Police Want Alexa Data; People Begin To Realize It’s Listening

It is interesting to see the wide coverage of a police investigation looking to harvest data from the Amazon Echo, the always-listening home automation device you may know as Alexa. A murder investigation has led them to issue Amazon a warrant to fork over any recordings made during the time of a crime, and Amazon has so far refused.

Not too long ago, this is the sort of news would have been discussed on Hackaday but the rest of my family would have never heard about it. Now we just need to get everyone to think one step beyond this and we’ll be getting somewhere.

What isn’t being discussed here is more of concern to me. How many of you have a piece of tape over your webcam right now? Why did you do that? It’s because we know there are compromised systems that allow attackers to turn on the camera remotely. Don’t we have to assume that this will eventually happen with the Echo as well? Police warrants likely to affect far less users than account breaches like the massive ones we’ve seen with password data.

All of the major voice activated technologies assert that their products are only listening for the trigger words. In this case, police aren’t just looking for a recording of someone saying “Alexa, help I’m being attacked by…” but for any question to Alexa that would put the suspect at the scene of the crime at a specific time. Put yourself in the mind of a black hat. If you could design malware to trigger on the word “Visa” you can probably catch a user giving their credit card number over the phone. This is, of course, a big step beyond the data already stored from normal use of the system.

It’s not surprising that Amazon would be served a warrant for this data. You would expect phone records (although not recordings of the calls) to be reviewed in any murder case. Already disclosed in this case is that a smart water meter from the home reported a rather large water usage during the time of the murder — a piece of evidence that may be used to indicate a crime scene clean-up effort.

What’s newsworthy here is that people who don’t normally think about device security are now wondering what their voice-controlled tech actually hears them say. And this is a step in the right direction.

143 thoughts on “Police Want Alexa Data; People Begin To Realize It’s Listening

    1. This. Always on voice is pretty awesome, really, but this shit should NEVER be logged, and thus it cannot be disclosed, so there’s no problem. If it IS being logged, then there’s definitely an issue there. I personally have no issue with it listening; and hell, I’m not deeply concerned about someone hacking it. I don’t say anything that can be used against me, after all – and if I was in a situation where such could be used against me, then I’d turn that off.

      But it ABSOLUTELY should not be logged by amazon (/ other providers), that should be garaunteed and while you can’t completely exclude the possibility of a hack resulting in someone logging it, if Amazon (/ other providers) *are* logging, then they should be vulnerable to class action lawsuits.

      Security here is important, and people need to take it seriously.

      1. ” I don’t say anything that can be used against me”
        You just did.
        Troll food right there, mmmmmmm….. troll food!

        Though, IRL:
        You can, say, gasp at a “terror attack, breaking news” on the TV and feeling glad you wern’t there reply to it, “That could of been us!!!!”

        Some misinterpretation later and you are being held for plotting an attack.

        Just a gentle thought.

          1. It didn’t, though?

            Because that would never come anywhere close to standing up in court, or even being anywhere near probable cause, and again: not tinfoil hat world where the gubmint is out to get me.

            For there to have been such an unlikely misunderstanding (note that Alexa would only have the words I said, not what I said them about) you’d need somebody listening. “Oh, that could have been us!” is hardly laden with triggers. And even if it was, people talk about terrorist attacks *all the time*. Rounding up everyone who talks about them is obviously not a practical approach.

            This data is being requested in a police investigation. Now, I don’t think it should be stored, to be clear, not do I think it should be given to them: keep playlists, reminders, sure; but not random talking.

          2. Recently in the US, there was a 2 minute video being circulated among the community on the right that clearly showed President Obama telling illegal immigrants to vote in the 2016 election. There’s no way a rational person could watch that video and think otherwise.

            Problem is, Faux News had edited down the original 6 minute video of Obama being interviewed by a Latina reporter in which he tells her that legal immigrants in this country should vote on behalf of the welfare of their relatives who may be here illegally to ensure they’re given a fair chance. There’s no way a rational person could watch THAT video, and think Obama was telling illegal immigrants to vote.

