
Locked-down lawyers warned Alexa is hearing confidential calls - jrepinc
https://www.bloomberg.com/news/articles/2020-03-20/locked-down-lawyers-warned-alexa-is-hearing-confidential-calls
======
pdkl95
Alexa _et al_ are also normalizing "always on microphone that sends audio to a
remote business over the internet" _technology_. According to the bright-line
rule from _Kyllo v United States_ [1], when a technology is "in general public
use"[2], police no longer need a warrant when they use their own devices based
on that technology to see the "details of a private home that would previously
have been unknowable without physical intrusion"[3].

[1] [https://caselaw.findlaw.com/us-supreme-
court/533/27.html](https://caselaw.findlaw.com/us-supreme-court/533/27.html)

[2] Used throughout the ruling[1], but especially section II of Justice
Stevens' dissent.

[3] The ruling[1], 2nd paragraph

~~~
lima
How so?

The ruling is about agents using thermal imaging technology to bust a
marijuana plantation, performed from a car on a public street. The court
stated that this does not constitute a search, since any random citizen
could've done the same thing using commodity equipment.

Always on microphones that transmit via the internet (i.e. bugs) have been a
commodity for... a few decades? But you still cannot legally bug your
neighbor's apartment.

~~~
SilasX
>Always on microphones that transmit via the internet (i.e. bugs) have been a
commodity for... a few decades? But you still cannot legally bug your
neighbor's apartment.

It has not been normal until the last few years for people to _typically_ have
an Alexa-like device that is always listening for the "I'm about to make a
request" signal, which frequently gets turned on by accident.

It's not ridiculous that someone might conclude in the future, "if you're in
someone's house with such a device, you should reasonably expect that some
part of your conversation might get sent to the third party", which would mean
a diminishing of the right to such privacy in 4th amendment jurisprudence.

And frankly, the whole concept of using voice to activate it is reckless. It
is unavoidable to have significant false positives. It should be done with a
non-audio signal that can't be faked (up to the limits of modern crypto), like
an authenticated EM signal to turn on the listening.

~~~
EpicEng
>It has not been normal until the last few years for people to typically have
an Alexa-like device that is always listening for the "I'm about to make a
request" signal, which frequently gets turned on by accident.

Google Now: 2012 Siri: 2010 Microphones in cell phones: longer than those two.

It hasn't only been a few years.

~~~
SilasX
I’m referring to voice activated assistants, and I was referring to the case
when the typical (middle class) household had one, which happened long after
their initial release (and arguably hasn’t even happened yet, depending on how
you define “typical”).

~~~
EpicEng
Siri and Google now are both voice activated. Who wasn't using Android or iOS
when they launched?

~~~
SilasX
Again, the question is how long it's been _common_ for the _typical_ person to
have the _voice activated_ one in their home. Stop changing the question.

In any case, 4 years vs 10 years doesn't matter. The point is, a court hasn't
addressed it in the context of changing norms, at which point I claim there is
a danger that it will re-evaluate what counts as private, just as OP was.

------
gumby
My girlfriend celebrates passover which involves discussing "Elijah". The way
she pronounces that name (she's a New Yorker) triggers her Alexa device, to
much hilarity.

More soberly: I had no idea what Elija stands for so I asked the device, which
recited part of the wikipedia. It then said, "while I have your attention here
are some notifications you missed" and began to recite the first of her
messages from her work which are definitely _not_ for public consumption. (She
was able to throttle it, but still -- what if I had asked and she had not been
present?)

~~~
nixpulvis
"Alexa, order a bouncy castle", if all things are setup, you may have just
spent $200 on a nice toy for children.

------
zie
I have no doubt they are able to hear anything happening in the room they
happen to be installed in. But I doubt they listen for anything but their
keyword, and I seriously doubt they listen, record and send off to their
overlords what they hear on a massive basis.

However, they clearly CAN, and while they almost certainly don't on any
massive scale, if they by their overlord or a security hack, did on a targeted
basis listen, record and send conversations on, that would be very possible,
and very harmful for whoever was targeted.

I can't imagine the NSA and other covert organizations not drooling at the
chance to do just that. I'm also fairly certain those devices are not secure
as by and large the tech industry has a complete failure rate at making
anything computing related secure.

~~~
rhino369
>However, they clearly CAN, and while they almost certainly don't on any
massive scale, if they by their overlord or a security hack, did on a targeted
basis listen, record and send conversations on, that would be very possible,
and very harmful for whoever was targeted.

Besides the fact that they have better antennas, this is true for pretty much
any device with a microphone and a processor with audio processing capability,
no?

My laptop has a microphone and video. Surely Microsoft could just start
recording with the with right windows update?

