There was a bit of a brouhaha in July last year when it was revealed that Apple, Google and Microsoft all listened in on voice assistant voice commands for training purposes.
At the time the main issue was that users were not informed humans will be listening to their recordings for training and quality purposes.
Now the Guardian revealed there were even more issues, as the security around these review processes were laughable.
According to a contractor who reviewed recordings of Skype and Cortana conversations for quality, the task was performed by a 3rd party service who employed staff with very little vetting who worked from home all over Beijing. Reportedly the website used to review the recordings on their personal laptop merely needed a user name and password, without 2-factor authentication, and the password was the same for all users, for “ease of management.”
In addition, the login details were sent via email over plain text, meaning it could easily be intercepted by 3rd parties.
The contractor reviewed thousands of recordings each day, including some sensitive ones.
“It sounds a bit crazy now, after educating myself on computer security, that they gave me the URL, a username and password sent over email,” the contractor told the Guardian. “I heard all kinds of unusual conversations, including what could have been domestic violence.”
Microsoft is no longer using the 3rd party service and say they have moved it to “secure facilities” outside China.
“This past summer we carefully reviewed both the process we use and the communications with customers,” Microsoft told The Guardian. “As a result, we updated our privacy statement to be even more clear about this work, and since then we’ve moved these reviews to secure facilities in a small number of countries. We will continue to take steps to give customers greater transparency and control over how we manage their data.”