            It happens. The wrong thing said at the wrong time, and you’re this guy….or one the eight other people mentioned as having been exonerated in the article…especially if you’re brown. It doesn’t even have to be malfeasance like the Faux video, just a misinterpretation or other simple mistake.

            http://www.cbsnews.com/news/man-wrongly-convicted-of-double-murder-freed-after-38-years/

            The point of this article is we need to be aware of this when bringing things like this into our homes. We also need to be vigilant as a society, because we can’t trust a business to do the right thing. It’s not, for example, in Amazon’s best interest to not log your requests and conversations with these things. They mine that data to determine how best to sell things to you. Deleting the logs would deprive them of revenue, but puts you at risk. How do we balance those things? A visceral “It won’t affect me” cannot be the only response to a potential new threat. We need to think about them before making decisions.

          1. Adam:
            I highly doubt people sit there trying to specifically set people up because there are too many people to watch,
            instead replace the people with machine learning and/or phrase matching.
            When enough triggers are met, then alert the appropriate people who then perform human-level risk assessment. If, say someone didn’t like the look of your face or had footage of you having sex when they were assessing why they were alerted and decided either you (Joe public) or your partner (Joe public’s partner) were “bad in bed” or heaven forbid someone got told off by their manager that day…..

            Derrick:
            That means, no amount of tin foil will save you from, stupidity, human-error, corruption, failure.
            Oh and tin foil doesn’t block sound very well (unless you’re into BDSM?). Tin foil also doesn’t block you from typing something that can be used against you.

            Remember, Hackaday doesn’t have an edit button for example.

            Conclusion:
            Tin foil…. Hats, clothing, whatever are ineffective (and look stupid anyway).

    2. We all may need to build our own computer systems from the ground up. If it comes to that, here’s an EXCELLENT place to start –

      Book here:
      https://www.amazon.com/Elements-Computing-Systems-Building-Principles/dp/0262640686/ref=sr_1_1?ie=UTF8&qid=1482963410&sr=8-1&keywords=Elements+of+computing+systems

      Website here: http://www.nand2tetris.org

      Simply an outstanding learning exercise. I’ve made it through the first few chapters and exercises already.

    3. More open disclosure in regards to privacy settings, which in turn effects Alexa’s services. For instance, I buy Echo Dot. Upon setup I have several different security options.

      Setting 1: IDGAF. Record everything all the time cuz I’m and idiot and “have nothing to hide” Save a log in the cloud.
      Will be released by Amazon, upon request, to any Authorities. Can be used to help or hinder your defense.

      Setting 2: I don’t know some Half measure. Only record phrases/queries after keyword. Do/Don’t save log.
      Will/won’t release to authorities. Default to some setting, have to opt in/out later. Like Facebook did.

      Setting 3: How about the device only does what it’s supposed to? What you’d expect? Scans for a keyword, better yet a *clap* (clap on clap off style) only saves the phrase following to local memory, pushes that to Amazon server/API, then processes the response. The only thing logged is up/download, push/calls metadata from device to Amazon cloud.

      Setting 4: Don’t buy one.

      (The open disclosure privacy settings idea was my Wife’s)

      1. I’m confused…

        Any software that gets installed or run without my knowledge or permission is Malware.

        Alexa.com is basically drive by malware that steals all your internet data by playing MITM so they can sell your analytics.

        Alexa.com is owned by Amazon. Amazon now sells the Alexa home automation malware device Alexa.

        Why would anyone buy a malware device that constantly listens and uploads your data somewhere to be quantified and sold?

    4. If you don’t send it and process it locally you have even less to worry about. As engineers we need to start thinking about what can ethically be hosted in the cloud and not simply build things because they are possible.

    5. Android phones also listen all the time. They wait for you to say “ok google”.
      But slacker radio had some advertising picked out for me, when i never used this feature. I turned it off. But now when using google maps its coming on by itself. It prompts “im sorry i didnt get that”. I was talking with my wife while driving. Neither of us said “OK GOOGLE”! Creepy?

    1. Did you disconnect your water meter too? How about electric meter?
      “Already disclosed in this case is that a smart water meter from the home reported a rather large water usage during the time of the murder — a piece of evidence that may be used to indicate a crime scene clean-up effort.”

