Amazon Echo, and Alexa’s little sister Echo Dot, topped many holiday gift wish lists in 2016. Since its debut two years ago, Amazon Echo sales exceeded 5.1 million units. Now that holiday decorations are put away and Alexa has been in recipients’ homes for a while, many people are finding out that the convenience may come with a cost to their privacy.
How it Works
Amazon launched the first of its product line last year: voice-activated, Bluetooth-enabled speakers that respond to users’ commands. Akin to iPhone’s Siri, Echo users interact with a “personal assistant” named Alexa and can command Alexa to do a wide range of actions. Amazon says the speaker is activated at the sound of the assistant’s name. Users say, “Alexa…” and the device wakes up, indicated by a blue ring of light, and starts taking commands. Echo and Dot can do many things such as turn lights off and on, play music, answer questions, track packages, read audiobooks, check the weather, order Amazon Prime products, hail an Uber ride, and even place pizza delivery orders.
But how does the device hear users say “Alexa” if it’s not listening all the time? Users’ commands are stored in the cloud, so who has access to the audio files and how long are they accessible? Is all audio, not just commands, being recorded and stored?
People have the greatest expectation of privacy in their homes more so than any other location. Once users invite Alexa inside, all of that changes. The device captures and processes audio from anywhere its seven (yes, seven) microphones pick up. Audio files are stored in the Cloud until if and when the account holder individually or mass deletes the files. There is also an option to manually turn the microphones off when Alexa’s services are not needed. But what if someone other than the account holder wants access to a home’s audio?
The Prosecution Calls Alexa to the Stand
Homicide investigators in Bentonville, Arkansas looked to Alexa to solve a murder case in November 2016. Police obtained James Bates’s Amazon Echo as evidence in the murder of his coworker. Victor Collins was found dead in Bates’s hot tub, and police believe Alexa heard the whole thing. Someone at Bates’s home before Collins’s death recalled hearing music played through Bates’s Echo that evening. Authorities asked Amazon to release audio of what happened, and Amazon provided some data such as Bates’s account and purchasing information. But the company refused to release audio files without being served a legal demand. Prosecutors requested the Echo recordings multiple times, but Amazon refused to comply without a search warrant. CCSK Guide will keep an eye on how this plays out and post a future update.
Echo and Dot provide convenience. Users with disabilities have new-found independence thanks to using Amazon’s technology. Users report ease making grocery lists and comfort walking into a well-lit room. But is Alexa a little too helpful? Do users understand that more than commands may be stored in the Cloud? Arkansas police are hoping to solve a murder using audio recorded by an Amazon Echo at the scene. Amazon only released account data, and is refusing to provide audio recordings without a search warrant. As people bring this kind of technology into their homes and bedrooms, places with the highest expectation of privacy, laws and regulations must keep pace.
CCSK Exam Preparation
In preparation for the Certificate of Cloud Security Knowledge (CCSK), a security professional should be comfortable with topics related to this post, including:
- Legal Issues: Contracts and Electronic Discovery (Domain 3)