Voice Activated Devices and Family Privacy

How to remain private and secure with devices that "listen."

Architect talking on cell phone speaker at whiteboard
Hero Images / Getty Images

There is a growing trend of people not only talking via their phones, but to them using voice commands. And phones aren't the only devices that want to hear what you have to say. There are thermostats, TVs, computers, cars, toys, and more. Voice recognition is a huge trend that isn't going anywhere. But what are the implications of all this chatter with Siri, Cortana, Alexa, and their friends? 

How Voice Recognition Works

Most devices with voice recognition are constantly listening for a defined trigger word.

In some cases, you can define your own word or phrase. When the device "hears" the word or phrase, it begins recording - and transmitting - your language to an online server. The server combs your language for other commands it recognizes and then transmits that information back to your device to act on. 

Privacy Concerns

Privacy concerns are pretty straightforward, but they fall into two camps. The first is the idea that your devices are "always listening" and possibly transmitting private conversations onto the web. This is a possibility with some devices, but most do not listen unless specifically called on to do so. Always check the directions to find out how and when a device will capture your voice. Also, look for devices that have an indicator to show they are listening. The second concern, which is valid across most of these devices, is what is happening with the information that is captured.

is it being stored? By whom and for how long? Who has access to it and why? These are all important questions that should be answered in the Privacy Policy for the device and/or its service. Some companies may not store the information at all, using it to provide the service and then dumping it. This is rare, because most companies at the very least use the data to enhance their services.

If you have a radio that requires you to say "Play X song," the company may find that people are actually saying, "I want to listen to X song." They would then change the software to respond to both sets of commands. This is valuable for them and often helpful for consumers, too. But if it captures more than what you want it to, or is easily triggered by accident (perhaps someone in your family has a name that sounds similar to the trigger word), now you have private conversations being recorded and transmitted elsewhere. In some cases, as you can see below, the intent is to capture those private conversations in the first place. 

Security Concerns

Much like other online devices, there are security concerns the moment you connect to the Internet. In this case, there's the chance that the data that is sent for processing into the cloud might be compromised. While this is the more likely scenario, most of the data will be trivial at best since the devices are only recording short snippets of conversation. The bigger threat is that the platform itself is hacked and the microphone stays on, recording all of your private conversations without your knowledge. It may sound far-fetched, but it is a definite possibility for an Internet-connected device.

 

When Voice Recognition Becomes a Problem

In 2015, Mattel released "Hello Barbie" a doll designed to "listen" and "respond" to young girls. Hello Barbie uses voice recognition to capture what kids are saying, transcript it, and respond to it. ToyTalk, the company behind the voice capabilities of the toy has a Privacy Policy (as of publication, the policy is out-of-date) which spells out how information may be used, but also serves to highlight some of the concerns about the technology. Hello Barbie engages in conversations with a child, asking personal questions, and replying to the responses. These conversations are recorded, possibly without the child's knowledge or consent, passed through multiple third-party vendors, and eventually transcripted. The voice recordings are available to parents who may have the option to share them out via social media.

The transcripts may also be provided to Mattel. So you've got a young girl baring her soul to her doll in a private conversation, who has no idea that this may be seen by countless people, including her parents. This data is stored in connection to the account created by the parents and is tied to their email address. In addition to the many hands the recordings pass through, they are then vulnerable to a hack, much like the VTech hack that exposed personally identifiable information of more than 6 million children. While ToyTalk claims that they will remove personally identifiable information where found, it seems highly unlikely, and there is no way to confirm that this is actually happening. 

Making a Choice About Voice Recognition

There is a lot of convenience in voice recognition devices, and they have some great benefits for those with certain kinds of disabilities or who are ill or bed-ridden. It's important to weigh the risks against the benefits for your family, especially with young children who won't understand how everything works. Here are a few tips for staying safe when voice-activated devices enter your home:

  • Read the Privacy Policy and make sure you understand it and are comfortable with what it says.
  • Know the product. Make sure you know how and when it will be recording.
  • Place the product in an appropriate location for your family. Keeping the devices in the more public rooms of the house helps minimize a sense of complete privacy and may help keep you more aware of how the device responds to your voice.

Just these few steps can go a long way to protecting your family from privacy invasion due to voice activated devices.