        1. Unfortunately, you are currently using a computer, which is probably running Windows, MacOS, iOS, or Android which are already known for sending information to governments. Even Ubuntu has been caught sending data over the Internet. When my local file search history started being sent to Amazon, I stopped using Ubuntu immediately.

          You’re also probably running on an Intel, AMD, or some ARM chip, all of which contain secondary blackbox CPUs with wireless transceivers inside of them which you cannot access but the manufacturer and government can at any time.

          You’re also probably using a keyboard, which produces enough EMI to be recorded and analyzed to capture every keystroke.

          We all live in a fishtank. Just make sure you are aware of it, because there’s nothing you can do about it unless you want to be the new Unabomber.

          1. You CAN do something: REDUCE the amount of data you produce. Yes i use a computer, yes i still (sadly) use Windows, but i don’t have a smartphone, i am not registered on Facebook and Co., i don’t have Amazon-NSA-Spy-Equipment and home, no store cards, …
            Attitudes “it’s too late” / “i don’t care” / … are catastrophic.

          2. A general reply as to your probability claim….

            Typing from one of my Dell E6400 laptops:
            Running Linux (Not ‘Buntu) on a GM45 with manufacturer disabled IMT/IME Intel management engine, BTW IME firmware is in-fact optional, also there are circuit pull-ups and pull-downs to further disable the ME.

            WiFi card is an RTL8187B (assuming I’m not accidentally using the spare laptop.)
            Click and CTRL F for RTL 8187 [WiKiPedia]
            My Wifi card is definately no black box as far as security goes.

            Metal frame, metal underbelly, metal screen case(except antenna area).
            Microphone attached to the webcam removed during full strip and rebuild and both placed on the newest BIOS that prevented excess fan noise.
            Oh and the keyboard is backlit through a metal mesh to reduce EMI (Metal mesh for EMI reduction that is).

            By far the least leakiest laptop I’ve owned, except for the swiss-cheese security age of the Linux distro I haven’t been bothered to replace and two plastics that could’ve been metal.

            Well probability….. Depends on what you are using and yes even my hardware is not the safest…

          3. “When my local file search history started being sent to Amazon, I stopped using Ubuntu immediately.”

            Seriously?? I turn off pretty much every privacy related option I can find in windows, and the online connected desktop search- especially with windows 10, and I use both that and mint linux. But I never knew anything about this… if it’s still separately sending private file searches to ANYONE I’m going to be pissed! That’s crazy….

          4. “all of which contain secondary blackbox CPUs with wireless transceivers inside of them which you cannot access but the manufacturer and government can at any time”

            Sources, please.

          5. Ubuntu. I like open-source. I live in a very well grounded mobile home, so unless someone has the interior of the place tapped, I doubt they are recording EMI. As for the “…secondary blackbox CPUs with wireless transceivers inside…” any links to that? Not being a smart-ass, I’d really like to read up on that. I am aware that in this “civilized society” no one is truly anonymous nor is there any privacy. But I do like to avoid as much invasion as possible :)

          6. “Unfortunately, you are currently using a computer, which is probably running Windows, MacOS, iOS, or Android which are already known for sending information to governments.”

            [Citation required], because this is complete bullshit. These operating systems are not “already known for sending information to governments.”

            “You’re also probably running on an Intel, AMD, or some ARM chip, all of which contain secondary blackbox CPUs with wireless transceivers inside of them which you cannot access but the manufacturer and government can at any time.”

            [Citation required], because this is complete bullshit. Bluetooth and WiFi chipsets are black boxes but “the manufacturer and government” cannot “access at any time.”

            Go take your meds.

