Basically this Abstruse Goose comic, http://abstrusegoose.com/553 , about the dangers of utility data logging have come true. The greater the time resolution of such things the more can be inferred. Such high resolution is completely uneeded and complex in order to just charge for usage. The new wireless meters could simply send daily lump sums and still be wireless and easy. But instead they abuse the functionality in order to intrude on the lives of everyone.
Recording everyones data everywhere just in case it might be relevant to an extremely rare event like a murder is very dangerous. The use of NSA recording capabilities by employees to digitally stalk victims of their affection (LOVEINT) is a clear example of how badly this kind of collection can go wrong.
I've certainly used anti-surveillance arguments like "what if some employee misuses the data", and I mean them, but it's not my fundamental objection. On a much deeper level, I worry about surveillance as an inherent harm. Partly as the death of privacy (a right in itself, to me), largely as a de facto power transfer to the state.
I think Seeing Like a State is right when it argues that states depend on 'legibility'. If it can't be logged, measured, or predicted, it can't be handled on the statistical level where states have to operate. And so everything that increases the legibility of our lives eases the real power of the state, without any need to expand its legal power.
This data when used properly (which is probably the case 90%+ of the time) helps to make the world better, or provides efficiency for the company who uses the tools.
Would you like an arbitrary line in the sand? Sure, let me give you one. The crime you're trying to stop has to affect at least 0.0001% of the population before I'll even consider lowering the quality of life of 99% of the population to protect against it.
0.0001% is an order of magnitude over the percentage of the US population that got murdered or manslaughtered in 2015, if you were counting.
Individually, I'm sure you can rip out, mutilate, deface, damage or what have you to devices that report fine-grained time-series data. But the moment you go anywhere else, you're being recorded, watched, monitored, measured, and recorded.
It's already being done, and it's way past time that we do have that discussion. Because without string and stark dialogue, we'll end up with "We're not doing anything wrong, so why should we care?" kind of responses. Or worse yet, people won't understand what something like accurate TS data from power input can lead to.
And as an addition on the above comment, I also wrote a CPU-bound facial recognition app. I wrote it initially for a convention that we have for our hackerspace every year... But it took me a week to do in my spare time, using open source libs (OpenCV, QT). This stuff is just getting more ubiquitous.
: http://www.hennebert.org/download/publications/isspa-2012-ma... MACHINE LEARNING APPROACHES FOR ELECTRIC APPLIANCE CLASSIFICATION
>Individually, I'm sure you can rip out, mutilate, deface, damage or what have you to devices that report fine-grained time-series data. But the moment you go anywhere else, you're being recorded, watched, monitored, measured, and recorded.
There are a variety of ways that this can be done, most of them revolving around visibility and community education.
Stop using facebook, stop buying voice assistants. Refuse to sign up for accounts that require your personal data. Be offended. Tell cashiers in shops on no uncertain terms that they don't need your email address to sell you things. Be a leader by telling people around you that you have consciously made these decisions, and /why/ you have made them.
Attach your public key whenever you email someone. Inevitably, someone will ask what the attachment is. Use it as an excuse to tell them about encrypted email.
Be the change you want to see in the world.
Early next month I'll be getting an old stock but new in box feature phone from the UK. it's from 2011, it cost me $30 including shipping. It has a browser, SMS, a phone and /nothing else/. I look forward to showing off my new phone to everyone at work and explaining I ditched my Galaxy ace 4 because I didn't feel in control of it. It's partially a token gesture, I can still be tracked via the GSM connection, but it's a talking point. It keeps the problem in peoples faces.
The US government doesn't give a shit about the legality of what they're doing. They have a "secret court" that no one is allowed to ask about that is "authorizing" all the things they are doing. Clearly, you're not going to win them over by town hall debates. What we need is gentle but powerful groundswell opinion against surveillance, the kind that threatens election results.
P.S, you can also move to places where this shit doesn't happen. I moved from Australia to Iceland, and at least 30% of my reasoning to do so was that Australia is actively turning into a surveillance state.
Indeed. But I also think, that much of this community education and "awareness" has gotten people to ignore these types of things. A lot of it comes down to "ehh, whatever" or similar "convenience > privacy".
