back to article Amazon's bugging of homes has German boffins worried that Alexa may be an outlaw

The German parliament has been warned by its official eggheads that Amazon's Alexa digital assistant may not be legal – because it stores voice recordings and overhears things it is not supposed to. The Scientific Services of the German Bundestag was asked to take a look at how Alexa works and how the device fits within the …

  1. sabroni Silver badge

    users can delete recordings themselves by accessing recordings through an app or browser.

    So if your Alexa accidentally records me while I'm round your house Amazon will let me browse the recordings stored on your device so I can delete myself?

    That can only work if everyone has access to all Alexa recordings. How can I tell where I've been "accidentally" recorded?

    1. Dan 55 Silver badge
      Trollface

      Re: users can delete recordings themselves by accessing recordings through an app or browser.

      To improve your privacy experience, simply open an account with Amazon if you haven't already, opt in to the exclusive 'Alexa Anywhere' feature by purchasing Prime, register your voiceprint with Amazon, register your friends' e-mail addresses and phone numbers, and use the control panel to manage your Alexa Anywhere recordings (which won't feature a delete option, just a 'hide from me' option labelled 'delete').

      1. Anonymous Coward
        Anonymous Coward

        Re: users can delete recordings themselves by accessing recordings through an app or browser.

        So you have to tell Amazon who your friends are? That's tip-toeing up to the Facebook creep zone right there.

        Requiring Prime stinks too.

        1. Dan 55 Silver badge

          Re: users can delete recordings themselves by accessing recordings through an app or browser.

          It was intended as a joke but I guess things are so bad that people are ready to believe it.

          1. Doctor Syntax Silver badge

            Re: users can delete recordings themselves by accessing recordings through an app or browser.

            Yup. I decides it was a joke but only by a majority verdict. Next week it might not be.

          2. oiseau Silver badge
            Flame

            Re: users can delete recordings themselves by accessing recordings through an app or browser.

            ... things are so bad that people are ...

            Flocking in droves to get this utter POS installed in their homes.

            Because, man ...

            It's so cool!

            You can even order a pizza by just telling it to!

            Indeed ...

            That's the world we are living in these days.

            Absolutely riddled with brain dead idiots.

            O.

            1. DuncanLarge Silver badge

              Re: users can delete recordings themselves by accessing recordings through an app or browser.

              My parents have one in every room.

              They use them for playing music and setting cooking timers.

              At my house I use a cd player and a LCD timer I bought from maplin in the 90's that runs on 1 AAA battery for years.

              When I'm at my parents I dont talk much :D

              1. Paul Crawford Silver badge

                Re: users can delete recordings themselves by accessing recordings through an app or browser.

                Really, if such devices are around then it is your duty to wonder aloud where the local dogging places are, if the monstrous "fist of fury" dildo is back in stock, if $MP is really a lizard, etc, etc,...

          3. nagyeger

            Re: users can delete recordings themselves by accessing recordings through an app or browser.

            It's a product idea. Does that mean you can patent it?

      2. Snowy Silver badge
        Joke

        Re: users can delete recordings themselves by accessing recordings through an app or browser.

        Nice joke even if it did sounds how they would do it.

        If you want people to see it as a joke maybe use the joke icon, or did you mean to troll (but not in some nasty bad way) in which case carry on :)

      3. IGotOut

        Re: users can delete recordings themselves by accessing recordings through an app or browser.

        @Dan 55

        It's a joke, but isn't that pretty much how Google operates? Don't want to be tracked and want to delete your history, give information we may not have and that will help us, sorry you, even more

      4. eldakka Silver badge

        Re: users can delete recordings themselves by accessing recordings through an app or browser.

        register your friends' e-mail addresses and phone numbers

        With the 'optional' opt-out (if you can find it, we've hidden it very well) Facebook integration you don't even have to register your friends details, they are already linked to you!

    2. Anonymous Coward
      Anonymous Coward

      Re: users can delete recordings themselves by accessing recordings through an app or browser.

      You can probably click a button that says "Delete" and that will stop the recording being listed in the future. But actually deleted? Perhaps not. How can you possibly be sure?

      You can't.

      The hardware is closed, the software is closed, the service is closed.

      So don't have one; ever.

    3. tfewster Silver badge
      Big Brother

      Re: users can delete recordings themselves by accessing recordings through an app or browser.

      > How can I tell where I've been "accidentally" recorded?