          7. “[Citation required], because this is complete bullshit. These operating systems are not “already known for sending information to governments.””
            Windows (10 and others) is known for sending informations back to MS and MS collaborates with NSA (that probably has access anyway to any server at least in the USA), so…

            For the blackbox CPU the intel management engine is a real thing that also has access to the network interface, but i don’t think it contains a transceiver, would probably be quite difficult to fit a usefull antenna inside a CPU…

        2. I don’t have a smart phone either. I have a cheap Trac phone and most of the time it is stored inside a small metal can and turned off so i can’t be tracked everywhere i drive. I have a smart meter on the house, but have a screen over it so there’s way less radiation coming from it. I would never in a million yrs have an Alexa in the house. I don’t even have cable tv. I just have computer and i don’t have a web cam, but see a web came eye on the laptop and i covered it with a piece of duct tape. A friend told me yrs ago that i should also mute the voice/volume.

    2. 1\Detective, we narrowed our fugitives whereabouts to this city block.
      2\Good job Sergeant, now bring me all digital fingerprints from this apartment complex.
      1\Hmm thats weird, over 100 citizens live there, but only DainBramage appears to live in a black hole. He refused smart energy/water meters, no alexa, no google spymeNow, cortana, no IoShit, no webcams. He must be hiding something.
      2\ We got our guy, lets make it a no knock, and dont worry if he happens to reach for a toothbrush and gets shot, he is a dangerous criminal after all!!1

      google “NYPD Officers Search Wrong Home; Post Photos Of Handcuffed Family To Snapchat” if you think that never happens

    3. It’s the only way to go. I thought Web cams were concerning years ago. I cannot fathom dealing with an Alexa-like device in my home. None of this is necessary for a happy life.

        1. Yes, there are downsides. There are also workarounds. If you live in a place like NYC, for example – vote with your feet and wallet and just GTFO to a place where there’s more freedom.

          While freedom is uniform in theory, in practice it isn’t, not by a long shot. I’m not even sure that one size should try to fit all. Just going on, say “my right to swing my fist ends at your nose” – one can understand why different rules might be appropriate for a big city than where I live, where if you’re even aware of what I’m doing – you’re trespassing. I can swing my arms all I want and never hit anyone. I can sink wells, collect rainwater (I’m on the east side of the country…), whatever, build things and not bother with permits (we outnumber the local government by a huge margin here).

          The tradeoff is there’s almost no drama here, it’s 30 miles roundtrip to get beer, and so on. If you don’t do it, it doesn’t get done. Most city folk don’t realize how much gets done for them (which they pay taxes for and have nasty regulations to make possible) – but there is still a choice in how to live if you choose your location wisely.

          Other tradeoffs – when the sun doesn’t shine, you either don’t use power or you run some backup generator. If your well pump fails, you fix it – there’s no landlord or city to complain to. And so on. No point whining when at this point, it’s still all a matter of choice and no one is forcing you to choose any particular set of tradeoffs.

          1. Another trade-off — finding a job. Try finding a job designing chips for a living in a rural area. Some careers (like teacher or plumber) are universally needed. Others, like semiconductor design, are confined to a few specific areas.

            I live in a medium-large city, and I am fortunate enough to have access to rural areas. I used to live on 5 acres where it was 13 miles to the closest gas station, buy my job was still only 1/2 hour away. I had well water, a septic tank, and raised chickens and turkeys. So, that type of life is available here. Still, the cost of electricity was higher, and propane delivered by truck is a LOT more expensive than natural gas delivered by pipe.

            However, the industry here seems to be shrinking. Intel had a fab here and shut it down years ago. The existing semiconductor businesses are holding stable or shrinking (software seems to be booming, however, but that is not something that I want to do). If something happens to force me to seek another job, I dread the thought of having to move to a hell-hole like California, Illinois, or New York.

      1. Agreed … And it will be… Pls people, refrain from having nothing to hide: you dont know what you have to hide period. And 1984? Come on.. Thats so…uhh… 1984… I wish someone was in control (? Yes? No? Sometimes?) ;)

    1. There isn’t much by way of *options* in my country.

      We have mandatory warrant-less meta data collection by service providers who then have to send such data to a black hole government department. The so called *meta data* includes all URLs visited, the time location, destination and duration of all phone calls. The geo-location of mobile phones every ~5 minutes weather in use or not.

      We have URL blocking and I personally have had a government website about legislation being blocked so they’re obviously not too worried about scrutiny either of the URL or by the public.