Facebook's a problem child. You have an account even when you don't have one, because other people put things up there and link to you. Indeed, having an account allows some modicum of control of other user-posted junk, whereas not having an account = no control.
Facebook also has network effect going for it; easy to chat on, and easy to see events and parties around. And being "that guy" means you're likely forgot about events. I'd love a viral solution to claw away from Fb and get my friends on. Ello seemed to be a good candidate but quickly turned into a shithole. I'll honestly have to look into Diaspora and its user-friendliness. Because again, network effects rule.
> Be the change you want to see in the world.
Indeed. I try to be. I have my own IoT infrastructure. Built it myself. I have a few different buildings I do stuff in, and use Tor to tie my network together. I've documented what I've done here: https://hackaday.io/project/12985-multisite-homeofficehacker...
> The US government doesn't give a shit about the legality of what they're doing.
Absolutely agree, being a US citizen. I am looking at emigrating elsewhere. Iceland was a consideration, as was a few other countries in Europe. But it also feels like trading one set of problems for another set of problems.
In this case, there are traditional limitations on law enforcement (requirement of a warrant) and a specific crime that has been committed.
In my opinion, using a warrant to get the data from the water usage device is no more problematic than using a warrant to search the house.
Obviously malicious law enforcement could still circumvent that just as they could a warrant depending on their level of capabilities and your house's security, but there isn't a similar path to securing your water usage data against warrant-less searching. Its security is wholly in the hands of a third party and any security breaches are essentially invisible to you.
That said, we're both painting in broad strokes.
We're trading the potential to solve a major crime for the potential for a minor crime of stalking to happen. As long as we require that a warrant be involved in getting the data and there are punishments in place for accessing without a warrant I'd feel safe with them collecting it.
1) The information might be used "off-label" for all sorts of personal and political reasons. There are countless examples of this in history.
2) The standard of evidence must remain high. Circumstantial evidence has been, and continues to be, used to convict innocent people of crimes. Giving the authorities what amounts to a mountain of circumstantial evidence could allow them to build a case out of thin air.
"Ladies and gentlemen of the jury, he must be guilty: he entered the bar two minutes after the victim, and left a minute after they did. He took an Uber along the same route and exited at the same address. 3 minutes later the murder weapon was purchased by a man matching his description a block away." ... and so on.
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." -- Cardinal Richelieu (disputed, but classic)
Imagine what can be done with a lifetime of data from hundreds of sensors?
2) There's already plenty of avenues for circumstantial evidence already, this is the reason we have lawyers and judges to argue over and prevent evidence that isn't solid
2. The water company collects all this data from everyone with the device.
3. As the Mirai botnet showed, it's not just the government who might have access to that data.
You might trust the current custodians of $BACKDOOR, but do you trust all future possible custodians that have dominion over that role? Keep in mind that nothing is technically restricting them to look only at possible murder.
Hypothetically speaking if you were doing some grey-hat, "illegal" probing/hack at the time of a murder the police question you about; admitting to your actual activity could result in more time behind bars than a murder. If this activity was somehow vaguely recorded and correlated with an activity of the murderer then you have a serious problem.
Take criminal cases where they find drugs in your system and use that to make it look like you're more apt to commit said crime.
Ideally we'd want to get the benefits without the abuse, but that requires a solid bureaucracy and strong rules.
I tried logging my electricity use. You can easily see what time I wake up each day, when I get home, whether I watch TV or not, whether I cook using the microwave or the hob.
It doesn't show up on my graph, but I'd bet from the data you can see exactly when I go to bed, since I plug in my phone (+1W) and switch off the last light (-5W).
Within all this, the fridge compressor turning on and off is easily ignored.
EDIT: the internet surfing patterns are another story. But you can probably VPN to your home through some newly-installed network interface and access the net as if you were there.
I wouldn't be terribly surprised if the government tries to require a device that logs all our conversations at home. It'll be sold as "crucial for law enforcement".
The Echo is a technological marvel. But who's to say Amazon doesn't get a "national security letter" one day where they're forced to send a patch to the machine to have it log everything?
