Alexa’s recording leak in US ‘echoes’ privacy issues here
The article by Mugdha Variyar was published in the Economic Times on May 29, 2018. Sunil Abraham was quoted.
Digital rights activist Nikhil Pahwa keeps his Google Home smart speaker occasionally plugged out, citing the propensity of the device’s voice assistant to assume it is being queried even when it is not. In the Portland case involving Echo, Alexa had misinterpreted a family’s conversation to be a request to record and send the conversation to a person in the family’s contacts list.
In India, as internet consumers become comfortable using AI-powered voice assistants to play music, set tasks and seek information, they are also waking up to the fragility of data privacy, especially after the infamous Facebook-Cambridge Analytica episode. Indian laws, though, are yet to catch up with technology such as these, say privacy experts.
Globally too, governments are grappling with framing policy around data and privacy. That said, the European Union’s tough privacy laws on how companies can handle user data, introduced last week, are forcing companies to seek consent from customers globally to use their data.
According to Singapore-based market research firm Canalys, 108,000 units of Amazon Echo devices were shipped to sales channels in India in the first quarter of this year. As for Google Home, which was launched here in April, 25,000 devices have been shipped so far.
“It is always the company’s fault when such incidents (Alexa’s recording leak) happen. But if it does happen in India, it will also be the government’s fault since there is a big vacuum when it comes to protecting privacy in the digital age,” said Sunil Abraham, executive director of Centre for Internet and Society.
Abraham said a recording device in homes could open up the possibility of hacking or wiretapping. He, however, added that the Amazon incident would not necessarily create any panic. Amazon did not respond to specific queries about what steps it was taking to ensure such incidents do not occur again.
Google said it provides a Home user control through its activity control feature, ability to delete voice-recording history and control permissions to personal data on Gmail, as well as the option to mute the device.
Abraham cited the principles of data minimisation, that is, bare minimum collection of data, and minimal data retention policies with the user, as the main policy requirements, especially to prevent incidents such as the Alexa leak. “We are hopeful that the Srikrishna Committee will include this in the data privacy law,” he added.
While there needs to be a strong law, there also needs to be a strong citizen advocacy, where users take a company to court for privacy breach. Alexa users should also be sending queries to Amazon about what steps they are taking for privacy protection.