My Avaya VOIP phone has speaker phone, could do the same.

~~~
masklinn
> My laptop has a microphone and video. Surely Microsoft could just start
> recording with the with right windows update?

It's a commonly mentioned issue, and a somewhat regular occurrence with
various malware or "security solutions".

That's why a number of laptops have either visual indicators or shutters
(though mostly for the cameras, sadly hot mics are rarely a consideration),
and a rare few have physical disconnection switches (again mostly for
cameras).

~~~
tprynn
Macbooks since 2018 physically disable microphones and webcams when the lid is
closed: [https://www.businessinsider.com/apple-macbook-air-
and-2018-m...](https://www.businessinsider.com/apple-macbook-air-
and-2018-macbook-pro-disconnect-microphone-when-lid-is-closed-2018-11)

~~~
netsharc
How does a chip "physically disconnects" a device?

~~~
tprynn
Presumably power is disconnected by the T2 chip. Different from mechanical
disconnect via a physical switch, but equivalently effective if you trust the
T2 chip. (And if you don’t ... well, you can’t use the MacBook securely at
all.)

~~~
morpheuskafka
You had better not trust the T2 chip, because it is vulnerable to the checkm8
exploit and the checkra1n folks have already demonstrated total compromise.
The encryption functionality isn't affected if you have FileVault on, because
your password is not stored anywhere on the device, but everything else, from
basic SMC functions like mic/cam/fans/touchbar to secure boot to verifying the
microcode and ME firmware before loading are totally useless now.

AFAIK, the T2 is always powered on even when the main CPU is off, so this
could have ultra-long-term persistence.

~~~
yborg
Reference?

~~~
walterbell
[https://www.idownloadblog.com/2020/03/10/luca-todesco-
teases...](https://www.idownloadblog.com/2020/03/10/luca-todesco-teases-
checkra1n-hacks-on-a-t2-equipped-macbook-pros-touch-bar/)

------
dustinkirkland
It's a very reasonable concern. I used to have a Google Assistant in my home
office. I've muted the mic and just use it as a Bluetooth speaker.

However, the much bigger concern should be your phone, which has a mic, is
internet connected, and almost always listening. You need to also disable the
Google Assistant, Sciri, etc. there too.

Oh, and that doesn't just go for your home. That's in the office, at a client,
on the train, in an Uber... Everywhere you take your phone.

~~~
GrinningFool
> Oh, and that doesn't just go for your home.

Once you're out of your home it's hopeless - then you have everybody else's
devices to contend with.

------
gumby
My understanding is that the "microphone mute" button on Alexa devices is a
hardware switch that cuts the wire to the microphone, at engineering's
insistence.

I'm rather short of praise for Amazon but if this is still the case, great.

~~~
dmix
Which is notably a feature of the Librem phones and laptops as well:

[https://puri.sm/posts/lockdown-mode-on-the-
librem-5-beyond-h...](https://puri.sm/posts/lockdown-mode-on-the-
librem-5-beyond-hardware-kill-switches/)

~~~
doublerabbit
Oh man, shame they only offer their keyboard layout as US.

------
cosmodisk
6 years ago I used to work for a translation agency.We used to get some very
confidential (and very interesting) texts from banks. We were not allowed to
put a single word into google translate from client files and this stuff is 10
times worse. Having a permanent mic from large corps in your home is never a
good idea...

------
wrkronmiller
I don’t entirely get the cognitive dissonance of worrying about a
microphone+speaker sitting on your table when you probably have a
microphone+speaker+camera+face-scanner etc... in your pocket. Same story for
most laptops.

~~~
gruez
Wrong threat model. Those devices only record maliciously if they're hacked.
Smart speakers/home assistants inadvertenly record during normal operation.
See: all the news stories about their owners discovering their recordings on
their google/amazon account.

~~~
javagram
My iPhone has activated “hey Siri” before by accident too.

It just doesn’t have a website where i can see all the times it was activated
by accident AFAIK.

~~~
Riseed
If you turn Siri off, it doesn't activate by accident, and the iPhone still
works as intended. If you turn off Alexa, the home assistant doesn't activate
by accident because it doesn't work at all.

~~~
cma
You can turn it on each time you need too use it, maybe with a trusted voice
activated power switch that isn't connected to the cloud.

~~~
gruez
At that point why bother getting it in the first place? The whole appeal of it
is that you can just say "hey google" from anywhere in the house and it would
answer you. If you have to walk over and turn it on, you might as well use
your phone.

------
Medicalidiot
I got rid of smart speakers a few months ago after being enriched with
everyone's perspective on this forum; tech is my hobby, not my career. I have
zero regrets. It's a little inconvenient now to not be able to say "play
[music]" or "play [show]", instead having to use a remote. But the peace of
mind that I'm not being recorded is paid for en masse.

------
Frost1x
Welcome to a world where the general consumer's choices coupled with more and
more private capitalization of essential services dictates life for the rest
of people.

In this case it's pretty easy: dont buy these garbage products to begin with.
Phones, on the other hand, are a bit more difficult to find viable
alternatives for in many cases

------
zitterbewegung
Until we have a home assistant that can be operated without a connection to
the internet without going to the cloud there is always going to be this risk.
I don't see any of the big players actually designing a system like this other
than Apple.