Some day, if I'm bedridden or some such, I'd welcome an Echo in the house. Until then, I'd rather get up and turn a manual switch. I could use the exercise anyway :-)
I was lucky to move house just after the rules came in, but before cheap, residential versions of the logging devices were on the market -- mine has a serial port! It outputs a line of XML every 6 seconds showing power use, measured with a probe which clamps around the live wire where it enters the house.
I've since moved again, and my newly built apartment has the wires hidden, so I can no longer use the probe.
http://www.currentcost.com/product-envir.html -- but make sure you get one with a serial port.
You left off the implied "unless the intent of those systems is to create the appearance of occupancy". You know that a pattern associated with waking up happened. You don't know if I'm home or not. Now add in the case which happens to me sometimes where my morning ritual automation kicks in because my phone is home (but I'm not).
I imagine it'd be a harder argument to make, before a jury in a criminal trial, that the dataset showed the house was occupied because the occupant had rigged beforehand an elaborate system of intentional resource wastage to fake occupancy in the way that would fuzz a police investigation, as opposed to the much simpler explanation "the suspect was home." Burden of proof might be high.
You'd probably have a viable business model if you could actually do that. Existing options like Neurio cannot reliably detect devices pulling single-digit power draws.
That's obviously a slippery-slope argument, but it's not outwith the realms of possibility that if I can think of doing something like that, politicians (especially those!) can think of it as well.
That was 1991.
If we do the latter, we treat the minority cases as a crime. Just as we do when police use their access to stalk people.
That being said, I DO think we have poor transparency in these cases of who has access to what. I've always said that if it were publicly available to see how many times someone has run my license place and/or drivers license I would be really upset.
As long as these storage units don't simply begin to 'top off' when they are drained, the usage could be masked by averaging and predicting demand.
very simplified water day
6am - Toilet flush & hand wash 2 Gal
7am - Shower 36 Gal
8am - Breakfast - Coffee, Oatmeal, Dishwashing - 2 Gal
6pm - Dinner & dishwasher - 8 gal
10pm - flush and brush - 2.5 Gal
So you'd want a constant 2.1 gallons to be fed in from the street per hour, and you'd need a minimum 40 gallon reserve tank to cover that day.
So it would seem Amazon isn't "refusing" to hand over recordings. Amazon just doesn't have recordings of everything that is said around it retained long term.
Specifically, the Bentonville Police Department requested "electronic data in the form of audio recordings, transcribed records, or other text records related to communications and transactions between An AmazonEchoh device" located at Bates' residence and Amazon.com's services between Nov. 21 and 22, court documents show.
Amazon refused both times. In a statement to USA TODAY, Amazon said will not release customer information without a valid and binding legal demand properly served on it. Amazon objects to over broad or otherwise inappropriate demands as a matter of course, the company said.
Still, they need to get a warrant.
Isn't that what they do?
Article says "Arkansas police issued a warrant to Amazon to turn over recordings and other information associated with the device owned by James Andrew Bates."
If my reading of this is correct, seems like all Amazon is really saying here is they're refusing to hand over the data until they're "properly served" the warrant.
The Guardian article did mention that "Arkansas police issued a warrant to Amazon to turn over recordings" but as IANAL it's unclear to me whether or not that's the same as actually serving the warrant, legally speaking.
Is "issuing" a warrant the same as "serving" it?
Like is discussed here: http://volokh.com/2010/01/08/does-the-fourth-amendment-allow...
I used to have Google's voice search on my phone, and found it interesting that they store your recordings indefinitely. You can listen to your own voice searches: https://myactivity.google.com/myactivity?restrict=vaa. It was also interesting that they include what was said in the few seconds preceding the wake word ("OK Google").
They aren't assuming Amazon holds everything said in proximity of the device.
We live in a society where passive, ubiquitous, voluntarily-accepted monitoring is becoming the norm because of the vast convenience it affords the users. The flip-side of that coin is of course breaks in your regular pattern of behavior are going to show up in the data trail.
Rather than blame the data trail, maybe we can just all agree to a societal understanding that if you're going to take up murder as a hobby, it might be somewhat incompatible with your other cloud-based ubiquitous-computing hobbies?
