The Next Level Network Blog

IT Management, Security, Compliance for Regulated Firms

Is AI Snooping On Your Office Conversations? Cyber Security Training Can Keep Them Confidential

Oct 11, 2018 5:53:03 PM / by Eric Benda, CEO

Take Action Before Letting Alexa, Siri and Bixby Into Your Private Meetings!

Are our artificial intelligence devices listening to us all the time and saving our conversations? The fact is, we just don’t know. Although most of the alarm has centered around home use of these devices, it’s time that we consider the potential negative implications on data security and privacy in the workplace – especially as regards regulated businesses. So what do we know?

Search online for this issue and you’ll find an array of articles from top technology media – TechCrunch, Wired and others – attempting to prove or disprove the concerns. When asked to comment for these stories, the key players in home-based AI -- Amazon with its Echo/Alexa offering, Apple and its Siri, Samsung and its Bixby personal assistant and Google with its Google Assistant -- deny their devices are listening to us except when they hear their ‘hotword’ or ‘wake word’.

They tell us how to delete and turn off listening history. But they also point out that turning off this capability interferes with a device’s ability to learn enough about us to assist us effectively.

Despite these denials and directions, as recently as August of this year, Wired reported that a loophole was revealed at the DefCon hacking convention in Las Vegas, where researchers from Chinese tech giant Tencent demonstrated how they were able to tap into an Amazon Echo speaker. They also stated that the hack was not simple to implement.

That would be somewhat reassuring, had Amazon not applied this spring for a patent for technology that would allow Alexa to listen in on conversations and then reply. This goes far beyond the notion of a dutiful assistant responding to commands in order to make useful recommendations of products and services.

Though Amazon stated that the patent was for future consideration rather than for features they’re currently planning to roll out, it’s easy to see the direction of this technology without coming off like a conspiracy theorist.  Once again tech is evolving faster than our ability to understand potential pitfalls.

What does this mean in the workplace?

Although most AI devices are currently being deployed in the home setting, they’re finding their way into the office. Every smartphone today has a built-in virtual assistant. You can dictate your emails to Siri, as well as text messages, and ‘she’ll’ put activities on your to-do list and give you reminders. But if she sends an email via Google rather than through the secure corporate email account – all of a sudden you’re out of SEC compliance.

And it’s not just smartphones. Electronics of all kinds are coming with AI built in. This includes laptops and that new flat-screen TV in the conference room where privacy is most definitely a priority. There have been cases where a word is uttered that sounds like the ‘wake word’ to the device and it starts recording.

The problem is that, unlike what most of us think, the words aren’t stored in the device, but are sent up to the Internet for translation. Yes, the recordings are said to be encrypted en route, but how are they being stored, and for how long? More of what we don’t know. And there’s much more.

What Happens When You Exit an Uber Vehicle?

Are you aware that when you get where you’re going and exit the vehicle, the Uber app continues to track you for five minutes? Some VC executives in Silicon Valley did not want to reveal their final destinations for business meetings. They would end their Uber rides a few blocks from their final destinations and walk the rest of the way.

They were shocked to learn that they were still being tracked to their end points. But the fine print in the Uber terms of service gives them permission. If you turn off location awareness on your phone, you defeat the primary features of the service.

So, what can you do to protect your company’s data security and privacy? Short of banning AI devices from your offices, which wouldn’t really help in these days of BYOD (Bring Your Own Device), it takes Cyber security planning and training.

Cyber security training for employees will assure that everyone understands the potential issues and protects against them. It raises awareness of how to stay on the right side of compliance regulations and how to protect sensitive information on the road and at home, as well as in the office.

Cyber Security training is an ongoing process as technology continues to evolve. Enlist a cyber security specialist team, whose business it is to assess and identify weaknesses in your environment and teach staff and management how to avoid problems before they arise. If you’d like to speak with the Soundshore Technology Group’s cyber security experts send an email to sales@soundshore.net. We’ll be happy to help.

Have you had any unusual experiences with artificial intelligence devices? Please share them in the comments.

If you want to take a broader look at your cyber security status, download our free Cyber Security Self-Assessment Checklist.



Topics: cyber security

Eric Benda, CEO

Written by Eric Benda, CEO