      Interesting question. If a home/property has CCTV, it's supposed to display a sign if it's likely to capture images of people outside your "private" space - UK ICO rules

      It seems like a case of "My house - my rules". So you should always check.

  2. PhilipJ

    a device which uses some cloud services to recognize the words you say can record stuff and store it somewhere on the internet?

    *surprised pikachu*

    1. John Brown (no body) Silver badge

      It does seem odd that none of these devices work anything like what we have come to expect, not just from SF&F but from current experience of other, earlier voice activated devices. Just how much more would it cost to stick an extra chip into an Alexa or similar which can recognise the "wake word" before opening the external cloudy connection?

      Even on Star Trek, they had to say "computer" and wait a for it to beep before asking their questions. My SatNav also works like that. My ancient Nokia phone required a button press on the headset. My current crappy mid-range Kia car will respond to voice commands when I press a button on the steering wheel, making a noise to let me know it's now listening. None of this requires always-on active listening by remote cloudy computing resources, let alone storing, long term, what they hear.

      1. Ben Tasker Silver badge

        > Just how much more would it cost to stick an extra chip into an Alexa or similar which can recognise the "wake word" before opening the external cloudy connection?

        They do. It's just that it's shit at it's job so has a habit of hearing a wake-word that wasn't said.

        Just checkout what happened here - https://www.theregister.co.uk/2018/05/24/alexa_recording_couple/ - and the explanation:

        The Echo woke up due to a word in background conversation sounding like “Alexa.” Then, the subsequent conversation was heard as a “send message” request. At which point, Alexa said out loud “To whom?” At which point, the background conversation was interpreted as a name in the customers contact list. Alexa then asked out loud, “[contact name], right?” Alexa then interpreted background conversation as “right.” As unlikely as this string of events is, we are evaluating options to make this case even less likely.

        The couple in question were in another room talking about hardwood floors.

        I won't have one in my house. That's not likely to change any time in the forseeable future either.

        1. BebopWeBop Silver badge

          I've gone further and refused to go in anywhere that has one turned on.

      2. Brewster's Angle Grinder Silver badge

        "Gideon, forget I said that."

        Even on Star Trek, they had to say "computer"...

        A remake of Star Trek IV wouldn't have Scotty picking up a mouse and talking to it. Instead his confusion would arise out of not knowing the computer had to be addressed as "Alexa" (or whichever company had paid for the product placement).

        Personally, I plan to take a leaf out of Blake's 7's book and call my computer Slave.

      3. M.V. Lipvig

        On Star Trek, that was only to get the computer to respond to you. In reality, it was recording A/V in every room, even the Captain's personal bedroom. There were episodes where they needed to see what happened in a specific room, and bang, there it was.

  3. Pascal Monett Silver badge

    "the country takes the issue very seriously"

    As well should we all.

    We are, as usual, firmly in the space of "we did it because we technically can" and nobody thought of any other possible consequences. The mute button ? Technical cop-out, lame excuse and I would be extremely surprised if Alexa owners have actually touched that thing more than once to see if it works.

    This is going to be a nightmare to navigate. Privacy's importance is on the rise in the public eye, and Alexa and privacy are basically two things that don't go together. Sure, if you bought it then it can be argued that you accept, but your guests did not and that is the issue. An issue for which there is no solution as far as I can see. Recording everything and sending it to the server to check if it can be kept is not likely to be an acceptable solution, you're still being recorded.

    Actually, there is one solution : turn the mute button into a record button, and only record when pressing the button. But then you'll have the Alexa fans that will complain that it kills convenience.

    1. Anonymous Coward
      Anonymous Coward

      Re: "the country takes the issue very seriously"

      But then you'll have the Alexa fans that will complain that it kills convenience.

      Kills laziness, more likely. With the exception of some infirm/disabled groups.

      1. LDS Silver badge
        Coat

        "Alexa fans that will complain"

        Give them a brooch to attach to their chest, which trills when you touch it and activates the recording...

      2. John Robson Silver badge

        Re: "the country takes the issue very seriously"

        "Kills laziness, more likely. With the exception of some infirm/disabled groups."

        And that is a KEY market IMHO.

        If you are disabled then the voice only pattern makes sense... Though there is no reason not have a notification beep - or better still a configurable 'wake phrase'.

        The other highly convenient time is in the kitchen... I don't want to have to press a button when I'm up to my elbows in gizzards, offal, or even just dough, batter or icing sugar.