Sexual acts, politial opinions, social opinions, partners, etc, all of these are commonly used to discriminate by all groups. Not wanting to have absolutely everything you do recorded doesn't mean that you're doing something that is harmful or wrong to society; there are a multitude of common situations in which you wouldn't want privately shared information attached to you directly. Examples can be given, but excluded for brevity.
Also given that Amazon has shown that it isn't keeping more than what it needs to catch the summon word "Alexa", it shows that it is very easily and technically feasible to balance "always on services" with privacy. Apple does this with iMessage and it's mobile line. Windows, macOS, and many Linux distributions ship with a disk encryption option. This is something we have a pretty easy and readily available technical solution to that allows people to retain their private lives while having "always on" tech.
When Eric Schmidt wrote that quote, it was defending an ill-fated and misguided attempt to force real names for a reason that wasn't really made clear. It was a very weak justification for the real name policy Google was trying to push across their accounts, a policy they eventually gave up on. I get that there are scenarios in which an always on, always tracked, forever recorded, real name data collection policy can solve; but it introduces far more threatening problems than it solves; I've heard talks given by former detectives and police officers on how mindless data collection is an abuser's dream, and how so many abusers were able to find their victims even after relocation because of things like store loyalty cards being leaked, service integration revealing connections, and so on.
He said this 18 months before the real names policy, and he actually said it as a warning to users.
This is the why we have constitutional rights, to avoid such broad generalizations. Everyone has the right to privacy, regardless of what utilities or Hobbies they have.
It's still up in the air whether going to a third-party to whom you've voluntarily given a bunch of information about yourself and asking that third-party to render that information is "unreasonable." It's pretty simple to make a case that it isn't. To wit: there's plenty of legal precedent for compelling a witness to testify against someone; are we to believe that your Amazon logs or your water meter history should share the same privileged status as your attorney, psychotherapist, or priest? "Alexa, forgive me, for I have sinned..."
It's really not 'up in the air' - it's been settled for over a century, look at banks and phone companies.
You can argue that most of this is due to bigotry and missing legal protections, but there'll be no ultimate defence against unpopular activities any more than unpopular views.
and right there is the problem. Nowhere in the article does it say that anybody has committed a murder.
You are not proposing to strip privacy away from a criminal, but from a person that is suspected of a crime and might just be completely innocent. That leads to stripping privacy away from everybody.
Article headline: Amazon refuses to let police access US murder suspect's Echo recordings.
If your point is that the suspect is not a proven murderer, then yes, of course I was speaking loosely and not adhering to the legal definition of innocence until proven guilty. But in point of fact, yes, we do strip some privacy away from murder suspects when suspcicion has justified a warrant or subpoena. It's quite necessary in investigating a murder to do so, and we generally have no issue with detectives asking a person's friends, employers, etc. about their activities on and about the night of a heinous crime.
The question of interest here is whether your Alexa logs should be considered "Something you told a friend" or "Something you told a lawyer / priest / spouse." The question of whether police are allowed to pry into a murder suspect's private life, indirectly, with a warrant when they are investigating a murder is well-settled common law.
A murder suspect is just very different from someone who has take[n] up murder as a hobby. The first description might apply to you right now without your knowing, whereas the second (hopefully ^^) clearly doesn't.
> … speaking loosely and not adhering to the legal definition of innocence until proven guilty
You make it sound like that is a minor detail, but it's in fact a cornerstone of a Rechtsstaat (apparently there is no English word for this? see https://en.wikipedia.org/wiki/Rechtsstaat).
I don't have to walk far down the street though to find people loosely throwing around terms that suggest guilt or innocence completely divorced from the legal definition. Your streets may differ from mine.
Tools used for "good" can also be used for "evil" and something so many people fail to account for is how a "good" tool can be misappropriated. This is why there are so many restrictions on how the police can operate. For example, restrictions or bans on entrapment, wiretapping, "bugging" a home, requiring a suspect to provide incriminating evidence against themselves, etc. We recognize that some bad people will get away because of these restrictions. A seemingly smaller portion of us seem to recognize why we let those bad people get away rather than erode our freedoms even more.
People who defend their freedoms have an unfortunate burden of defending the freedoms of the worst people imaginable.