      I recently switched over to the new national broken network and my network terminating unit or modem has inbuilt VOIP and none of the VOIP settings are even viewable on the officially specified modem and that mean I don’t have any clue as to where my calls my be routed via and no way to find out. I simply don’t have that level of trust in a government.

      I don’t use any smart phone or mobile device. I use a VPN internet connection and it looks like I have to get rid of the official VOIP and revert to different hardware with an extra encryption layer.

      The TL;DR; is that governments have corrupt elements just any human organisation, the public brings there people out in the open, now corrupt government officials have so much power over individuals that no one will dare to report them. Then you have the issue with justice and that is *justice itself* is a shared experience – when one person is treated unjustly then it has a roll on effect to everyone else. You cannot argue your right to peaceful enjoyment of you home when your country is in civil war and that is entirely the outcome when justice collapses.

      1. As Snowden said, the US is a potential turnkey tyranny right now. I’d guess it’s the same for most any other country actually. If a technical capability exists, it will eventually be misused against the people it is supposedly intended to protect.

  1. “How many of you have a piece of tape over your webcam right now?”

    I’m amused by how many people at the office have their laptop webcam blocked by a sticker. None of them, so far as I am aware, have done anything to disable the microphone.

    I haven’t blocked my webcam at work because what are they going to see? Me sitting at my desk coding, or perhaps the back of my chair if I’m away from my desk. I’d be more concerned about audio, since I routinely have discussions with coworkers in my cube that are company-confidential. But then, I’d expect bugging the building would be easier to achieve. If you could hack in, you’d do better by just copying the source code control system repository (easy for an insider to accomplish).

    In principle, I’d be more paranoid about my personal laptop, but the same basic thing applies. You can see my face while I stare at the screen, or the back of the chair it sits in front of most of the time. Frankly, I’d be concerned if the camera could see the screen or the keyboard, but they can’t.

        1. Is it really a hardware switch, or is it just a switch pulling a pin to a state, telling the chip it’s connected to that it shouldn’t activate the camera? There’s a difference. :)

    1. Smart companies don’t secretly record. It makes them vulnerable too. Say you talk about how the company is working on a project or other information the company wants to keep secure. Or if you’re dealing with information that is confidential and must be kept secure. If the company logs then that logged data must also be kept just as secure as the programs you produce or the HR records. Except they don’t know what parts of that data are sensitive or confidential so they can’t be selective. That increases the costs. All that to catch an employee slacking off or using offensive language? Things that they’d probably catch in other ways?

    2. If they’ve managed to hack your camera or microphone, they could have easily installed a keystroke logger, too, which I’d consider far more potentially damaging – passwords, email contents, credit card data, etc. And whereas the camera/microphone compromise would have a significant upstream data rate which could raise suspicion, the keystroke logger would not.

  2. I really wish efforts were geared toward device-local voice recognition and AI. I don’t even like to use the “OK Google” stuff on my phone since I found out I can review all of my recordings. It has triggered a couple of times when it falsely thought I said the trigger word too. I didn’t. Of course this doesn’t solve the issue of having microphones that can listen in. If you’re worried about that, worry about your phone too.

    1. Local speech recognition was done for years already. Nuance did it fairly well (Dragon NaturallySpeaking). There is some free and open-source software that can do it. There are libraries for PIC micros that do keyword-based speech recognition, In 80s there were simple speech-decoding chips for hobbyists, they worked but weren’t very good…
      The problem is not in software, but in business models employed by Microsoft, Google, Amazon, Apple and others. They want to provide software as service and also grab all personal information for marketing and research so they could sell other products to potential users. It’s the same with anything that uses cloud, whenever it’s a thermostat or sports tracker or something like Evernote. It’s a trap…

      1. There are libraries but nothing that is setup to replicate the abilities of Google Home or Amazon Alexa. Everyone is making devices and software that rely on sending your voice to the providers own servers to be processed and stored. No one is making anything that can do it locally. Next Things has a kickstarter for a dashbot device that sits in your car, however I think even it interfaces with the Alexa api.

