them, George says.
These devices are gathering details about us as we move through our days and weeks, capturing our habitual patterns, George says. A voice assistant such as Siri may volunteer information you haven’t asked for—such as a traffic snag ahead on your routine route to pick up the kids from school, he says.
“That gives you an indication of what kind of information is being collected on a daily basis,” George says. Voice data is an increasing part of the inputs for this analysis.
Diana Kelley, an IBM executive security advisor who works with companies on their cybersecurity measures, says she’s optimistic that with the right controls, voice capabilities need not be a major threat to data privacy and security.
Within companies, the rise of voice interactivity is just the latest in a series of technology developments that security teams have handled, Kelley says. After the advent of social media, Wi-Fi, and cloud computing, cybersecurity experts have developed processes to vet and procure company equipment, as well as train staff in best practices, she says. And they’re not starting from scratch in voice privacy and security now.
“We’ve had mikes in our smart devices for a number of years,” Kelley says. People may already be used to taking care that their smartphone mikes (as well as cameras) are switched off when they’re not needed. Some voice privacy measures have already become part of data handling standards, such as masking credit card numbers in recorded calls, she says.
The difference these days is more in quantity than in kind, Kelley says.
“Voice interaction really looks like it’s going to be widely adopted,” Kelley says, judging by the consumer demand for connected devices in homes and especially in cars. “Now we’ve got more of them,” Kelley says. “We have to make sure we’ve got protections in each one of them.”
Voice interaction is not only being built into devices, but will also be included as a feature in the apps our devices connect with, such as mapping and direction services and shopping carts, Kelley says.
Kelley sees this as an opportunity for companies to refresh their training on cybersecurity for staffers—whether they’re in a boardroom with a voice-enabled TV, or in their bedrooms where a voice assistant is waiting for their orders.
“Just remember, your device is listening when you wake up,” Kelley says. High-level executives have to consider—do they want to have that conversation in the car, with the phone on? “What they say could potentially be recorded.”
TVs are very common in office lobbies, boardrooms and conference rooms, and many are now voice-enabled, Kelley says.
Should these listening devices be in the office at all? It depends how important it is to watch the news or use the TV for a remote two-way conference. “You have to weigh the business need against that security risk,” Kelley says.
Rather than rule out these devices entirely, security teams follow a list of precautions, Kelley says. They question prospective vendors on the built-in safeguards and security options in their equipment.
For example, is the device’s voice assistant always on, or just listening for a key word to wake up? Can you mute the microphone, so it won’t switch to active listening mode even if you say the key word?
Other questions asked:
Does the device save all your searches, and can you delete them? Is the voice data encrypted when it’s in use, when it’s in transit from one place to another, and when it’s stored?
Where will your information go? A TV may answer a request for a certain video by connecting to a third party app that has a database of movies, Kelley says. Increasingly, such outside apps will be voice-enabled, as these systems of interconnected services are further built out, she says.
While consumers may not have cybersecurity staffs to grill device vendors and change default settings, they can make it clear to manufacturers that they want privacy protections, Kelley says.
“It’s very important for manufacturers to take this seriously,” Kelley says.
Photo credit: Globe with headset, © pressmaster, depositphotos
