A report in The Guardian claims that Skype and Cortana audio was accessed by workers in China with “no security measures.”
A former contractor who says he was hired with minimal vetting told the publication that “he reviewed thousands of potentially sensitive recordings on his personal laptop from his home in Beijing over the two years he worked for the company.”
“I judged British English (because I’m British), so I listened to people who had their Microsoft device set to British English, and I had access to all of this from my home laptop with a simple username and password login,” he claims. “They just give me a login over email and I will then have access to Cortana recordings. I could then hypothetically share this login with anyone. I heard all kinds of unusual conversations, including what could have been domestic violence. It sounds a bit crazy now, after educating myself on computer security, that they gave me the URL, a username and password sent over email.”
The program he was allegedly part of was discovered by Vice last summer, along with similar programs at Amazon, Apple, and Google. Each of these companies has taken steps since then to shore up the privacy of this work. Microsoft says it no longer carries out these reviews in an insecure manner.
“We review short snippets of de-identified voice data from a small percentage of customers to help improve voice-enabled features, and we sometimes engage partner companies in this work,” a Microsoft statement notes. “Review snippets are typically fewer than ten seconds long and no one reviewing these snippets would have access to longer conversations. We’ve always disclosed this to customers and operate to the highest privacy standards set out in laws like Europe’s GDPR.”
The statement continues.
“This past summer we carefully reviewed both the process we use and the communications with customers. As a result we updated our privacy statement to be even more clear about this work, and since then we’ve moved these reviews to secure facilities in a small number of countries. We will continue to take steps to give customers greater transparency and control over how we manage their data.”