Are Alexa skills sure?

Amazon's digital voice assistant Alexa is constantly listening in and conversations with the device are stored indefinitely as audio and text files. What is problematic in terms of data protection law is now becoming even more delicate, because the Interior Ministry wants investigators to be able to use Alexa for their work in the future. German intelligence services can already access Alexa tapping material through their partners in the USA.

Introduction: Looks like an ice hockey puck at first, but is a lot smarter, this little roommate that Amazon would like to put in our house. A voice assistant that can do everything: play music, write down shopping lists - but above all: eavesdrop on us. Alexa - "Do you always listen?" "I'm not a spy and only listen when you say the activation word" - So if you call the thing by its name ... But unfortunately, dear Alexa is more curious than she claims. And the perfect wiretapping system for the secret services. One that we kindly put in our own booth. Terrible. Practically. Marcus Weller.

This is the world as Amazon imagines it. Modern people live with the voice assistant "Alexa", let them wake them up, turn on the light, read the weather report - it just works if you ask "Alexa".

Alexa: Alexa Echo Dot is a device that can provide information, music and much more ...

Prof. Norbert Pohlmann - Institute for Internet Security

"My voice-controlled private assistant has his microphones on almost all the time and waits for the activation word, for example Alexa."

If "Alexa" feels addressed, for example because you say the keywords "Computer", "Amazon" or "Alexa", it sends what has been said to the Amazon server and processes it there. If it recognizes a command, it executes it and plays music, for example.

Everything that is discussed with the device is stored on the Amazon servers. Both the recording of the voice and a written version of what was said.

Gerhart Baum. The former Federal Minister of the Interior sees the spread of language assistants with great concern.

Gerhart Baum - former Federal Minister of the Interior

"With Alexa, you can get eavesdropping into your apartment, so to speak. And by passing it on, even if you agree to it, you open the door for a use that you as a user no longer overlook."

Like all other providers, Amazon promises to handle its customers' data carefully. It is particularly important to the group that customer data is protected from access by the state.

In fact, only one case has been reported so far in which investigators wanted and got access to the voice files of an Amazon customer.

In November 2015, a body was found in a man's hot tub in Arkansas. There was an Amazon Echo speaker nearby. The prosecutor was concerned with his data.

Prosecutor

"He could have recorded parts of the act ..."

Amazon refused to release the data at the time. Only after the accused had consented, the group released the stored content.

This is how data protection is understood at the Amazon headquarters in Seattle: The highest possible hurdles for state access. But the hurdles are not that high after all - not even for investigators from Germany.

Nikolaos Gazeas - Expert in international criminal law

"The Alexa voice recordings that are on Amazon's servers are in no way protected from state access. As far as they are in the USA, they can be queried and retrieved under the laws there and such knowledge can be obtained through legal assistance, for example in criminal cases can also be issued to German authorities. "

KONTRASTE research now shows for the first time that German investigators also tried to obtain Alexa voice recordings last year.

In 2018, the operator of a trading platform in the so-called Darknet was on trial. Drugs and weapons were traded in its forum. The assassin David S. used one of these weapons to shoot nine people in Munich. The operator of the forum, Alexander U., had an Amazon Echo loudspeaker in his living room - the investigators recognized the opportunity. They applied for a search warrant on Amazon.

Nikolaos Gazeas - Expert in international criminal law

Above all, the case shows that law enforcement agencies have discovered Alexa as a possible investigative tool. Anyone who has such a device on the living room table at home should know that they are potentially voluntarily creating evidence against themselves with it.

The order was not carried out, the investigators already had enough evidence. The defendant was sentenced to six years in prison.

When asked, Amazon says: Customer data will be shared when the request to do so is legally, binding and correctly delivered.

Reaching for the voice data from Alexa and Co is always a deep invasion of privacy, because it can also affect bystanders.

Let's try it: does Alexa also record calls that are not intended for Amazon? The scenario: a conversation among colleagues

Person 1 "Alexa put sugar on the shopping list ... coffee cream, oat milk"

Person 2 "Yesterday I came into my son's room, then he was sitting in front of the screen with a huge joint"

Person 1 "tea, coffee ..."

Person 2 "in front of him is a big mountain of grass. Maybe he is dealing or something. I'm really worried."

Prof. Norbert Pohlmann - Institute for Internet Security

"When the activation word is said then the recording starts and you now wait for a natural end. But if this end is not recognizable for the software then a lot more is recorded."

In our example, not the entire conversation was transmitted, but crucial parts of it:

Person 2 giant joint

Person 1 tea ...

Person 2 in front of him is a large mountain of grass.

Let's assume that the company is being investigated and that the Alexa Sparach data is being accessed ...

Nikolaos Gazeas - Expert in international criminal law

"In such cases, it can always happen that one finds incidental finds, that is, indications of criminal offenses that have nothing to do with the specific procedure that is being investigated, but rather point to other criminal offenses. Such incidental findings are usable and usually lead to the fact that another criminal case will then be initiated. "

The German intelligence services have also recognized the value of voice assistants. And they have the opportunity to get to the data, at least when it comes to American corporations like Amazon. Because in the USA, intelligence services like the NSA are allowed to request data from corporations - and they have to deliver, at least when it comes to data from foreigners.

In the future, manufacturers such as Amazon are to be obliged to provide German intelligence services with automated, technical access to their devices. This is what the Interior Ministry drafts for the reform of the BND and the Protection of the Constitution Act.

Thorsten Wetzling - New Responsibility Foundation

"If the law comes, that can mean that you manipulate the microphone or the camera of a device connected to the Internet in such a way that you record the recordings and that could now also be done by the Federal Intelligence Service and the military shielding service."

Contrasts

"Would that be such Alexa parts?"

Thorsten Wetzling - New Responsibility Foundation

"That would be exactly that, yes."

KONTRASTE asked the news services whether they are already able to use Amazon's "Echo" loudspeaker as a bug. The BND does not want to say anything about it and the Federal Office for the Protection of the Constitution points out that according to the law it has the right to monitor living space.

The Bundestag member Martina Renner refuses the federal government the answer to a parallel question, because then this ability would be public and thus lost and

Quote: no replacement by other instruments possible.

Gerhart Baum - former Federal Minister of the Interior

We are under constant eavesdropping. People have to keep that in mind. They trade their human dignity for their comfort.

Contribution by Marcus Weller