  3. I disabled the internet connection of a replacement home thermostat I received. It could also listen in on everything, waiting for a certain keyword, but it was always listening. After recognizing that I didn’t know enough about how it worked, or how others could use it, I decided I didn’t need voice control for the thing, nor remote control over the internet. I was actually glad to move to a different house shortly afterwards that had an incompatible system, so it’s in a box now.

    1. What’s BS? It doesn’t say anywhere in the article that your assertion isn’t true- and it looks like it confirms that (or says Amazon has stated that).

      If you do own an echo and have monitored it, then you know that for the most part you’re right, but that it relatively frequently gets false positives on the keyword and sends data when you didn’t explicitly say the keyword either. And there’s absolutely potential for software (either legitimate or malware) to be installed to trigger on different keywords to be used for this kind of thing. If you’re knowledgeable enough to feel comfortable mitigating that risk however you choose that’s great, but I think it’s good that articles bring these topics up so people that aren’t as knowledgeable about it can learn more.

      For me personally, even knowing that (outside of errors) it only logs on the keyword, I still choose to only plug it in for periods when I intend to use it. Just like I don’t leave people alone in my house even if I trust them. It’s simple to do, I don’t lose anything from it, and it just eliminates the question altogether (at least during the time the precaution is being taken).

  4. Thanks for this article! It’s good to see people aware of the security issues that new technology poses. Cyber-security is a really interesting field right now especially with things like Amazon Echo and Google Home. I mean, these companies have been building databases of information already, it’s just that now there are even more ways that this information can be obtained. The important thing is how this information is used/secured.

    1. Not to get off topic but I just looked at google’s page for the google home and saw this:
      “and a mute button lets you put Google Home’s microphones on standby.”
      keyword here being standby. It doesn’t say off. Just thought that was amusing after reading this article

  5. I have no doubt that the Alexa and the Home will be hacked to allow wake on other keywords without the LEDs indicating recognition. The value of waking surreptitiously on words like “bomb” or “ISIS” is just too tempting.

  6. Look look, who would have thought it?

    spy-law n° 1: If it can technically be done it will be done one day. Laws are just paper, governments and companys don’t really care and laws can be changed.

    BTW, i neither have a mic nor a webcam on my computer…

  7. An interesting question here is whether Law Enforcement would even need a warrant to tap the stream from Alexa/Siri…? My (weak) understanding of the warrant process is that a warrant is only needed if there is a “reasonable expectation of privacy”. If a person voluntarily sends all the audio from their living room to a company (Amazon in this case) to provide them a service, is that expectation of privacy broken now? If there is no expectation of privacy, no warrant is needed. An example would be if a Policeman were sitting behind a person having a discussion at a bar of killing someone, that discussion would be admissible in court because there is no expectation of privacy in a public place like a bar.

    1. There better be an expectation of privacy in a conversation AT HOME with a non-government entity. You could be talking about private matters, private purchases, banking information. It’s not being broadcast to anyone, it’s a connection/conversation from one party to another.

      It’s more like talking on a telephone than going to a bar.

  8. There’s another way to turn Alexa for evil purposes. While the owners are away, order something pricey and schedule a next-day delivery. Be there on the porch when it’s dropped off. It’d be burglary without the bother of breaking and entering. The victims would not know until their credit card statement arrives.

      1. I have been on a videoconference with someone who had an Echo nearby. I said “Alexa, play Never Gonna Give You Up by Rick Astley” and it dutifully rick-rolled my business partner.

  9. If amazon gives in then they can kiss goodbye to future sales, Think about it If word gets round that Amazon roll over for the police anytime a crime is committed who in their right mind would pay a company the privilege of having a digital snitch.
    Technology is amazing I love it but government try to find new ways of turning it against it’s owners all too often. We as a world are blindly walking into a dystopian nightmare.

    I hate the fact that even in this digital age the majority of the population think facebook is the internet. I live in the UK and one of the main things googled this year was “what is the EU” I mean these fuckers can vote! there is not enough intelligent people out there most people vote for whoever they like best, They think voting is a spin off from X-factor, American idol etc. We need to get serious on privacy and the only way to do that is send the politicians a message, I just don’t think the majority of people know enough about it to care. The supports of state privacy invasion always repeat the same mantra “If you have nothing to hide, you have nothing to fear.” Well I do have something to fear and it is reality TV watching, photo of lunch posting fuckwits like them.