I haven't put a lot of thought into it, but from a practical standpoint, my argument would be something along the lines of a similar sentiment to Mr. Schmidt: "If you're homosexual in a country where that's a death sentence, please keep your head down until you can get out. Learn how to encrypt everyting. Don't rely on any third-party providers that you can't trust. Don't hand the murderer your own noose." And that sucks, because it's brutally unfair, but "brutally unfair" is assumed when talking about nations where homosexuality is punishable by death.
From a moral standpoint, my argument would be something along the lines of "Murder is a horrible evil and homosexuality is not. We should be able to reserve more tools legally to track down murderers than to pry into someone's personal sexual preferences, and I'm lucky to live in a country where (generally) things are seen that way, most of the time." We already do reserve more tools legally to investigate a criminal case; privacy can be encroached upon by existing common-law methods. The question of interest is really, are your water logs and Alexa conversations priest-and-spouse-like or best-friend-like?
Possibly more importantly: how does the replacement argument map to practical action? If we decide that we don't want to allow collected logs to be subpoenaed for murder trials (or we decide logs should be legally banned from being collectible---that'll make a lot of personal-improvement projects illegal, but let's entertain it for a second), how will that help homosexuals in countries where it's punishable by the death penalty? Those countries will look at our worst-case-scenario reasoning, say "That's nice," and then go on to log citizen activities anyway. The "should we" argument has absolutely no bearing on the capability argument, and if we're going to bring other nations into the risk model, we have to talk capability.
Eric Schmidt is as biased on this subject as you can get, he profits from our data.
"the reality is that search engines, including Google, do retain this information for some time. And [...] we’re all subject, in the US, to the Patriot Act, and it is possible that that information could be made available to the authorities."
That seems like a good warning, hardly evidence of some nefarious bias.
There are, to be certain, concerns about ubiquitous data being used in fishing expeditions, but a dead body in a hot-tub on a person's property is hardly "fishing expedition" territory.
This. Eric Schmidt should release its own full dataset to show us that he thinks this is true.
Unless he is doing things he should not be doing in the first place ?
Pretty sure he regrets saying that in public.
But yeah, as I said in the previous story about this case, I've given up a lot of privacy in the past 10 years for convenience. I'm aware of the ramifications though. Many people just aren't thinking about the consequences.
If the police stands in front of my house with a warrant to search my belongings, can I refuse that? Does it make sense if I have nothing to hide?
The recordings of the water meter is more interesting and the possible combination with other devices, including the Echo. In case of a housing with lots of IOT-Devices the police could reconstruct the actions within based on the stored information, like when did someone eat, turn on the lights, wash hands, open the door, watch TV...
To obtain a search warrant or arrest warrant, the law enforcement officer must demonstrate probable cause that a search or seizure is justified. An authority, usually a magistrate, will consider the totality of circumstances and determine whether to issue the warrant. 
I agree to your statement, if there is no search warrant. But in this case an authority already decided that the search is justified. What use are search warrants then if they can all be refused?
I understand, that even a magistrate or whatever can make errors. But if this happens a lot, the consequence will be, that search warrants are issued without second thought and the person/company affected by the search should always deny it first.
I'm all for privacy and defending individual rights, but cases like this make a farce out of court orders and the whole jurisdictional process.
I think you'll find the vast majority of search warrants aren't even read by the judge signing them. When I owned a (hosting) company it was blatantly obvious reading them, and we had a policy of challenging them when possible.
The whole search warrant/subpoena process is a joke. There is essentially no oversight on law enforcement whatsoever here and the whole trope of "but a judge reviewed it!" is a complete and utter outright lie in many cases.
It seems fairly likely that jurisdiction is what Amazon ended up challenging.
Very much agree, because there's a difference between being "innocent" and actually innocent. Only the former matters, it's subjective (jury/judge) and unknown to everyone but you, ex ante.
Sometimes the police are more invested in finding a criminal rather than the criminal.
I also believe that Amazon could provide that data alone. So what makes them refuse?
Contrary to what others on this thread are saying, no. You cannot deny them entry. At that point, in that situation, the police are authorized to use force to exercise that warrant and you have no recourse but to cooperate. I don't know where people get this silly idea that they can refuse. That's how you turn a peaceful affair into police busting down the door, legally shooting your alarmed dog, wrestling you into handcuffs, and executing the warrant by force. I wouldn't be surprised if your refusal to cooperate would be admissible as evidence of mens rea. Don't be stupid.
