Georgetown Law
Technology Review

The modern digital assistant has been in the works for decades. IBM introduced the Shoebox, a speech recognition machine that had a vocabulary of sixteen words, in 1962.1IBM, Pioneering Speech Recognition, IBM 100: ICONS OF PROGRESS, https://www-03.ibm.com/ibm/history/ibm100/us/en/icons/speechreco/ (last visited Oct. 24, 2017). Over time, speech recognition machines have evolved from the Shoebox to automated telephone support, and now they take the form of internet-connected devices such as Amazon Alexa, Google Assistant, and Apple’s Siri. Today’s digital assistants provide consumers with many conveniences—controlling their music, house lights, or thermostat with nothing more than their voice—but also raise several privacy concerns.

For digital assistants to function, the hardware is built to include microphones that are always listening, waiting to hear the “wake word” that signals the consumer is providing a command.2Tim Moynihan, Alexa and Google Home Record What You Say. But What Happens to that Data?, WIRED (Dec. 12, 2016, 9:00 AM), https://www.wired.com/2016/12/alexa-and-google-record-your-voice/. This hardware can be a cell phone, a smart speaker placed in the home, a vehicle, or even a washing machine.3See Lisa Eadicicco, Amazon Is Already Winning the Next Big Arms Race in Tech, TIME (Jan. 5, 2017), http://time.com/4624067/amazon-echo-alexa-ces-2017/. To make sure the assistant receives the full command, these devices are not only always listening, but always recording.4Moynihan, supra note 2. However, the prerecording and wake-word recognition is processed locally, so only the audio recorded after the wake word is stored and transmitted to the servers to be processed.5Id.

That audio recorded prior to one of these devices hearing its wake word is kept local may reduce some privacy concerns, but these devices aren’t foolproof. Recently, Google made the decision to disable a touch-to-activate feature on its new Google Home Mini device because a hardware defect caused some units to think the feature was constantly being activated.6Eric Limer, Accident or Not, Google’s Eavesdropping Mistake Is Terrifying, POPULAR MECHANICS (Oct. 11, 2017), http://www.popularmechanics.com/technology/security/news/a28586/google-home-mini-caught-eavesdropping/. The devices impacted by this defect were always listening and transmitting audio clips to be stored on Google’s servers.7Id.

Google has taken steps to prevent accidents like this from continuing to happen, but the incident raises an important concern: digital assistants could be recording and transmitting audio without consumers ever realizing.8Id. There are ways to mitigate this concern. For example, Apple’s Siri solely processes voice recordings locally, or a company could also require a second command in addition to the wake word before transmitting recordings to a server (similar to the functionality seen in Google’s Clip camera).9See id.; Mark Sullivan, Apple Explains How It’s Making Siri Smart Without Endangering User Privacy, FAST CO. (Sept. 11, 2017), https://www.fastcompany.com/40443055/apple-explains-how-its-making-siri-smart-without-endangering-user-privacy. The downside to this approach, however, is that the consumer may not be able to improve the assistant’s accuracy as effectively when the only data being sent to the servers is de-identified.10Sullivan, supra note 9. This privacy-versus-AI-development dichotomy may have resulted in Apple, which has taken a very public stance on promoting user privacy, lagging behind its competition in AI development; but these are the types of debates that will continue to develop as these devices become ubiquitous in consumers’ daily lives.11See id.

Additionally, as the presence of these always-listening microphones continues to grow, there are concerns over what access law enforcement may have the data captured. Amazon found itself at the forefront of this debate when prosecutors in Arkansas sought a court order for data from an Amazon Echo device in the home of a murder suspect.12Sam Shead, Amazon Won’t Back Down from a Fight with the Police Over Recordings that Could Help to Solve a Murder, BUS. INSIDER (Feb. 24, 2017, 5:29 AM), http://www.businessinsider.com/amazon-alexa-recordings-murder-investigation-2017-2. Amazon challenged the subpoena, arguing that the recordings were constitutionally protected, but the company eventually released the data to prosecutors after the suspect consented to the disclosure.13Iman Smith, Amazon Releases Echo Data in Murder Case, Dropping First Amendment Argument, PUB. BROAD. SERV. (Mar. 8, 2017, 2:38 PM), https://www.pbs.org/newshour/nation/amazon-releases-echo-data-murder-case-dropping-first-amendment-argument. As a result, much like the encryption debate that surrounded Apple’s legal battle with the FBI over access to data on an iPhone owned by a perpetrator of the San Bernardino shooting, the legal questions that surround law enforcement access to data recorded by these devices remain unanswered by the courts.14See Alina Selyukh, A Year After San Bernardino and Apple-FBI, Where Are We on Encryption?, NAT’L PUB. RADIO (Dec. 3, 2016, 1:00 PM), http://www.npr.org/sections/alltechconsidered/2016/12/03/504130977/a-year-after-san-bernardino-and-apple-fbi-where-are-we-on-encryption.

To assist the courts, organizations such as the ACLU have stated that, regardless of potential constitutional protections of the data, Congress needs to provide legislative protections similar to those that have been enacted for wiretaps.15Jay Stanley, The Privacy Threat from Always-On Microphones Like the Amazon Echo, AM. CIVIL LIBERTIES UNION (Jan. 13, 2017 10:15 AM), https://www.aclu.org/blog/privacy-technology/privacy-threat-always-microphones-amazon-echo.

Although these digital assistants have raised a number of privacy concerns, the rapidly growing market for digital-assistant-enabled products means that consumers likely prioritize the conveniences they provide over the potential privacy issues they create. As such, while courts may eventually extend some constitutional protections to consumers using these devices, the onus is on Congress and consumer-protection agencies to proactively create legal protections for the data collected by these devices. Until these protections are in place, there are more questions than answers surrounding who can use this data and in what ways, and consumers are dependent on policy decisions made by companies and law enforcement agencies to make sure the data is not misused.