        The ability to set a timer "cleanly" is quite nice - but it clearly doesn't require any cloud services.

        How hard can voice recognition be ;)

        1. The Nazz Silver badge

          Re: "the country takes the issue very seriously"

          Actually, very difficult if that persons disability* is being unable to speak, being mute.

          *I prefer the term less-abled myself.

    2. Trenjeska
      Big Brother

      Re: "the country takes the issue very seriously"

      The other solution would be to make it mandatory that all services like this ALWAYS and ONLY work "on premises"

      all voice processed and stored locally

      all decisions done locally

      all home automation like tasks completed locally

      then maybe fetch a text-only search result from an external service

      1. Dan 55 Silver badge
      2. Hans 1 Silver badge

        Re: "the country takes the issue very seriously"

        all voice processed and stored locally

        THAT IS precisely what cloudy supercomputers are supposed to do hence why the data is being uploaded, or so we are told.

        1. Trenjeska

          Re: "the country takes the issue very seriously"

          I know right? So they have to do better now and uncloud that part.

        2. Doctor Syntax Silver badge

          Re: "the country takes the issue very seriously"

          "hence why the data is being uploaded"

          And yet it's possible for the mobile phone in my car to have its voice commands processed locally. How old is this advanced tech? Well, I remember a mobile phone with voice control being launched in 1986 (Topaz in the old BT Mobile catalogue).

      3. Reg Reader 1

        Re: "the country takes the issue very seriously"

        That and a few other comments present possible fixes, but the problem is that all of these companies have already proven that they cannot be trusted.

      4. Mike 137 Bronze badge

        Re: "the country takes the issue very seriously"

        Unfortunately, there's no money in that

    3. Doctor Syntax Silver badge

      Re: "the country takes the issue very seriously"

      "Actually, there is one solution"

      There's another which was John Brown's solution above. Give an audible warning when it starts live. And let's not stint, a nice flashing red light as well. It should be possible to do this locally but even if it isn't, all input when it's not live is sampled for wake-up detection and then goes straight to /dev/null.

    4. Cuddles Silver badge

      Re: "the country takes the issue very seriously"

      "We are, as usual, firmly in the space of "we did it because we technically can" and nobody thought of any other possible consequences."

      The bigger problem is that we're actually not, but rather in the space of "we tried to do it because we almost technically can". If Alexa, and similar shit, were actually reliable and only activated when actually told to, they would be much less of an issue. Fully functional, local processing that only transmits interpreted commands and not actual voice data would solve almost all the privacy problems. It's only because they're all utterly incompetent at actually recognising and interpreting speech that they need to constantly record private conversations and save it all for Amazon's employees to listen to later. It's similar to the issues with self-driving cars - the ideal situation with everything working perfectly isn't so bad, it's the half-arsed implementation that doesn't actually work properly that causes problems.

    5. Mike 137 Bronze badge

      "your guests did not and that is the issue"

      This problem is much older and much more widespread than "alexa".

      If you use a "free" email service such as (just for example) gmail, your emails may be content scanned for ad placement, but so will the emails of anyone who replies to you, so you're forcing them to have their privacy breached without the option of control.

      Never conduct business or private discussions on "free" email services.

  4. Chris G Silver badge

    Alexa

    " Iniate global self destruct, Now!"

    1. Steve Davies 3 Silver badge

      Re: Alexa

      "Oh, and Alexa, please take down all of AMAZON.COM while you are at it."

      "Delete of Amazon.com added to my action l..... {no carrier}"

      One can dream can't you eh?

      In the meantime all of this

      "spy kit that we have to pay for so that it can spy on us" {That' an oxymoron if ever there was one...}

      is banned from my network and all the domains and IP's blocked at my firewall.

      1. John Robson Silver badge

        Re: Alexa

        "is banned from my network and all the domains and IP's blocked at my firewall."

        So you can't talk to any services that use AWS, GCloud, Apple or Azure.

        That must be quite challenging actually...

  5. Hans 1 Silver badge
    FAIL

    Mielke's wet dream

    Alexa is just as illegal as Cortana and Siri.

    This whole story is Mielke's wet dream, not only do citizens ACCEPT being under surveillance, they happily PAY FOR THE SURVEILLANCE INFRASTRUCTURE ...

    Beyond stupid, and as was said above ... how do I know the person I am about to visit has an Alexa, Cortana or Siri device that will be listening on me ?