~~~
chmod775
> other than Apple.

Microsoft _might_. I don't know what their cortana does right now though.

~~~
gruez
I doubt it, given their current track record with windows telemetry.

------
decebalus1
I grew up in a communist dictatorship, where illegal wiretapping by the
government is still an open wound in society's culture. Given that, I cannot
understand who willingly buys this crap and puts it in their house.

A couple of days ago, I lost all respect for a coworker when we were in a
meeting and somebody said something which woke up the Echo he had on his desk.

~~~
gxon
Do you carry a smart phone? Does it not have a microphone designed to have
hands free conversations and pick up audio from a distance? Does it have the
ability to constantly track your location? Does it contain most of your
private, electronic communication?

If we're talking about illegal wiretapping, a smart phone is significantly
more risky and problematic than a smart speaker.

~~~
decebalus1
This argument always pops up but I always forget what fallacy this is..

------
DonHopkins
>The firm worries about the devices being compromised, less so with name-brand
products like Alexa, but more so for a cheap knock-off devices, he added.

Speaking of Ring knock-offs:

In these days of self-imposed isolation, this hands-free motion activated
connected door knocker seems seems pretty useful for scaring away unwanted
visitors without spreading germs:

[https://blog.smartthings.com/how-to/smartthings-door-
knocker...](https://blog.smartthings.com/how-to/smartthings-door-knocker/)

------
papito
The recorded conversations are accessible via Amazon. You can go and listen to
them yourself, and delete them.

~~~
choward
How do you know they are actually deleted?

~~~
RandomBacon
And how do you know that's actually all of the recordings?

------
nineteen999
Amazing! These very smart lawyers can't just unplug the things?

------
DonHopkins
>Amazon and Google say their devices are designed to record and store audio
only after they detect a word to wake them up. The companies say such
instances are rare, but recent testing by Northeastern University and Imperial
College London found that the devices can activate inadvertently between 1.5
and 19 times a day.

How can a device activate 1.5 times a day? Does it have to activate right
before midnight then deactivate the same amount of time after midnight?
Technically that's still activating on a whole day. Or can some devices half-
activate?

~~~
TheSpiceIsLife
If the device activated twice over a period of three days, that’s an average
activation of 1.5 times per day.

------
agumonkey
Heh, neighbor is a bank employee, now remote working, she unplugged her google
home bun. Good call (sic)

~~~
hatmatrix
What are bankers doing that's so secretive?

------
eeZah7Ux
Why "Locked-down" in the title? It's pointless.

~~~
kevlened
They gave all the context required to share it without the connection "Lawyers
warned Alexa is hearing confidential calls" requires. This could be telling of
Bloomberg's expected/desired readership.

Or, they wanted an alliterative title.

------
Simulacra
Turn off Alexa?

------
sjc01234
open source

------
matz1
I want and expected it to listen to everything. Sure it can be used to harm me
but it won't be a good business decision, on the other hand they can use the
data improve the product and service for me.

~~~
einpoklum
Sending a copy of all data to the NSA is apparently a great business decision,
especially when National Security Letters demand it.

~~~
matz1
Everything has a trade off, you have to look at it using cost benefit
analysis.

------
einpoklum
No! I'm shocked. Shocked and chagrined. How unexpected!

------
snvzz
I find the title biased against Amazon to begin with.

As if having assistants from other companies listening in was any safer. Why
namedrop Amazon's own?

~~~
jrockway
They mention Google in the first sentence.

I think it's important to not overly freak out about these home assistants.
Your phone company or video conferencing company is already listening to your
confidential client calls. Your email provider is reading your email. Your
internal applications run on Amazon's servers. Your upstairs neighbor has
their ear to the floor. I think lawyers are used to thinking "as long as it's
not in writing, we're okay", but with speech recognition getting better and
better, your phone calls / VCs are going to show up in court someday.

~~~
_jal
I agree, freaking out is pointless.

You treat these things as third-party listening devices - bugs, because that
is exactly what they are, and adjust your conversation accordingly
unless/until it is unplugged.

Look at it from a lawyer's perspective: imagine your privileged conversation
with your client did leak. Your client sues you. If there was a surveillance
speaker in the room _it doesn 't matter if it leaked because of it_. You just
demonstrated extreme lack of care by discussing privileged information in
front of a networked microphone.