The kind of warrant that Amazon is contesting is different than the kind that police show up at your door with. They could get one of those for Amazon too: a warrant to enter Amazon's buildings and seize servers, hard drives, papers, etc. If Amazon itself, or its employees, was suspected of criminal wrongdoing, and being investigated by a police force with physical jurisdiction over the locations to be searched, that would happen. Businesses are searched this way all the time.
Yes, if your legal team denies it as overly broad. They can also file an injunction. This is why you call a lawyer as soon as the police arrive w/ a warrant or ask you questions.
> Does it make sense if I have nothing to hide?
Yes. Because you value your privacy of hobbies and speech.
> I have nothing to hide.
The average person breaks 3 laws a day. Whether that's speeding, texting while driving, having your friend over who left a dirty sock that smells like marijuana over. The police are "rewarded" when they find evidence of any crime, not just the one you are accused of.
Not a great example of having nothing to hide, but a great example of a broad search that found an entirely different crime. Survivor contestant, Michael Skupin, was having financial documents searched by police when they found kiddie porn was sentenced yesterday.
Pragmatic question regarding this type of advice. It's easy to say "call a lawyer", sure, but like many Americans under age 35, I do not presently have a lawyer in a meaningful sense of the term. (I had one once, for a very specific matter regarding a visa for another country - it was four-figure expensive - that relationship is now over.)
Suppose the police show up at my door in half an hour. What do I actually do? Or, suppose that they're not showing up in half an hour but I'd like to be generally prepared. What steps can I take to do so while keeping the up-front pre-police-raid 'expensive' in the low to middle three figure sums, or thereabouts?
2.) In a real pinch, call your local public defender. They likely will not be able to get someone out to your place ASAP but they may be able to offer some advice. You can always follow-up with private counsel later.
The other alternative is LegalShield and such services.
So this only applies to businesses and wealthy individuals? If this is the case, we already lost the fight for equal rights.
This is a murder case. How could someone value their hobbies and freedom above the jurisdictional process?
Not a great example of having nothing to hide, but a great example of a broad search that found an entirely different crime.
They do not have to fish for a crime. The crime is given, but the circumstances are probably not.
I just have the feeling, that refusing to provide the data to solve cases like this will probably hurt everyone more in the long run. If the police cannot get the data this way, they will probably try another way or change the law.
(I know it's better to provide references to web pages and not books, but I don't have a web page that recreates that book on hand. Suggestions welcome.)
As I understand it, it's an estimate, not an actual figure. In order to perform such a survey, we'd have to sample people, record their entire daily activity, and determine how many crimes were committed. Determining how many crimes were committed would require an army of lawyers and private investigators... and that's the real point. As a normal citizen without an army of lawyers, you should have no confidence whatsoever that you are not committing crimes. If measured by "what could be used to convict you if the government wanted you out of the way" I'd guess 3 per day is a grotesque underestimate, at least one order of magnitude and I wouldn't bet much against 2.
Well, if you live in Seattle and the police are from Arkansas, yeah. They can ask, just like i could ask to search your house. Out of the state that grants them authority, they're just guys with a piece of paper.
Why don't you take the advice from someone who knows what he is talking about. If you're in on a hurry make sure you see part two:
Part one: https://www.youtube.com/watch?v= interrogation (Mr. James Duane, a professor at Regent Law School and a former defence attorney)
Part two: https://www.youtube.com/watch?v=08fZQWjDVKE (Mr. George Bruch police officer, years of experienced in suspect interviews for the police and US navy.)
Would Amazon then still refuse access?
Edit: IANAL, but pretty sure deleting incriminating evidence is obstruction of justice
pretty sure deleting incriminating evidence is obstruction of justice
Probably, but so what?
The prosecution very well might subpoena those records if they thought there was value in so doing.
What about if you are wanted for questioning about a murder which involved dragging the body a significant distance while you were in the hospital recovering from chemotherapy? Still don't talk to the cops?