    God I needed to get that off my chest. LOL

      1. “If you have nothing to hide, you have nothing to fear”

        To that I’d say, “Please remove all curtains from your windows, the doors from your bedrooms and bathrooms, and install internet accessible video cameras with sound in every room. Record every conversation you have with everyone everywhere and make that internet accessible, too.”

        1. To that I need to add, “Make your bank balance openly internet accessible along with a log of everything you purchase, where you purchase it and when. Place a tracking device on your car which logs where you are and everywhere you’ve been, also openly internet accessible.”

    1. “We as a world are blindly walking into a dystopian nightmare.”

      And we’re even voluntarily buying and installing our own personal Telescreens for Big Brother. But we can always count on Big Brother to be benevolent and to monitor and punish those within the Inner and Outer Parties who aren’t, right?

  10. It looks like the only recordings that are supposed to be recorded are when a command is activated, or so they say:

    “1.3 Voice Services. You control Alexa with your voice. Alexa streams audio to the cloud when you interact with Alexa. Alexa processes and retains your voice input and other information, such as your music playlists and your Alexa to-do and shopping lists, in the cloud to respond to your requests and improve our services. Learn more about these voice services including how to delete voice recordings associated with your account.”

    https://www.amazon.com/gp/help/customer/display.html?nodeId=201809740

  11. The first time I was this was when my daughter put a bandaid over the camera lens on here laptop.

    This primitive security measure has a number of advantages –

    Direct physical access to the lap top is required to disable the security device.

    At all times a through evaluation of the security status is completed and the results are very prominently displayed to the user in real time.

    There are no known vulnerabilities in code dependencies.

    Remote code execution is impossible.

    Arbitrary code execution is impossible.

    Uploading code to the target is impossible.

  12. You all should play pick up sticks on a wet windy day outside while wearing rubber suits and quacking like ducks as YA compare cracks to hack the back-slacked neo marina matrix and chase that damn rabbit to the govt hole in your heads right after. Each of you all draw a crayon pic of God. Now bravo big brains and go play in traffic …. Yall just bee hammed . Oops meant quacks …. Snack pack? Yum boy I’m dumb…. Lol

  13. Think about the amount of mobile phones currently silently listening in the world.
    A physical switch would probably be the only real way but then what about the rest of them. [ also note that most modern smart phones have two microphones and probably a couple of speakers that can be used backwards. ] I wonder if anyone can listen in on the pc speaker [ port 7 ]
    I guess people will just need to put in a little more effort when planning ahead.

    1. Output circuits are just output circuits(limitations and other side thoughts aside).
      How can a low impedance (relative to VCC and or V+/-/GND etc) get a signal to a high impedance input and then be digitised on a *digital to analog output and then stored in the output bit stream before finally being saved to some sane storage?

      Would only work if the output isn’t PWM (class D) and the return amplifier from the speaker was attenuated enough to not cause problems (i.e distortion/overvoltage/etc) and the return amplifier was connected to the analog to digital input. That will be the only way a speaker can be connected as a recording device in, say a phone.

      * yep you read that correct, a DAC cannot record due to physical physical limitation of the (usual) circuit. Remember an output!=Input

        1. Yes, though they configured the output as an input (key word is configured)

          Inside the codec, the output is switched off for the pins and an input is switched over to it instead (think big old clunky A/B switches to share printers between computers but in silicon and switching between input/output)

  14. ” In this case, police aren’t just looking for a recording of someone saying “Alexa, help I’m being attacked by…” but for any question to Alexa that would put the suspect at the scene of the crime at a specific time.

    From what I read Amazon did hand over account details and such, so the times it was used is probably already in the hands of the cops, and the only reason Amazon won’t hand over the actual recordings is because then everybody will know they have recordings..

