In the digital world, believing that your data is absolutely safe and private is no less than a joke. Time and again, over the years – it has come to light that tech giants like Google, Facebook etc. not only keep the data of their users for eternity but also use them for their own benefits. For instance, Facebook came under fire when it was revealed their data was used by a third-party to influence the US election.
While getting VPNs and using Tor browser can save you from hackers, it is almost impossible to keep your private data private from the websites you use on a daily basis.
Just recently, it has come to public knowledge that Amazon does not get rid of the files (that have been deleted by the user from their account) from its database of Echo and Alexa devices. Typically, users are of the idea that deleting a file from their account means it has been wiped off from the database too, but it turns out not to be the case.
This revelation came when Amazon wrote a letter Sen. Chris Coons (D-DE) on 28th June, 2019. The letter sheds light on how the company deals with its users when it comes to Alexa. In May of 2019, Coons questioned Amazon about how long the company retains its transcripts and video recordings.
CNET published a thorough investigation about Amazon and its privacy policies in May of this year. One of the questions in the research was whether Amazon retains voice interactions and text transcription with Alex or not, even when the user has deleted them.
Amazon explicitly answered that at least some of the transcripts are never deleted. One of the reasons is that Amazon has to delete the data from different parts of its global data storage systems and thereof it takes too long. The second reason being: Amazon simply chooses not to delete the data without notifying the user.
As a response to the CNET study, the vice president of public policy of Amazon, Brian Huseman said that the company is currently engaged in “ongoing effort to ensure those transcripts do not remain in any of Alexa’s other storage systems”.
It is a bit confusing to understand the type of data Amazon does retain. While the company claims that they are not holding the audio files, they do hold onto the transaction information that might occur with a voice command. For instance, if a user order pizza using Alexa, while their audio command might be deleted, the transaction information will be held on.
Huseman said, “We do not store the audio of Alexa’s response. However, we may still retain other records of customers’ Alexa interactions, including records of actions Alexa took in response to the customer’s request”.
Same is the case with Echo devices. While Amazon claims this done to ensure that if the user repeats a previous action – it can be made faster and convenient for them – it does mean that records of transactions or routine activities of every user are kept forever.
While explaining this, Huseman said, “And for other types of Alexa requests — for instance, setting a recurring alarm, asking Alexa to remind you of your anniversary, placing a meeting on your calendar, sending a message to a friend — customers would not want or expect deletion of the voice recording to delete the underlying data or prevent Alexa from performing the requested task”.
The controversy around Amazon’s privacy policies started when in April of 2019, Bloomberg published a report about it. The report outlined how thousands of Amazon’s employees have access to the text and voice transcripts of Alexa users.
This information can be easily used by anyone to create a use profile and have information about their personal life – leaving the user vulnerable in case the data is used by illegal/unethical reasons by a person who has access to it. According to Amazon, the reason why its employees have access is so that Alexa can be improved over time with machine learning methods.
Although this information is like stepping stones for Alexa, for users – it can result in unfortunate incidents. Secondly, it is clear breach of privacy of data. Recently, the company was scrutinized for violating the Children’s Online Privacy Protection Act (COPPA) as it collects and stores data of children who are aged below 13.
Whether Amazon will revise its privacy policies or not is a question that only time and its management can tell. We certainly hope that users’ data remain private instead of being used as information that can be easily passed around for learning purposes.