Tuesday, April 16, 2019

Google could be bankrupting Apple's privacy promises by handing over iPhone data to the police - INSIDER

Google could be bankrupting Apple's privacy promises by handing over iPhone data to the police - INSIDER


Google could be bankrupting Apple's privacy promises by handing over iPhone data to the police - INSIDER

Posted: 15 Apr 2019 04:37 AM PDT

  • Having an iPhone doesn't stop Google handing over your data to the police, according to a New York Times investigation.
  • Apple has long touted itself as more privacy-conscious than competitors like Google, and even opposed the FBI over a case it said would set a "dangerous precedent" for user privacy.
  • But the Times found that Google is giving law enforcement data from both Android devices and iPhones when requests are granted.
  • Apple told the Times that it doesn't have the ability to furnish law enforcement with data in the same way as Google.
  • Visit BusinessInsider.com for more stories.

A New York Times investigation into how Google furnishes law enforcement with phone data exposed one crucial detail — having an iPhone doesn't stop Google handing over your data.

The in-depth investigation by the Times revealed many details about how Google uses its in-house database — called Sensorvault — to cooperate with law enforcement.

Using the database, Google is able to provide police with the data of phones from a specific time and location. By submitting "geofence" warrants, police are able to look at which phones were in close proximity to a crime. According to a Google employee, the firm once received as many as 180 of such requests in one week.

The data attached to each phone is initially anonymous, then once police have whittled down the number of suspect devices, Google provides them with the names of the people each device is associated with.

The technology has been praised as a useful tool for law enforcement, but the Times piece calls into question whether its powers are too sweeping, especially in the case of innocent people's data.

Former Google employee Brian McClendon who oversaw Google Maps until 2015, told the Times the method seemed to him "like a fishing expedition."

iPhones are findable in Google's database

An intelligence analyst, who has himself examined the data from hundreds of phones, told the Times that it wasn't just Android users who had their information examined by law enforcement. He said "most Android devices" and "some iPhones" had their data made available by Google.

Investigators told the Times that they hadn't sent the warrants to any other companies apart from Google, and Apple said it didn't have the ability to perform the same kind of searches.

Read more: Apple News won't let advertisers track users or monitor what they read

It is not clear from the Times' piece exactly how Google was able to provide law enforcement with the data of iPhone users, although it seems possible that it was able to do so through installed Google services, such as Google Maps.

Apple was not immediately available for comment when contacted by Business Insider.

Apple has a history of locking horns with law enforcement

Apple famously refused to help the FBI break into the phone of Syed Rizwan Farook, a perpetrator of the 2015 San Bernardino shooting, which left 14 people dead. Farook was shot dead by police.

Apple CEO Tim Cook published an open letter in 2016, saying that the FBI's request for Apple to build a new version of its iOS operating software to break into Farook's phone would not only create a weakness exploitable by hackers, but that it would set a "dangerous precedent."

Apple CEO Tim Cook.
Getty

"The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone's microphone or camera without your knowledge," Cook wrote.

Privacy remains a major marketing point for Apple, which it flaunts at Google's expense. At CES this year, Apple mocked Google with a huge poster which read: "What happens on your iPhone, stays on your iPhone." Last month, the company released a video ad with the tagline: "If privacy matters in your life, it should matter to the phone your life is on."

Read more: Apple released a 45-second video on why you should care about your smartphone's privacy

Google's cooperation with law enforcement is not blind. It requires a warrant, and officials told the Times that Google has pushed back on searches it considers overly broad.

"We vigorously protect the privacy of our users while supporting the important work of law enforcement," Google's director of law enforcement and information security, Richard Salgado, said in a statement sent to Business Insider.

"We have created a new process for these specific requests designed to honor our legal obligations while narrowing the scope of data disclosed and only producing information that identifies specific users where legally required."

Equally, Apple does not always refuse requests from law enforcement for user data. "When the FBI has requested data that's in our possession, we have provided it," Cook wrote in his 2016 letter.