  15. Incidentally, water meters and even Alexa are nothing compared what cars will do to people, with their increased 360 degree cameras and RADAR and sound recordings and location data of course, I dread the day that all cars are self-driving, not because of the driving but because of the side-effect of total monitoring, think about it, how many cars are outside your house right now? imagine them all looking at you…. then imagine them looking at you whenever you are on or near any road. And that’s just for people without cars, once you own one of those cars it’s bye-bye privacy.

    And it’s annoying because those Teslas are damn nice, if only they didn’t come with that price tag.

    1. I didn’t think about cars for surveillance….
      I go back routes (where cars don’t fit) with my pushbike and there is a long abandoned railway route that had been tarmacked for cyclists.
      But, even that won’t last forever.

  16. Whats so hard here? From what I read the police already have the guy’s Amazon account, so they already have the data Amazon has.

    All the Police have to do is the following:

    1) Load the Alexa app on a phone, or get access to the device that has the app already setup.
    2) login as the owner of the device. (not needed if they have the device that setup the Alexa.)
    3) Click on the 3 lines to bring up the menu
    4) Click Settings
    5) Click History
    6) Audio and search history!! Capture audio to another recording device for evidence.

    Either these cops have no idea the Alexa app does this, or the cops are going public for other ulterior motives.

    1. Maybe the guy locked the account, or Amazon did.
      Mind you they should at that point also have purged the audio data, why is that saved anyway?
      Could it be the NSA/CIA/ are good buddies unlike the local cops who are not a big government outfit and are not security cleared? Same as the previous cases where the FBI tried to get info from a company that the NSA probably already had on file.

  17. Richard Stallman was right we should start listening to him. For years I thought he was paranoid and I ignored him. Since Snowden I know that I was wrong.

    Sent from a Librebooted ThinkPad X200.

  18. This is probably a bit of an over reaction. As someone that has made Alexa apps I have had discussions with other developers about this possibility. Alexa sits there and doesn’t send a single byte until you say the keyword “Alexa”. Then they might keep voice query recordings for ” optimization” but I don’t know that they claim to. Other than the metadata about searches, Amazon probably can’t help the athorities all that much.

    1. It takes a rather breathtaking amount of conceit to think that the government or its agencies (or anyone here for that matter) gives a damn about your self indulgences of this sort.

      1. Private activities, watching porn, an affair, what do you think would be most useful in manipulating a person? Or do you believe that unlike the rest of society, in the government there is *NOT* one single corrupt individual?

        1. I strongly suspect that those that relieve themselves in this way belong to a class that no one is threatened enough by, or would be considered useful enough to be exploited this way. Look, we hemorrhage data about ourselves constantly and mostly (and likely most importantly) in ways we cannot control. Getting one’s shirt in a knot over something like a webcam is like people who are scrupulous about washing raw vegetables at home, but blithely order a salad at a restaurant that they have no idea how it was made, or by whom. Any reasonable expectation of privacy is a thing of the past; there is no defence except by removing yourself completely from civilisation. It this is a concern, the fight has to be a broad political one, sandbagging is just not going to make a difference and what is worse, only gives a false sense of control.

          1. I have seen a police officer send an email with a child abuse picture to a man and then charge the man and had his children removed from the family because the man was a bidder competing with the officers father for a large development property worth millions of dollars.

            Are you saying this is just OK and we should just accept it?

          2. No I am saying this is the way it is and half-measures are not going to make a difference. The situation is execrable and negatively impacts already us in many subtle ways, but the cure has to be broad-spectrum or it is a waste of time. Putting tape on one’s webcam, even a company making a stand over a warrant isn’t going to change anything, sweeping legislation might. The problem with this story, as the leading article points out, is not that that the traffic from Alexa and similar devices could be subpoenaed during the investigation of a crime, its that they exist at all.

      1. I don’t think someone (or anyone at all) listens (initially),
        I think everything* TRIES to listen,
        then when enough triggers* have been met then a human finally gets involved to pre-assess the situation and then it gets either:
        Ignored, or
        Elevated.

        .
        .
        .
        .
        .

        *”Everything” is the key word here as in machines. Also triggers maybe keywords and/or phrases, things out of the ordinary (Using software/hardware combo like OpenCV/OpenMV, neuro-machine learning/AI… but in a closed source form for video “crime detection”).

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.