Being listened to by “big companies” has been a fear for many for years, and 2019 saw most of those fears realized into actual events.
Companies like Amazon, Microsoft, and Google were all called out for various degrees of the same thing: smart products listening and company engineers and contractors listening to that content. Even Apple got tossed under the bus. In all of those cases, after getting caught, the companies pledged to change their ways.
Here we are in 2020 and it feels like the beginning of 2019 all over again. The Guardian has a report out today that details how Skype audio calls are graded by individuals in China without “security measures” in place. In response to that report, Microsoft counters with the claim that Skype audio calls are now graded in “secure facilities in a small number of countries”.
Just to be clear: Microsoft grades these Skype audio calls in an effort to make sure that its transcription service is working properly. That’s why the listening/grading is happening at all.
The latest report today is based on information gathered from one of those contractors, in this case a former one who said he listened to transcribed Skype calls with “little” cybersecurity in place to prevent potential state interference. Over the course of two years, the contractor says they listened to private Skype and Cortana audio recordings from a personal laptop at home.
The audio content was accessible via the Chrome web browser and a web app. The contractor says there was little security in place, no vetting of employees, and, as mentioned above, the recordings were accessible without any additional security precautions on the internet in China.
It sounds a bit crazy now, after educating myself on computer security, that they gave me the URL, a username and password sent over email.
A spokesperson for Microsoft responded to The Verge and said that the recorded audio is just “snippets”, and measure ten seconds or shorter. The spokesperson said that no contractor would have access to any audio recordings longer than that, adding, “If there is questionable behavior or possible violation by one of our suppliers, we investigate and take action”.
The Microsoft spokesperson went on:
We’ve always disclosed this to customers and operate to the highest privacy standards set out in laws like Europe’s GDPR.
Microsoft was first pegged to be doing this back in August of last year.
In a statement to The Verge, Microsoft had this to say:
As a result, we’ve updated our privacy statement to be even more clear about this work, and since then we’ve significantly enhanced the process including by moving these reviews to secure facilities in a small number of countries. We will continue to take steps to give customers greater transparency and control over how we manage their data.
The company did not go into any detail.
So, Microsoft says the recordings are now graded in “secure facilities” across the globe, so it’s certainly possible this former contractor was doing things incorrectly and against Microsoft’s policies. Still, it’s a worrying report that maybe things haven’t changed all that much from last year.