When it comes to evaluating technology in the home, there seems to be no shortage of new devices and shiny gadgets, mainly part of the Internet of Things (IoT), to discuss. Unfortunately, there seems to be no shortage of security issues to consider regarding these same devices, either.
It's not uncommon to hear of "virtual break-ins" caused by a malicious hacker connecting to a home's network or accessing sensitive information through smart thermostats, refrigerators, and doorbells.
However, there is a particular kind of technology that is becoming increasingly popular, both in and outside of the home: the voice-activated device. Think of the many devices that "wake up" when they hear their name called – "Hey Google" on Google Homes, "Alexa" on Amazon's devices, and "Hey Siri" for the Apple iPhone. Even more recently, applications such as Spotify are waking up to related commands like "Hey Spotify."
It's true that this feature can be useful. Without having to do anything more than speak, users can set reminders, ("Hey Siri, remind me to move the laundry into the dryer in 45 minutes.") play music, ("Alexa, play 70s soul classics.") or get directions and traffic reports. ("Hey Google, how long will it take me to get to the other side of town?") Long gone are the days where folks might tie thread around their finger to remind them of something, manually put on a record, or pull out a paper map with a seemingly endless number of folds.
While these things certainly have sentimental value, it must be admitted that the corresponding present-day digital action is often more convenient.
What Are the Privacy Concerns?
However, consider the method in which these devices "wake up." They must be listening for their keyword all the time. How would they know to activate once being called upon otherwise?
The audio is first recorded and then analyzed, not just by computers but by other humans. In this 2019 blog post, David Monsees, the Google product manager for Google Home's language search, says that "experts review and transcribe a small set of queries to help us better understand... languages." Google Home allows these recordings to be deleted, but it is not the default setting.
Monsees explains that users "can turn off storing audio data to [their] Google account completely or choose to auto-delete data after every 3 months or 18 months." This is especially concerning for those who work from home and are having conversations that are normally kept private by providing physical protection such as a closed-door conference room.
Furthermore, on January 12, 2021, Spotify was granted a patent to analyze the audio data collected from its new "Hey Spotify" feature to make music suggestions based on the emotional state, age, gender, and accents of the user. This means that data outside of the default wake call is being collected, stored, and used. This is a major privacy concern, both for individuals and for their employers if working from home.
Playing It Safe
So, how can you prevent sensitive information from being shared in your own home?
First, turn off voice activation. Almost all devices with this feature have an "off" switch, either on the device itself (in the case of a Google Home or Amazon Alexa) or within the virtual device settings (in the case of smartphones and individual applications like Spotify). Although voice-activated features are occasionally helpful, consider the security benefits of choosing to take a few extra seconds to manually set a timer, play music, and look up directions and traffic reports instead of asking a virtual assistant to do it for you.
Second, if you have previously had a voice-activated device in your home, go to that device's settings and delete all previously stored data. While this does not delete the information that has already been sent and processed by the respective company and its servers, it does prevent that audio from being accessed time and time again.
Third, consider creating two different WiFi networks in your home: one for your smart devices and another for everything else. This can make it more difficult for malicious hackers to enter through an IoT device and make their way to devices with a great deal of personal information. Interestingly, Google Home requires that it be on the same network as your personal devices.
Like with most things, the better way is often not the easier or more convenient route.
But remember: security is everyone's responsibility.