    In which parallel universe could Amazon, Microsoft, Apple claim to have MY approval to record MY voice ? Listen-in, guyz, you do not - I will never grant you that, you nosy pieces of feces.

    Why has this circus not been banned, yet ?

    1. BebopWeBop Silver badge
      Pirate

      Re: Mielke's wet dream

      I find that the idiots who have one are proud to show it off. It either gets turned off or I leave!

    2. Mike 137 Bronze badge

      Why has this circus not been banned, yet ?

      Because:

      [1] the international tech giants can afford to buy the law, or at least to exhaust the resources of any complainant in court

      [2] folks in our "western" cultures are satiated, and thus demand ever more and newer (of whatever)

      [3] the international tech giants (just like the gaming "industry") employ excellent psychologists to devise ways to hook the public

      [4] the only economic entry point if you want to be at the top of the commercial tree is now subscription-based "services" rather than hardware or perpetual licenses, which are already often a loss leader

      [5] the big money is in advertising and marketing, which requires acquisition of ever more numerous and increasingly detailed detailed demographics

      One can, of course, just sidestep all this regardless of its legality, by not participating. However that might involve some "sacrifices" such as not buying the kit or signing up to the services or to "social" media. and not responding to messages from users of gmail or its equivalents. It might also prove necessary to raise formal objections whenever the opportunity arises, which takes effort and determination.

  6. Julz Bronze badge
    Trollface

    Convenience v Surveillance

    I guess all you folks use cash or barter to pay for everything and don't have a bank account, credit cards or worse, any loyalty card, or use any other electronic funds transfer mechanisms, because otherwise you can be tracked.

    1. Teiwaz Silver badge

      Re: Convenience v Surveillance

      I guess all you folks use cash or barter

      Might come to that, if and when my credit card starts listening to me and beaming it all back to the Bank (or Facebook/Amazon - for when the ultimate path of leaning toward convenience is reached, and Amazon is the only commerce, and Facebook can no longer be separated from civilisation*)

      * It'll be sixteen years in the gulag** for ignoring a friend suggestion - the cattle will mix

      ** LinkedIn.

      1. Doctor Syntax Silver badge

        Re: Convenience v Surveillance

        "my credit card"

        If your credit card does this you can avoid it. What about someone else's credit card when you happen to be talking to them? How do you, or more to the point, Julz, deal with that?

    2. LDS Silver badge

      Re: Convenience v Surveillance

      Banks are far more regulated than Amazon, Google & C. What they can do with the customers data they gather is - especially in Europe - quite limited (and, sure, they would like to monetize it too). Swiss and Caribbean banks made a business of "impenetrable" privacy (which I guess looks very appealing to Amazon and Google executives, quite ironically....)

      Loyalty cards are a tracking device, and you can easily do without.

    3. Anonymous Coward
      Anonymous Coward

      Re: Convenience v Surveillance

      "I guess all you folks use cash or barter to pay for everything"

      Of course not, that would look really suspicious if anyone ever did a background check on me. You want a nice steady, statistically average, set of transaction in your bank account. That way you can just blend into the herd.

      Anon for obvious reasons.

    4. NATTtrash
      Facepalm

      Re: Convenience v Surveillance

      Nah, I just think that a country like Germany knows what its talking about, genuinely learned from its past experiences, and (helped by the then governing Allied powers) has provisions to prevent making the same mistakes. After all, the detailed registration and categorisation of all subjects in the 1930's, enabled and optimised by state-of-the-art equipment by the International Business Machines Corporation, has learned the German people that privacy prevents singling specific populations out up to the umpth generation and "transporting them out" to be "solved".

      They also experienced in their every day life that a mic in every house and a contingent of people listening whether you are still talking and behaving "within the guidance of the Great Leader™" isn't really that convenient at all.

      And to your point specifically: it isn't about being tracked, now is it? After all, get in your car, drive down the motorway and you will have achieved that. As the German experiences show, it's what you will be labelled as after the tracking. So, what stamp will you have in your passport? Smoker? Wife beater? Food pattern inviting extremism? Sexual deviant? Immigrant? Sub-level intelligence?

      1. Muscleguy Silver badge

        Re: Convenience v Surveillance

        Indeed, it wasn't just that everyone was registered, it was that their religious and racial affiliation was on the registration documents. So in such countries the authorities knew where every Jew was, where they lived, worked, who they were married to and how many children they had.

        I worry about the equality information you have to fill in for every job etc application really won't be linked to you and use for nefarious purposes. I am seriously considering just putting 'prefer not to say' to every question.

