails to train their algorithms.

This is not an exhaustive list. Facebook once had a bug where private photos were shared with app developers and your employer could read your private messages on Slack—in other words, they’re not as private. Even the NSA has reportedly had to fire people for using government surveillance systems to spy on their exes. And every company that has your data will turn it over to the government when the warrant arrives, just like Amazon did when Alexa overheard the double homicide.

The cloud is just someone else’s computer

When you use a service that uploads your data to the «cloud» service, it simply stores this data on the company’s servers. And that company can see the data if it wants to.

It’s simple enough, but reports of employees listening to our voice recordings are still shocking. Maybe we all assume that there is too much data and people couldn’t study it, or maybe we think there should be some kind of law that prevents tech companies from peering into these things. But, at least in the US, we are not aware of any law that could prevent companies from viewing this data — as long as they are honest about it, perhaps by disclosing this fact in a terms of service document that no one reads. ,

However, even with voice assistants, it’s not just Amazon. As Bloomberg himself says, even privacy-focused Apple has people listening to Siri recordings to help train the algorithms that make these voice assistants work. And Bloomberg says some Google reviewers are also listening to recordings made on Google Home devices.

Legitimate reasons why people might look at your data

Technician in server room
Gorodenkoff / Shutterstock

Leaving aside creepy stalkers and other people abusing their access, here are some good reasons why a company employee might need to verify your details:

The only way to stop it: end-to-end encryption

All of this is due to the way the internet works. Despite all the talk about «encrypting» protecting your data, data is typically only encrypted when it’s in transit between your devices and company servers. Of course, the data can be stored in encrypted form on the servers of this company, but in such a way that the company can access it. After all, the company needs to decrypt the data in order to send it to you.

The only way to prevent this is to use end-to-end encryption or client-side encryption. This means that the software you use will encrypt the data on the devices you use, storing only the encrypted data on the company’s servers so that the company cannot access it. Your data will be yours.

But it’s less convenient in many ways. Services like Google Photos would not be possible because they couldn’t automatically perform tasks on your photos on the company’s servers. Companies will not be able to «deduplicate» data and will have to invest more money in storage. For voice assistants, all processing must happen locally and companies cannot use voice data to better train their assistants.

If you lose your encryption key, you will no longer be able to access your data — after all, if the company can give you access to your files again, that means the company can access your files in the first place.

RELATED: Why Most Web Services Don’t Use End-to-End Encryption

Похожие записи