2018 ain't done yet... Amazon sent Alexa recordings of man and girlfriend to stranger
Just human error, internet giant shrugs after GDPR request went wrong. No sh!t, Sherlock
A German man was very confused when he received, at his request, all the information that Amazon possessed on him.
He had requested the data dump through Europe's GDPR privacy law, and among the records of his Amazon searches and purchases, he was surprised to find no less than 1,700 recordings of him using Amazon's Alexa-powered Echo digital assistant. Surprised because he doesn't own an Echo. And the voice on the recordings wasn't his.
That's right: Amazon had sent him the entire recording set of a complete stranger. He alerted the US tech titan, which didn’t respond but did delete the link to the file download. However, the guy already had the files, and went to our friends at German news outlet Heise. It was able to quickly track down [PDF] the bloke actually speaking, and the name of his girlfriend, thanks to the details on the recordings. Which is, let's be honest, not exactly comforting. It also means Alexa is keeping a recording of all your queries.
The fella who owned the voice-controlled Echo confirmed it was him on the tapes, and we're told he was "audibly shocked" on the phone to journalists when they broke the news.
Despite knowing that it must have sent a customer's home recordings to a complete stranger, Amazon didn’t contact the snooped-on bloke, raising further questions over what systems the Silicon Valley biz has put in place to deal with voice recordings snafus.
The audio samples themselves were what you would expect: requests for specific music, queries about the weather, public transport, setting alarms, and so on. But they revealed a lot about the man without him having any idea that complete strangers were listening in.
Of course, Amazon responded by immediately apologizing, outlining exactly what had happened, and explained what steps it would put in place to make sure such a thing never happened again.
Gotcha. Of course it didn't. It told c't magazine that it was just an "unfortunate mishap" that had since been resolved to everyone's satisfaction.
You know that silly fear about Alexa recording everything and leaking it online? It just happenedREAD MORE
And so the magazine called back the Echo-owning bloke, and it turned out that Amazon only called him after the mag had prodded the web giant's PR department, ie: Amazon didn't actively reach out. It told him that his voice files had inadvertently been sent to the wrong person – something that Amazon claimed, wrongly, that it had discovered.
When Reuters subsequently followed up, and asked Amazon again what had happened, it gave the same line: "This unfortunate case was the result of a human error and an isolated single case," an spokesperson told the news service, adding: "We resolved the issue with the two customers involved and took measures to further optimize our processes. As a precautionary measure we contacted the relevant authorities."
And when we reached out today, we got the exact same response: "This was an unfortunate case of human error and an isolated incident. We have resolved the issue with the two customers involved and have taken steps to further improve our processes. We were also in touch on a precautionary basis with the relevant regulatory authorities."
So that's all very reassuring and you should continue using your Alexa without thinking too hard about any of this. It's all fine. Absolutely fine. ®
Sponsored: Becoming a Pragmatic Security Leader