Two weeks after we finally got confirmation what everyone had known for so long, namely that an internal Amazon team numbering in the thousands was secretly listening in to Alexa users’ commands without their prior knowledge, Bloomberg reported that the same team also has access to location data and can easily find a customer’s home address.
Citing five (supposedly former) employees familiar with the program, Bloomberg writes that the covert "Alexa team", which is spread across three continents, and transcribes, annotates and analyzes a portion of the voice recordings picked up by Alexa, "to help Amazon’s digital voice assistant get better at understanding and responding to commands", also has access to Alexa users’ geographic coordinates and can easily type them into third-party mapping software and find home residences, according to the employees (who signed nondisclosure agreements barring them from speaking publicly about the program, which apparently did not prevent them from speaking off the record with Bloomberg).
And while there has yet to be any evidence that Amazon employees have attempted to track down individual users, two members of the Alexa team who seem to have grown a coscience, expressed concern that Amazon which is fast becoming the world's biggest monopoly across virtually every industry, was granting unnecessarily broad access to customer data that would make it easy to identify a device’s owner.
“Anytime someone is collecting where you are, that means it could go to someone else who could find you when you don’t want to be found,” said Lindsey Barrett, a staff attorney and teaching fellow at Georgetown Law’s Communications and Technology Clinic, who noted that location data is more sensitive than many other categories of user information. Widespread access to location data associated with Alexa user recordings “would set up a big red flag for me.”
What is more troubling is that Amazon appears to continue to lie when its spying ways were exposed: in an April 10 statement acknowledging the Alexa auditing program, Amazon said “employees do not have direct access to information that can identify the person or account as part of this workflow.”
Now that that was disproven, Amazon issued a new statement to Bloomberg, saying that “access to internal tools is highly controlled, and is only granted to a limited number of employees who require these tools to train and improve the service by processing an extremely small sample of interactions. Our policies strictly prohibit employee access to or use of customer data for any other reason, and we have a zero tolerance policy for abuse of our systems. We regularly audit employee access to internal tools and limit access whenever and wherever possible.”
Quite a change from "employees do not have access to information that can identify the person" and in less than 2 weeks at that...
What is even more troubling is that Amazon’s Alexa Data Services team, which manages and supervises the countless recordings of human speech and other data that helps train the voice software, numbers in the thousands of employees and contractors, spread across work sites from Boston to Romania and India. And while Amazon does not explicitly identify the user whom it is recording, it also collects location data so Alexa can more accurately answer requests, for example suggesting a local restaurant or giving the weather in nearby Ashland, Oregon, instead of distant Ashland, Michigan.
Message too long. Click here to view full text.