Earlier this week, Amazon announced wide pre-order availability of it’s newest toy: The Amazon Echo. And while it’s earning half-decent reviews (3.5/5 stars on CNET and 7.7/10 rating on Engadget), I think there’s something we’ve all missed. Amazon now becomes the fourth major technology company to begin listening to everything we say. Who came before? Microsoft, Google and Apple. My fear is that this trend is only going to continue.
Microsoft has been using always on voice recognition since it launched the XBox One in late 2013. They have since extended usage of the technology to it’s virtual assistant, Cortana, on Windows Phone. By simply prefixing a command with the word “XBox” or “Hey Cortana”, you can get your Microsoft devices to perform specific functions for you. Google has been using always on voice recognition on Android devices since June 2014. The trigger words for Android are “OK Google”. iOS users have had the capability to yell “Hey Siri” at their devices any time it’s plugged in to a power source since September 2014. And with Amazon’s recent announcement, you can add the trigger word “Alexa” or “Amazon” to the list that devices in your home will be listening to.
To their credit, none of the aforementioned devices stream data to the cloud without hearing the trigger word. However, once you’ve triggered a connection, you should expect your every word to be transmitted to at least one server farm in the cloud (Hi, NSA, we know you’re listening, too). However, there’s one major problem we haven’t completely thought through yet: security.
Our voice is one of the most personal things about us. Every one of these technology companies is recording our voice and storing it in the cloud for in depth analysis. They have admitted as much.
In addition, while it may not have been done with malicious intent, Google was recently caught automatically installing the code that allows browsers to listen to users without their permission. That’s not the only security issue users should be concerned about, though. Hackers have recently proven very adept at attacking both corporations and the United States government. If they can’t keep our credit information safe (I’m looking at you, JP Morgan Chase, Home Depot and Target), how are we supposed to believe that our recorded voice data is safe? All four companies that are now storing your recorded voice in the cloudhavebeenhacked.
There’s more. Though it may seem unrelated, recently Google and Facebook announced that they created dueling artificial neural networks that “dreamed”. They made computers create random samplings of images from simulations and then had the same artificial intelligence enhance those images by focusing on details in the generated images. What’s even more interesting is that Facebook turned it’s AI towards creating images of animals, cars and airplanes that were realistic enough to fool humans forty percent of the time.
Granted, images are different than sound; but we’re getting closer and closer every day to the time when computers will be capable of fully imitating humans. Even though we’re a long way off from a computer doing so autonomously, it’s clear that we’re not that far from a computer doing so due to very sophisticated coding. In today’s age of sophisticated, decentralized cyber attacks performed by nation states, do we really want to risk putting every intimate piece of ourselves in digital ones and zeros accessible for the taking? While some are scared of the inevitable launch of Skynet, maybe we should be far more concerned by the clear and present danger in the here and now.
It’s time we put some stronger protections in place as we continue to experiment with the limits of technology. Firewalls and encryption alone did not protect users from having their identity stolen in the retail hacks. We should start looking strongly at building decentralized protocols for data access, storage, and transit (i.e. – BitTorrent and Tor). In addition, even though encryption isn’t the sole solution, it is still an important part of the solution. All conversations currently happening in law enforcement surrounding the implementation of backdoors in encryption protocols needs to be blocked at the source and called out for what it is: ludicrous. Personal information belonging to users should be authenticated using two factor auth as a standard and not as an optional security feature. And finally, the technology community needs to do a better job educating users on one of the biggest holes in every security system: social engineering. Even the best security system can be beaten by a savvy and smooth-talking con artist with a genuine smile or an official-sounding phone voice.
As technologists, we’re always going to walk the line between what is possible and what is safe. Unfortunately, the stakes are only getting higher and higher. It’s time we do more to protect the very people we’re building all of this technology for. Otherwise, what’s the point?