Police want to probe Amazon Echo, as a murder 'witness'

Quote:

---

Originally Posted by peterb

The speech recognition is (I think) done remotely anyway, so all data would need to be uploaded, and even compressing and encrypting data would should up in traffic analysis, unless it sent empty packets to give a continuous packet stream to hide when it was sending real data - which would again be detectable. So hiding that would be technically challenging, and I'm sure that that analysis has been done.

As you say, the real point is the protection of data. A secondary point - which is true of all IoT is the security of the device, and the risk of the device being hacked and used as a bot, or other nefarious purpose, or Amazon's servers being hacked and used to download malware to the device.

---

I still don't see how we can be sure what it's doing.

Suppose, for argument's sake, all voice-recog is done remotely. So, any time Alexa is queried, there'll be a datastream. Unless that entire stream is in clear, or we know what compression is being used and can uncompress to check content, all we'll know is that data is being transmitted, and how much.

But that datastream might, for argument's sake, contain two elements :-

1) Live data for analysis and reaction
2) Buffered data for storage and ...., whatever.

And if it's encrypted, which if it's potentially private material, I sure hope it is encrypted, we stand next to no chance of kniwing what's in it.

For instance, someone asks Alexa for a dictionary lookup while someone else is talking to their bank, or doctor, or wharever. Part, or all, of those conversation might be getting recorded, stored and analysed. Or maybe a murder is.

Thing is .... we don't know. And that was also one of my main objections to built-in Kinect on XBOne. On the 360, when it could be physically disconnected when not in use, fair enough. But 'always on'? Hell, no.

Quote:

---

Originally Posted by MaddAussie

I have 2 dots, when I got my first one I sat and watched the network traffic to it and until you say the 'wake' word nothing is sent to AWS. If you look at the teardowns it has 4gb of memory on board and thats it, I doubt it can record much at all.

---

4gb seems an awful lot for whats essentially a computer terminal connected to a mainframe, a 3 hours audio book is around 150mb uncompressed, compressed that drops to around 50mb.

Quote:

---

Originally Posted by peterb

That was my point, you might not know what was in the packet, but you could detect the additional traffic. Basic traffic analysis technique.

---

But there's no way to distinguish between what could be extraneous data and normal data, for example when someone issues the "Alexa" command it sends their request to Amazon, however when does that command end, is it within 1sec of when the person stops speaking, 5sec, 10, 30? The same could be said (although less likely) of audio recorded before the "Alexa" command is issued, maybe it sends the last 1, 2, or 5 minutes of audio so Amazon can improve their voice recognition.

Just to reiterate I'm not saying this would be for nefarious reasons or that Amazon are up to no good, however the road to hell is paved with good intentions.

Amazon's own T&Cs state some of the audio before the command is transmitted.

Quote:

---

Originally Posted by aniilv

... The interesting bit, indeed, is, how did they get smart meter records. I mean its obvious how. But how come, when amazon can just say no.

---

If data protection law in the US is anything like it is here, there'll be an exclusion allowing data controllers to disclose personal data under particular circumstances. In the UK, the "prevention or detection of crime" is one of those circumstances, so if a police officer asks a UK data controller for personal information for the purpose of identifying a criminal, they may provide them with that data without breaching the data protection act.

The key word there is may; you're under no obligation to provide the data at that point. I guess the point here is that you'd expect the smart meter to be recording how much water you use; you might not be expecting Amazon to be recording every word you say....

Quote:

---

Originally Posted by ik9000

Amazon's own T&Cs state some of the audio before the command is transmitted.

---

Yes, but it's supposed to be tiny, like 0.5s or somesuch. It then transmits until it determines the command datastream is completed. But how long is that? By definition, it'll vary.

Also, as Alexa is not 100% reliable at identifying the 'wake' command, SOME false wake commands are detected, and a datastream commences.

Even in these limited instances, unknown data with unknown content is being sent from user's homes and, apparently, cloud-stored by Amazon. Which begs the questions .... why, for how long, and what's it used for?

Also, we now have a Windows system where MS can remotely reprogram your PC, changing, adding or deleting functionality via mandatiry updates. What's to stop Amazon doing the same, and "enhancing" the criteria on which they collect audiostreams from user's homes?

You can enable a tones that sound when the device wakes up, and then again when the data stream ends.

But the real deterrent is the bad publicity that would result when any departure from the published T&C was detected. The T&Cs for the Alexa service and the privacy policy are comprehensive. There is a risk in that third party applications that use the Alexa service fail to protect data to the same extent as Amazon.

BBC updated us on this story today:
"Amazon is continuing to resist efforts by prosecutors in a US murder case to obtain recordings from one of its Echo smart speakers."

Quote:

---

Originally Posted by peterb

You can enable a tones that sound when the device wakes up, and then again when the data stream ends.

But the real deterrent is the bad publicity that would result when any departure from the published T&C was detected. The T&Cs for the Alexa service and the privacy policy are comprehensive. There is a risk in that third party applications that use the Alexa service fail to protect data to the same extent as Amazon.

---

Well, some extremely bad publicity will result if Amazon complies with it's T&C's and releases data recorded in response to a search warrant, because if a legally valid warrant is served, and Amazon can't get it quashed, they will have to release data.

We then WILL be in the position of any Echo owner simply not knowing what has been recorded by Echo, transmitted and stored, or for how long, and under what circumstances a search warrant might be honoured.

For a start, anyone called, or with a partner called, Alex might want to move it out of the bedroom ...


"Oooh, Alex .... aaah". ;) :D

Quote:

---

Originally Posted by Saracen

Well, some extremely bad publicity will result if Amazon complies with it's T&C's and releases data recorded in response to a search warrant, because if a legally valid warrant is served, and Amazon can't get it quashed, they will have to release data.

We then WILL be in the position of any Echo owner simply not knowing what has been recorded by Echo, transmitted and stored, or for how long, and under what circumstances a search warrant might be honoured.

For a start, anyone called, or with a partner called, Alex might want to move it out of the bedroom ...


"Oooh, Alex .... aaah". ;) :D

---

I wouldn't worry. If it's like ours it will loose connection every couple of minutes, spend ages rebooting and not reconnect to the web for half an hour + requiring a manual turn-off/on at the wall and occassional reentry of wireless settings. The thing is rubbish. Seriously considering sending it back. All they'd get out of ours would be "Alexa what is the...." BONG "I'm sorry I'm having trouble connecting to the internet right now" "Oh FFS, you useless piece of sh...." <click, reboot,> "Alexa..." BONG "I'm sorry I'm having trouble connecting to the internet right now...." etc etc