Amazon Removes Option to Opt Out of Voice Recording Storage

Amazon announced it is removing the option to opt out of sending voice recordings for users of the Echo Dot, the Echo Show 10, and the Echo Show 15. This feature was reportedly only used by 0.03% of users, while all other consumers who utilize these devices have been sending their recordings to Amazon. The company is enhancing Alexa’s features by incorporating generative artificial intelligence features. This requires Amazon to process all recordings in the cloud.

In 2023, Amazon was ordered to pay $25 million as part of a settlement with the Federal Trade Commission and the Department of Justice. Amazon was required to change its practices as part of the settlement. The press release at the time stated that Amazon is required to “overhaul its deletion practices and implement stringent privacy safeguards to settle charges the company violated the Children’s Online Privacy Protection Act Rule (COPPA Rule) and deceived parents and users of the Alexa voice assistant service about its data deletion practices.”

Kevin Cleary, University of Buffalo Professor and information security expert, said, “Even all of our cell phones are recording a lot of what we’re saying and digitizing that. So, there are major privacy concerns there. They’re written by a combination of legal teams and technical teams that are trying to indemnify any kind of risk or future use of that data. So is somebody a digital privacy advocate? Yes. This is a huge concern to me.”

Cleary said consumers have lost the ability to decide how their data is collected and used. He said the consent and ability to determine how your data is used is a “basic, fundamental privacy right.”

In 2009, Eric Schmidt was the CEO of Google and said “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” Similar sentiments were shared after NSA whistleblower Edward Snowden revealed that the U.S. government was collecting data on private citizens and foreigners without cause.

Snowden is still living in Russia as he avoids coming back to his home country to face trial. The mass collection of private citizen data has been considered by many to be a violation of the Fourth Amendment, which protects against unreasonable searches and seizures. Still, there is no violation by the tech companies for collecting this data because users opt into user agreements, sometimes without realizing what they are agreeing to.

Cleary said, “We want to use what we want to use. In that moment, the privacy implications kind of become secondary. I think a lot of us kind of fall into that, that bubble of, look, I want to use this now the privacy concerns aren’t first and foremost in the front of my mind, or it’s not something that’s necessarily tangible to me right now, I want to use that Alexa. I want to use that echo. I want to be able to talk to it from across the room and have whatever music play that I want, or make some kind of an order that convenience is is worth it enough to us that we’re willing to, in that moment, forego any of those policy concerns.”

Cleary also explained that there is always a risk of a data breach and asked what happens when somebody gets ahold of this private data without authorization. Cleary added, “It shouldn’t have to be something that we opt into. It should have to be something that we opt out of. And unfortunately, that’s not the law.”

Last week, Senator Rand Paul, Chairman of the U.S. Senate Homeland Security & Governmental Affairs Committee, wrote a letter to Attorney General Pam Bondi regarding concerns about the “integrity of U.S. user data in the context of the Cloud Act and UK statutes.” Last month, Joe Lancaster reported that The United Kingdom’s Home Office demanded that Apple provide law enforcement access to users’ private data. The U.K. government asked for all user data, not just U.K. users.

The Clarifying Lawful Overseas Use of Data (CLOUD) Act was passed in 2018, which requires tech companies like Apple and Amazon to provide private consumer data to the government when requested.

Senator Paul posted a tweet against the bill before it passed in 2018. He quoted Neema Singh Guliani, ACLU legislative counsel, who wrote an op-ed for The Hill. It states, “Congress should reject the CLOUD Act because it fails to protect human rights or Americans’ privacy…gives up their constitutional role, and gives far too much power to the attorney general, the secretary of state, the president and foreign governments.”

The U.K. can request private user data from tech companies and prohibit the company from disclosing the existence of the order. This is described within the U.K.’s Investigatory Powers Act.

On March 13, five U.S. Senators signed a letter to the Investigatory Powers Tribunal, an independent public body, to ask the court to “remove the cloak of secrecy related to notices given to American technology companies by the United Kingdom.”

The letter states that Apple and Google have informed Senator Ron Wyden that they would be barred from disclosing the existence of an order from the U.K. government if they received a technical capabilities notice.

Apple is challenging the order in court but has already moved to weaken security protocols to comply with the orders of the U.K. government. The company issued a statement stating new users in the U.K. would not have access to “Advanced Data Protection,” and users without this currently enabled will no longer be able to do so.

In his article for Reason, Lancaster stated that Apple is correct in challenging this in court. He wrote, “It would be impossible to design a vulnerability to encryption that can only be exploited by police, or with a court order, or any other exception you can imagine. By definition, any encryption ‘back door’ open to law enforcement could also be exploited by hackers.”