Not only did Microsoft outsource the reviewing of Cortana and Skype audio recordings to contractors, but a fresh report now claims that the company did so in China with pitiful security measures in place.
This follows on from the revelation last August that Microsoft employees and third-party contractors were listening to Cortana and Skype interactions, analyzing recordings with the goal of improving the services.
- Microsoft in 2019: a year of Edge wins and Windows fails
- 6 ways to protect your family’s online privacy
- Which is the best smart speaker?
This raised predictably big question marks over privacy and security – particularly because the audio data sometimes involved quite personal details and information, by all accounts, being sent for processing outside of Microsoft.
But at the time, the report from Vice’s Motherboard noted that Microsoft insisted the audio data analyzed was only available to these external contractors via a secure online portal, but the new report in The Guardian claims otherwise, having spoken to a former contractor.
That contractor says that this program ran for years with literally “no security measures”, and over in China, he reviewed thousands of such Cortana and Skype audio recordings on his personal laptop in his home in Beijing – for two years. (Initially, he did work from an office, but apparently was soon allowed to work from home).
The worker claims that contractors could access the recordings simply using a web app in Google Chrome, and they all had a Microsoft account freshly set up using the same password, no less. Login details (just a simple username and password) were emailed to contractors in plain text.
Security nightmare
The contractor further claims that there was practically no vetting of the staff doing these recording evaluations, and the whole setup sounds like a security nightmare, frankly.
If all these details of the lax security are on the money, the fact that the operation was based in China also raises the prospect of the Chinese government having had access to these Cortana and Skype recordings. That’s particularly worrying in terms of Skype, of course, where full conversations were carried out.
At the time of the original report, Microsoft revised its privacy policy to clarify that such (anonymized) audio recording analysis is carried out not just on an automated basis, but also by humans.
Since then, The Guardian report notes, Microsoft has ceased such grading programs for Skype and Cortana for Xbox, and the rest of its human evaluation of recordings is now done in “secure facilities”. These are located in a small number of countries, and not China.
As we pointed out last year, Microsoft does also have a tool for deleting your voice recordings from its servers.
- These are the best laptops of 2020
Inside the company making 35-year-old Game Boys look and work like new
AMD teams up with Arm to unveil AI chip family that does preprocessing, inference and postprocessing on one silicon — but you will have to wait more than 12 months to get actual products
The US takes another big step towards banning TikTok – here's what you need to know
