Microsoft contractors had woeful security when reviewing Cortana and Skype recordings, report claims

Cortana in Windows 10
(Image credit: Shutterstock)

Not only did Microsoft outsource the reviewing of Cortana and Skype audio recordings to contractors, but a fresh report now claims that the company did so in China with pitiful security measures in place.

This follows on from the revelation last August that Microsoft employees and third-party contractors were listening to Cortana and Skype interactions, analyzing recordings with the goal of improving the services.

This raised predictably big question marks over privacy and security – particularly because the audio data sometimes involved quite personal details and information, by all accounts, being sent for processing outside of Microsoft.

But at the time, the report from Vice’s Motherboard noted that Microsoft insisted the audio data analyzed was only available to these external contractors via a secure online portal, but the new report in The Guardian claims otherwise, having spoken to a former contractor.

That contractor says that this program ran for years with literally “no security measures”, and over in China, he reviewed thousands of such Cortana and Skype audio recordings on his personal laptop in his home in Beijing – for two years. (Initially, he did work from an office, but apparently was soon allowed to work from home).

The worker claims that contractors could access the recordings simply using a web app in Google Chrome, and they all had a Microsoft account freshly set up using the same password, no less. Login details (just a simple username and password) were emailed to contractors in plain text.

Security nightmare

The contractor further claims that there was practically no vetting of the staff doing these recording evaluations, and the whole setup sounds like a security nightmare, frankly.

If all these details of the lax security are on the money, the fact that the operation was based in China also raises the prospect of the Chinese government having had access to these Cortana and Skype recordings. That’s particularly worrying in terms of Skype, of course, where full conversations were carried out.

At the time of the original report, Microsoft revised its privacy policy to clarify that such (anonymized) audio recording analysis is carried out not just on an automated basis, but also by humans.

Since then, The Guardian report notes, Microsoft has ceased such grading programs for Skype and Cortana for Xbox, and the rest of its human evaluation of recordings is now done in “secure facilities”. These are located in a small number of countries, and not China.

As we pointed out last year, Microsoft does also have a tool for deleting your voice recordings from its servers.

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).