INDIANAPOLIS — Millions of Americans rely on their smart speakers to turn on the lights, play music, activate their home alarm or even check the news – but at what price to your privacy does that convenience come?
Dane Nutty from the Public Safety Foundation says he’s turned his home into a “smart home” with multiple devices connected to each other through the various apps.
“Some people say it may be a lazy thing, like turning on and off the lights,” Nutty said. “But once you start to use some of the devices, it’s all about time management.”
He’s just one of hundreds of millions of users who have filled their home and lives with smart devices.
But Gus Dimitrelos, a retired secret service agent and cyber security consultant, said users are forfeiting their privacy for convenience.
“If you enable that device to monitor your activity within the privacy of your home, then you’re exposing yourself,” Dimitrelos said.
He says those quick and simple commands you use to control your life are stored on the tech giant’s servers.
“You’re agreeing to store your data on their servers. The servers are available by law enforcement with search warrants,” Dimitrelos said.
Reports from Amazon, Google and Apple show local and federal law enforcement sought data from nearly 700,000 accounts in just a one-year period. The FBI and NSA also make thousands of requests each year to tech companies for user information and those tech companies hand over user data in about two-thirds of those cases, Call 6 Investigates has found.
See the latest transparency reports:
And sometimes those devices are recording more than just the simple commands you give them – Amazon stores their recordings and allows users to go through them online.
Call 6’ Investigates' Paris Lewbel went through those recordings with Nutty, who says they dated back to the day when he first got his devices – and some of them weren’t even him. Amazon also recorded clips from things like TV commercials.
Although most of the clips were short – less than a second long – and contained very little information, they were still right there on Amazon’s servers.
“It’s always kind of interesting to go back and hear random statements that you’re making,” Nutty said. “There are times I’ll look over and see the little ring going on and thinking, ‘I didn’t ask her anything.’”
Our sister station, ABC Action News, contacted Amazon about the recordings and a spokesperson said the readings were likely generated by something being said that sounded like “Alexa” – the word that triggers the device to start recording.
An Amazon spokeswoman said audio files stored on its servers can be deleted by users at any time through the privacy dashboard and also suggested users set their Echo device to “Amazon Echo” or “computer” – instead of “Alexa” – to eliminate some of those errant recordings.
But Dimitrelos says changing the name of your Amazon Echo won’t protect your privacy. He compares these devices to allowing a stranger to come into your home and listen to your private conversations.
“If you enable that device to monitor your activity within the privacy of your home, then you’re exposing yourself,” said Dimitrelos.
Dimitrelos said many users often grant tech companies that full permission when signing the service agreements – without even thinking about it.
“Whether it’s Microsoft, whether it’s Google, whether it’s Apple – you’re agreeing to store your data on their servers,” said Dimitrelos. “In these cases, where audio recorders are in your house, you’re allowing them to monitor your voice at all times.
And the government is increasingly requesting those voice recordings.
Our sister station also reached out to Google and Apple about how users are recorded on smart speakers.
In a statement, a Google spokesperson said, “All the devices that come with the Google Assistant are designed with privacy in mind.”
“Google only stores voice-based queries received immediately after recognizing of hot words ‘OK Google’ or ‘Hey Google.’ Hot word detection runs locally on the Google Home device across a short snippet of microphone data. If the hot word is not detected on that short snippet, the snippet is immediately discarded. If the hot word is recognized the data including the query contents are sent to Google servers for analyzing and storage in personal activity history.”
A company spokesperson for Apple said its smart speakers are only triggered to record with the phrase “Hey Siri” and data is protected on its cloud servers through end-to-end encryption and not associated with your Apple ID – but a random identifier.
Demand for smart speakers is on the rise. Amazon, Google and Apple have reportedly sold hundreds of millions of these devices in recent years.
You can download your own data from big technology companies to see exactly what they collect and store: