Report Claims Major Skype Privacy Lapse

Posted on January 10, 2020 by Paul Thurrott in Cloud, Skype with 10 Comments

A report in The Guardian claims that Skype and Cortana audio was accessed by workers in China with “no security measures.”

A former contractor who says he was hired with minimal vetting told the publication that “he reviewed thousands of potentially sensitive recordings on his personal laptop from his home in Beijing over the two years he worked for the company.”

“I judged British English (because I’m British), so I listened to people who had their Microsoft device set to British English, and I had access to all of this from my home laptop with a simple username and password login,” he claims. “They just give me a login over email and I will then have access to Cortana recordings. I could then hypothetically share this login with anyone. I heard all kinds of unusual conversations, including what could have been domestic violence. It sounds a bit crazy now, after educating myself on computer security, that they gave me the URL, a username and password sent over email.”

The program he was allegedly part of was discovered by Vice last summer, along with similar programs at Amazon, Apple, and Google. Each of these companies has taken steps since then to shore up the privacy of this work. Microsoft says it no longer carries out these reviews in an insecure manner.

“We review short snippets of de-identified voice data from a small percentage of customers to help improve voice-enabled features, and we sometimes engage partner companies in this work,” a Microsoft statement notes. “Review snippets are typically fewer than ten seconds long and no one reviewing these snippets would have access to longer conversations. We’ve always disclosed this to customers and operate to the highest privacy standards set out in laws like Europe’s GDPR.”

The statement continues.

“This past summer we carefully reviewed both the process we use and the communications with customers. As a result we updated our privacy statement to be even more clear about this work, and since then we’ve moved these reviews to secure facilities in a small number of countries. We will continue to take steps to give customers greater transparency and control over how we manage their data.”

 

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (10)

10 responses to “Report Claims Major Skype Privacy Lapse”

  1. nicholas_kathrein

    You can say Microsoft is more trustworthy than Google but no company is really trust worthy in a world where things get outsourced and temps hired.

  2. willc

    Microsoft is a much more trustworthy company [than Google] and has a good privacy story.” - Paul Thurrott

    • Kelly Hunter

      In reply to willc:

      It is possible to be better without being faultless.

    • ghostrider

      In reply to willc:

      MS are far from the 'trustworthy' company some say they are, and are in fact probably as bad as the worst out there. They consume vast quantities of personal data, and do what with it exactly? The co-erce and trick their customers into achieving their goals, they don't actually provide a total 'opt out' option for telemetry collection - for a very good reason that suits them.

      Sorry, for those who believe MS are holier-than-though, think again. You and your data are the 'product' MS are monetizing. Saying that, I'd say by far the least trustworthy tech company are Facebook. A truly abhorrent business.

  3. Winner

    And yet so many worry about Google "selling their data" (incorrect) but feel safe with Microsoft, with their advertising ID in the OS and now this.

  4. karlinhigh

    For whosoever shall keep the whole law, and yet offend in one point, he is guilty of all. 

    (James 2:10, which apparently inspires today's compliance and security work.)


  5. branpurn

    The unspoken price of doing business in China.

    • wright_is

      In reply to branpurn:

      This has nothing to do with China. The other employees for Apple, Amazon and Google were all over the world; for much of Europe, I believe they were in the former East Block countries (Poland, Rumania etc.).

      It is just where they can find cheap labour with the necessary language skills.

      It is the unspoken price of using Voice Assistants at the beginning of the AI revolution, they still need training and still need humans to monitor the conversations to ensure that they are being interpreted correctly.

  6. red.radar

    Key point of distinction: Did he have access to every skype call and could freely browse anyone's conversation ? Or was he given an inbox of samples for him to verify accuracy



Leave a Reply