Employees Who Listen to Amazon Alexa Requests Can Access Customers' Home Addresses
Earlier this month, Bloomberg shared details on the thousands of employees that Amazon employs around the world to listen to voice recordings captured in the homes of Amazon Echo owners when the Alexa wake word is spoken, with the purpose of improving the service.
There was some concerning information in the report, including employee access to private recordings, recordings that are upsetting or potentially criminal, and an employee tendency to share private recordings in group work chat environments. As it turns out, there's something Alexa owners should be even more worried about -- some of these employees have access to the home addresses of Amazon customers.
In a new report on the team Amazon employs to listen to Amazon Echo recordings, Bloomberg says that employees have access to location data and can "easily find a customer's home address" by typing geographic coordinates into third-party mapping software. The new information was shared by five anonymous Amazon employees who spoke to Bloomberg.
Team members with access to Alexa users' geographic coordinates can easily type them into third-party mapping software and find home residences, according to the employees, who signed nondisclosure agreements barring them from speaking publicly about the program.
While there's no indication Amazon employees with access to the data have attempted to track down individual users, two members of the Alexa team expressed concern to Bloomberg that Amazon was granting unnecessarily broad access to customer data that would make it easy to identify a device's owner.
Bloomberg saw a demonstration where an Amazon team member pasted a user's coordinates (stored on Amazon's servers as latitude and longitude) into Google Maps, finding the address for the user linked to the recording in less than a minute. It's not clear how many people are able to access that system, though two Amazon employees said that until recently, the "vast majority" of workers in the Alexa Data Services group could use the software.
Certain employees on the data team listening to recordings have access to home and work addresses for customers along with phone numbers and access to their contacts if the person has chosen to share contacts with Alexa, all for the purpose of improving requests.
That employees can access specific location data for an individual customer is concerning because after the original report, Amazon had this to say: "Employees do not have direct access to information that can identify the person or account as part of this workflow."
In a new statement provided to Bloomberg, Amazon said something different, calling access to internal tools "highly controlled."
In a new statement responding to this story, Amazon said "access to internal tools is highly controlled, and is only granted to a limited number of employees who require these tools to train and improve the service by processing an extremely small sample of interactions. Our policies strictly prohibit employee access to or use of customer data for any other reason, and we have a zero tolerance policy for abuse of our systems. We regularly audit employee access to internal tools and limit access whenever and wherever possible."
Amazon, says Bloomberg, appears to be restricting the level of access that employees have to sensitive customer data, and after the original story, some of the workers who transcribe and annotate audio recordings no longer had access to software tools they had previously used.
Alexa users concerned with the data that's being collected and used by Amazon should make sure to enable all privacy features and uncheck the option for letting Amazon save Echo recordings.