    5. Julz Bronze badge

      Re: Convenience v Surveillance

      Hum, distinct lack of irony detector function in many respondents despite troll icon. Poe is alive and well it seems.

  7. mark l 2 Silver badge

    Why are recording being kept by Amazon in the first place? if it accidentally records something because it thinks it hears the keyword, surely it should either respond back to whatever query it thinks its heard, or audibly say 'I didn't understand your query, please try again' and then delete the recording.

    If people want to actually use Alexa to record the conversations in the room using it like a Dictaphone then it could give a audible note of 'recording audio' before starting recording so people where aware it is actually recording.

    1. eldakka Silver badge

      Why are recording being kept by Amazon in the first place?

      I can think of two reasons:

      1) Any voice directive that results in some sort of financial transaction may want to be kept if there is a dispute over whether such a transaction was in fact requested. In this case, this is really the only type of audio that should be retained, and it should be deleted after a reasonable amount of time, say give the account holder a few months to have received their financial statement to have seen and thus initiated any charge dispute process, say 6 months.

      2) Training. One reason cloudy services are better at STT is that they have a bigger sample of voice commands to process, and have an army of people who can listen to the audio recordings and compare it to the STT services transcription to confirm accuracy or to update the STT with the correct translation. Also, the raw audio is available for other AI training systems. One of the things with AI (and voice recognition-type services) is that large data sets are needed to train them. And holding on to all this audio gives them the data sets to train their own AI research projects with, and to sell to other AI research projects (e.g. University projects) for their AI training. And also, as is increasingly the fashion, holding onto any and all data just in case it proves useful in the future for some unforeseen reason.

      IMO option 2 is not a legitimate - however convenient it is to have for AI training projects - reason to hold onto recordings. At time of audio being spoken into the assistant, the systems should decide whether the audio is one to be kept for random sampling (which should be a tiny percentage, <1%) to verify the STT service itself is accurate, and it should hold onto it for no more than 7 days before automatically deleting it whether it has been assessed or not.

  8. Anonymous Coward
    Anonymous Coward

    Didn't El Reg follow a project to nobble Alexa ?

    With some soldering ? Or was it to put a noise source over the microphone so it just hears white noise until YOU are ready ?

    Involving a Pi ?

    1. Doctor Syntax Silver badge

      Re: Didn't El Reg follow a project to nobble Alexa ?

      Nothing so sophisticated needed. A hammer will do just as well.

    2. Anonymous Coward
      Anonymous Coward

      Re: Didn't El Reg follow a project to nobble Alexa ?

      Yes, there's a 3d printable shroud housing a tiny speaker that plays noise to Alexa/Siri/Whoever and drowns out everything else until it hears your wake word at which point it shuts up and allows the sound through.

      google it!

    3. NATTtrash

      Re: Didn't El Reg follow a project to nobble Alexa ?

      Yes, it was by Bjørn Karmann, called Project Alias.

  9. Starace Silver badge
    Alert

    Sometimes mishears the "wake word"

    Sometimes!?

    If my experience is anything to go by it doesn't even need an actual word to trigger it, and if anything it's more likely to trigger accidentally that it is on purpose.

  10. Anonymous Coward
    Anonymous Coward

    I know a couple who have got one of these. When I asked why, they said "Because we had a voucher."

    They're very nice people, who have both held down steady jobs for decades. They each have a driving licence and are eliglble to vote in elections. And they're both as thick as pig shit

    1. Muscleguy Silver badge

      My wife, separated, has a BSc In CompSci and a BA in Maths and she has one. She says she has unclicked all the settings but I'm not sure she knows exactly how it works. She wants it to stream music for her. In which case it is far too well specced for that role but she doesn't want to stream her phone to some speakers for some reason.

      It means if I visit I will studiously avoid talking about anything serious including about the state of our non marriage. I'm constantly aware it's there when I visit. I might start saying 'Alexa delete the last five minutes' every five minutes. Hmmm, perhaps that should be the last 6 minutes every 5 minutes. No wriggle room.

  11. AlanDouglas

    I have one, and my son is called Alexander. TBH I don't really care how much of what I say is recorded, I think I'm about the only one that finds it interesting. Helps with getting appropriate tracking ads if nothing else.

  12. GBH

    Alex

    we also propose there is a male version -Alex- who, opposite to the female version, listens to everything, Alex does not listen at all

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019