Read more.Quote:
'Alexa' might have overheard some plotting or skulduggery - but Amazon won't help.
Printable View
Read more.Quote:
'Alexa' might have overheard some plotting or skulduggery - but Amazon won't help.
I'm not surprised Amazon are being hard-nosed about this, and I'd be rather surprised if they didn't fight this all the way.
After all, so far they (and other tech companies) have been VERY coy about exactly what they do record, and store, and in what detail and for how long, let alone why they do so and what they use it for. It seems to me that the notion of detailed recordings of what goes on in our homes, and very possibly in intimate areas of our homes, could be the kiss of death to these products.
I'd be VERY surprised if Amazon, or any simikar company, wanted to start getting into details of what they store, and why they store it.
After all, if I ask Alexa to play ABBAs 10 greatest hits, it's bad enough that Amazon record and retain that request at all, beyond the time needed to fulfil the instruction, but if it turns out they retain voice recordings for protracted periods ..... ?
This whole area is a PR and privacy rights minefield, but what was certain, as certain as night follows day, is that once these devices started shipping, sooner or later this situation was going to crop up, and Amazon pretty much have to fight it tooth and claw.
Besides, if the party line (as with MS Kinect) is that until you get Alexa's (or Kinect, etc) attention with "hey Alexa" it shouldn't be recording ANYTHING .... should it?
Or does it?
It's listening all of the time, so hacked or authority cooperating, sound could be being captured.
I wouldn't put it past Amazon Echo or Google Home to permanently listen in and capture to improve their marketing data.
Remove all doubt and just get the Chinese Ling Long Ding Dong.
That would be easy to test though, just by using a packet sniffer on the network the echo or dot is connected to, so if it was recording everything, its a fair chance that would have been detected by now.
That said, Im pretty sure Amazon - just as Google stores search requests - Amazon will store and analyse voce requests for targeted marketing purposes, as they do for searches on their website.
I didn't realise people were so lazy just to press a button. People need to get off their bums(if they can) not find more creative ways of sitting down.
we just got an echo. It's rubbish. Drops wifi all the time - paritcularly if you mute the mic for a long period. Suggests to me it isn't sending everything you do to amazon when it's muted, otherwise it would be preserving the wifi link.
There's problems with doing that though, what's being transmitted is probably encrypted so it's all but impossible to know what that encrypted data contains, theoretically it could be recording more than what it's meant to and only transmitting that captured data once activated, basically it's difficult, if not impossible, to know the data being sent is only what should be sent and not embedded with what shouldn't.
That the police have said they've managed to pull data off the speaker seems to indicate the Echo is storing data locally.
The content might be encrypted, but the address headers won't be so the addresses will be visible, but you could just play music and see if the traffic out increases.
From a practical point of view, considering how many echo/dot devices there must be, processing and storing continuous streams of data would not be a trivial task.
The possibility of switching on a specific device remains a possibility of course, but if you are in a situation where you may not want to run that risk, there is always the power plug option.
But the same concerns exist for mobile phones (unless you have a removable battery) and any other device with a camera or microphone, or location determining capability.
The address header wouldn't tell you much other than it belongs to Amazon, that's expected behavior in this situation but it doesn't tell you if what's being sent contains extraneous data.
Don't get me wrong I'm not saying Amazon is in cahoots with the NSA/GCHQ or that they're listening to everything everyone says within earshot of an Echo, however I'm also saying it's not impossible and there'd be no way of knowing if they were.
The processing and storing continuous streams of data although not trivial is certainly within the capabilities of a company running their own cloud storage facility.
I have 2 dots, when I got my first one I sat and watched the network traffic to it and until you say the 'wake' word nothing is sent to AWS. If you look at the teardowns it has 4gb of memory on board and thats it, I doubt it can record much at all.
That was my point, you might not know what was in the packet, but you could detect the additional traffic. Basic traffic analysis technique.
And depending on the type of agreement you have with your isp, if you streaming everything, there is a risk of alerting the isp or maxing out your data transfer limit (although my isp offers unlimited uploads, so I guess my secret life is vulnerable :) )
That would depend on precisely how it operates, though. Presumably, it's sending actual requests in real time, so as to respond in real time.
But if Alexa isn't being "addressed", it could still be buffering, or buffering and compressing, then sending data in some kind of burst mode on a schedule, or when bandwidth usage is low. It could be stripping out identifiable words via speech recognition and sending those immediately for processing, but buffering, compressing, encrypting the rest for later. It's not necessarily insidious either. It could be transmitting some or all background noise, stuff that wasn't immediately understood, for research purposes to enhance the recognition process. That, certainly, wouldn't need to be transmitted real-time.
But for the police to be wanting "data" as evidence in a murder, the inference is that they believe something relevant has been, or could have been, recorded and transmitted. If Amazon don't have any data which "could" be relevant, they presumably could have simply replied that such potentially illuminating data doesn't exist. But if it does exist, they cannot say that without risking serious repercussions if they lied about it.
They can, however, refuse to comply short of legitimate legal necessity, like a court order, and can refuse to even inspect such data as they hold to see IF anything is relevant.
A simple packet sniffer won't tell you anything relevant, even in terms of volumes, unless anything recorded is always transmitted real-time. Do we know if it is?
Besides, what Amazon (etc) are defending us the principle that user data will ever be given up, short of a valid legal requirement to stump it up. It's a PR position, because anything less undermines the entire product philosophy.
Amazon isn't the interesting part of this story.
The "smart" water meter records are.
sorry double post
The speech recognition is (I think) done remotely anyway, so all data would need to be uploaded, and even compressing and encrypting data would should up in traffic analysis, unless it sent empty packets to give a continuous packet stream to hide when it was sending real data - which would again be detectable. So hiding that would be technically challenging, and I'm sure that that analysis has been done.
As you say, the real point is the protection of data. A secondary point - which is true of all IoT is the security of the device, and the risk of the device being hacked and used as a bot, or other nefarious purpose, or Amazon's servers being hacked and used to download malware to the device.