Remember When We Were the Listeners and Off Meant OFF!?

Today I felt the need to utter the words "Okay Google" into my phone (an Android, obviously). Not because I wanted to ask Google's personal digital assistant to do something for me. Quite the contrary: I just wanted to see if it would respond. And the reason for my query wasn't about whether the personal assistant would actually help me with something. Rather, it was to confirm that it wouldn't wake up—because I don't have this feature enabled.

What prompted me to test my phone? I was stopped at a red light, listening to a talk show on the radio. There was discussion around the recent murder case in Arkansas where prosecutors are looking to secure data stored on an Amazon Echo. This gave me pause and I couldn’t help but think about these devices and the “services” they conveniently offer. How does this technology impact me personally? And society?

The reason for my resulting concern was driven by the fact we've seen features get turned on automatically. Sometimes features and settings are:

  • enabled by default and the settings never got reviewed

  • turned on by another service without it being approved

  • updated by the vendor in a recent "patch" or "update"

So, I uttered the words. Thankfully, no response.

But my concern didn't stop there. The lack of response made me think: does Google (or Siri/Apple or Alexa/Amazon, for that matter) have selective hearing? Do they still listen to us even when the setting is turned off or disabled?

 Common "wake words" for popular devices

Common "wake words" for popular devices

Sure, these personal assistants may not respond when we utter their "wake word"—just like some of our significant others might not respond when we ask them to take out the trash. But that doesn't mean they aren't listening. It could be that they are capturing most things (everything?) you say, and simply storing it away in their memory banks only to use it to their advantage down the road.

And if they are, in fact, listening and recording everything we say (approved or not), it's very concerning that the data could be accessible to others—for sale, upon friendly request, by theft, or even by force. We don't want to think this is the case, that our data is being stolen, sold, and misused—but it is.

Keep in mind, though I asked my phone to wake up, the issue doesn't stop with mobile devices. Clearly, the Amazon Echo is in question here as well. But even more troubling is that the apps we use on these devices are also listening.

And soon all our IoT devices will be listening too.

Sure, you may choose to forego privacy and to turn these features on. That's your choice. But when you choose to turn them off, are you blindly accepting the Terms and Conditions that allow these devices, apps and services to listen to you and store and use this information anyway? Is the fictional HAL 9000 becoming our reality? “Dave, I can see you're really upset about this. I honestly think you ought to sit down calmly, take a stress pill, and think things over.”

I’m not sure if this is really an issue. What do you think? I'd love to hear from you (in the comments, not through my phone).

Sean Martin, CISSP, Editor in Chief, ITSPmagazine