Nope. While you're busy playing "what if...", I'm dialing a lawyer. Should that trained professional advise talking to the adversarial trained professionals, then I would do so, and not before.
I don't how it is where you're at, but in the U. S. cops have demonstrated time and again (and I've seen with my own eyes) that they are not concerned about truth and justice, but arrest and conviction rates. I'm not walking into that scenario running my mouth without professional advice.
Similarly, in LA, there are no fare gates at metro train stations. Occasionally police stop people leaving the station to check whether fare is paid by scanning the transit smart card. What if the card malfunctions? What if the scanning device outputs the wrong information? I have no way of contesting or verifying the information on these devices. It would be me, the passenger, held to account, not the infrastructure technology.
Poor DNA evidence/practices have wrongly convicted people, they have also exonerated people that were wrongly convicted.
Ok, I'm an idiot. I see now that the app has a history of my commands and their audio recordings. Which is actually kind of creepy. But then I wonder why the police don't just check this guy's Alexa app on his phone. And maybe that's the real question - are they asking Amazon to provide some sort of recording of everything the device heard that night?
Privately, they're hoping it records everything.
However to date, wireshark investigations and other forensics people have done proves it only sends data to the cloud when you ask it the wakeword.
The artical says Amazon twice declined to hand over Echo data... I'm presuming because the police didn't have a warrant. The article says Amazon has been handed over a warrant (now?)... so... Amazon will or will not refuse to hand over the data now with warrant in hand???
"Here's the command from the Echo Dot."
"Great, what should I do?"
"Can't tell you; it's encrypted."
Even the NSA probably couldn't get such packet captures, but they'd be able to get the data from Amazons end.
Which is really the main reason why I have avoided these smart speakers. Encrypt them all you want. Send a NSL and all the sudden you've made wiretapping that easier. And that would be very bad for business.
The latter is likely to deter future purchases and cause many to toss their holiday Alexa gift in a drawer.
More importantly, their lawyers think they can get away with refusing the search warrant as too broad or claiming it sets a precedent of invading privacy.
Then process the possibly interesting signals with a voice-to-text system similar to Alexa/Siri/Google/Cortana and now there's a searchable text database of everything spoken next to a window in a city.
That would be, what, mid tens to mid hundreds of millions of £ for London? Compared to the annual budget of £3.24 billion?
I still can't imagine those globes deciding what is "interesting" and what is not on a solar panel power budget. But at this point it's guaranteed to become viable at some point, and I don't have all the info to conclude it's not viable now.
Yeah, but this is entirely ridiculous. It's trivial for anyone with access to the device to verify that it most likely doesn't do that.
How would one determine if it is not buffering and compressing data client-side for later transmission during "firmware" updates?
Additionally, who has setup an automated testing framework for such things after each firmware upgrade?
How many firmware upgrades have there been for the Echo?
Also, how do we know that your Echo and my Echo are running the same firmware, and will always run the same firmware version?
Yeah, it gets harder when you need to be sure.
>How would one determine if it is not buffering and compressing data client-side for later transmission during "firmware" updates?
AFAIK you can root the device pretty easily, so you should be at least able to verify that the main OS of the device isn't doing this.
>Also, how do we know that your Echo and my Echo are running the same firmware, and will always run the same firmware version?
Boot them both from a read only SD card.
And if it doesn't, you still don't know. So why even bother? Why not simply throw it and anyone peddling it out of the window? That's making sure rather than derping about.
If you have access to the main OS it's also relatively easy to verify that the secretly recorded audio data isn't being uploaded anywhere, unless these devices have some secret radio equipment in them.
edit: Why downvotes? It is illegal to do voice recording without a consent.
(I am not lawyer)
And I don't know what laws might be broken were they to do so.
Note: I'm talking about general recording. You can tell from the Alexa app that they keep the queries themselves since you can review them yourself.
Do the police hope the accused said to the device, "Alexa, how do I murder someone?"
EULA does not cover it, your visitors did not signed it. Only way is to put label: "This area is monitored by CCTV"...
Also recording phone calls could be illegal. Amazon should put disclaimer before every conversation :-)
al: "This conversation might be recorded for monitoring and training purposes"
me: "Call Dad"