Amazon workers reportedly listen to what you tell Alexa — here's how Apple and Google handle what you say to their voice assistants - Business Insider

Posted: 15 Apr 2019 07:41 AM PDT

When Amazon introduced the Echo in 2014, questions and concerns arose about the level of privacy users should expect by inviting a device that's designed to listen into the home. Now, more than three years later, having a virtual assistant like Alexa everywhere from the living room to the kitchen feels like the norm.

But privacy woes bubbled up again last week when Bloomberg published a report indicating that Amazon employees and contractors manually review and transcribe clips of conversations Alexa users have with the company's digital assistant. The online retail giant reportedly employs thousands of people around the world to transcribe and annotate some recordings, which the company then uses to improve Alexa's accuracy.

The report also indicates that Amazon workers sometimes share certain audio snippets in internal company chat rooms, either when they need help interpreting a muffled word or to relieve stress when they accidentally hear something troubling.

Amazon is far from the only major tech firm that sells voice-activated devices designed to listen for requests. Amazon may be the current industry leader, but Google's line of Google Assistant-powered smart speakers is slowly gaining sizable market share.

The search giant's slice of the U.S. smart speaker market jumped from 18.4% in January 2018 to 23.9% during the same month in 2019, according to a survey conducted by Voiceify and Voicebot.ai. Apple also sells a high-end home speaker called the HomePod, which has Siri built-in.

Virtual assistants from Amazon, Google, and Apple only monitor your utterances when they hear the corresponding wake word. Google and Amazon allow you to delete all of your voice requests at any time, and Echo device owners can opt out of having their voice requests shared with Amazon's team for review.

Here's a closer look at how Google and Apple handle the data recorded by such devices.

Apple

Olly Curtis/Future Publishing via Getty Images

When you ask Siri a question like "What will the weather be like tomorrow?" or "What's next on my calendar?" your name along with your request is sent to Apple's voice recognition server so that Siri can personalize its response. Apple extracts this information from your contact card in the Siri & Search settings, and it's protected by encrypted protocols when being sent to Apple's servers.

But that doesn't mean Apple can tell that it's you when you ask Siri a question. Your request and the information from your contact card is tied to a random identifier that your device generates — meaning none of the data sent to Apple's servers is associated with your Apple ID account. You can also reset that random identifier anytime by turning "Siri and Dictation" off and then switching it back on again to reset your history with Siri, as Apple outlines on its privacy website.

Apple saves voice recordings for six months at a time to improve Siri's accuracy and performance, according to a security white paper from the company. After that six-month period, Apple saves another copy of the data without its identifier, which it may use for up to two years to help Siri perform better. The company also saves a small subset of recordings, transcripts, and associated data beyond that two-year period to improve Siri, and such data may go through a grading process that involves human reviewers. But any data sent for grading is randomized and stripped of its identifier.

Amazon workers, comparatively, have access to an account number, the user's first name, and the device's serial number when reviewing Alexa recordings, according to Bloomberg's report. The publication said it learned this from a screenshot it reviewed.

Google

Beck Diefenbach/Reuters

Google saves voice and audio clips when a user that's logged into their Google account says the "O.K. Google" trigger phrase or taps the microphone icon. It will only record and save audio when the "Voice & Audio Activity" setting on a user's Google account is turned on.

Google also has a manual review system in place for some audio snippets, but says this process only applies to a "fraction" of recordings. "We conduct a very limited fraction of audio transcription to improve speech recognition systems, and apply a wide range of techniques to protect user privacy," the company said in a statement to Business Insider. Any audio snippets sent to Google are not associated with personally identifiable information.

To turn the Voice & Audio Activity" setting off, navigate to Google's website, select "Data & personalization," and choose "Voice & Audio Activity." Then, turn "Voice & Audio Activity" off. The company provides more information about how to do this on mobile devices on its support page here.

You can also review and delete all of your Google Assistant activity by navigating to myaccount.google.com, selecting the "Data & personalization" option, and then selecting "Voice & Audio Activity" under the "Activity controls" subhead. From there, select "Manage Activity" to view your voice request history, and then choose the "Delete activity by" option to erase your voice data by date and product.

No comments:

Post a Comment