There are many concerns regarding smart home devices such as Alexa and the Google dot listening in to potentially highly confidential conversations, but do you have such a device in your home office?
Personally, I love working from home. I have a nice view out of my window, and I take my lunch breaks as opposed to sitting at my desk with a cuppa-soup. The coffee is much better and the temperature is perfect.
Working in an office doesn’t always have these things and you can’t normally turn up wearing nothing but a bath towel. Though one thing an office offers is a secure place to conduct business. The business owners will have performed their due diligence in selecting an office then potentially spend a lot of money to secure and implement the appropriate security controls. They kit out the offices to allow their employees to come and conduct their business.
Something arrived in my post today which I was looking forward to installing in my office to make life a little more hi-tech. My amazing significant other (who has no formal Security training) immediately asked me what was in the parcel. I said it was an Alexa echo. I was then interrogated with the following questions:
- Did you know Amazon listen in on conversations?
- Did you know they pick up your conversations and target advertisements to your conversations?
- How much did you spend on it?
Now, i feel like i haven’t done my due diligence. The very idea of someone listening in on my personal conversations I was not too bothered about. The highlight of my week is playing with the train set with the children the rest of the stuff is menial middle-aged operations. If anyone wants to listen for Quality Control purposes, then that’s fine with me. I am not that interesting.
So, let’s have a look at question number one. I had heard rumours. There are reports that both Google Assistant and Alexa hire staff/contractors to listen for QC purposes. For this to happen, they are most likely (I hope) to strip away anything which is personally identifiable before they can store it. Though even in doing so they can still build a profile which is unique to you and is therefore considered personally identifiable information (PII)
The second question seems logical, Google and Amazon are search engines. Fundamentally, most of these devices are mainly marketing tools aimed at making it easier for you to spend money. If you use Google to search the internet it will target advertisements around what you are looking for.
Amazon will do the same if you are looking for something to buy it will often suggest products that may interest you. If you are happy with the websites (Google and Amazon) then you’ll logically allow them to be helpful in the home, right?
This left me feeling happier. But though I am happy for Amazon/Google to listen to the occasional conversation. I am not sure I am happy for them to listen in to my business conversations. The risk is low of anything being said that someone would do anything with. Surely Amazon/Google will have the appropriate contracts in place with the QC departments and the appropriate security clearances required though do we need to consider these devices in our remote working policy? The answer has to be a yes, depends on your information classifications. I wouldn’t hold a conversation about trade secrets in the presence of these smart devices despite the likelihood that your conversation is picked up upon a hundred million other users. Whilst I am not sure of the maths here, or the take up of such devices and any QC operating procedures. Though it is a concern.
Have you ever been talking about buying someone something obscure only to retrieve targeted advertisements for that item? You might assume Alexa or Google to be the culprit, but have you considered that most of us carry personal technology around with us, a phone, a watch, a tablet? Do we have any assurances that the hundred T&Cs and privacy statements we have clicked ‘Accept’ to (software, hardware vendors for example) have auto enrolled us to targeted advertisements eavesdropping by using the microphones on any such device?
Sadly we all cannot install faraday cage booths in our homes to allow us to hold confidential meetings so how do you safeguard your trade secrets at home? Encrypted meetings in a room with no other devices would be a good starting point. Switch off other devices with a microphone. Simple controls are often affective but should be considered.
… Now where do we start with all the cameras in the world? Who is watching your activity, your screen, your habits, your movements. Who is watching right now?