Big Tech must face consequences of audio snooping, whistleblower says

Last year, many of the world’s largest tech giants were revealed to have used employees or contractors to listen in to conversations captured by virtual assistants and other tools, often without the users’ knowledge or consent

Bloomberg reported in April 2019 that thousands of workers had been employed to listen to commands given to Amazon’s Alexa for the purposes of improving its natural language processing abilities. These recordings reportedly captured embarrassing and disturbing moments, such as possible sexual assaults, without being triggered by the usual wake command. Apple, Google, Facebook, and Microsoft were also reported to have paid employees or contractors to listen to voice recordings captured from users.

After these reports emerged, the companies indicated that they would put a stop to these practices, review them or provide greater clarity to users. Apple promised to bring the work in-house and to only transcribe recordings from users who had explicitly consented. It resumed the practice several months later, with a software update allowing users to opt in or out. It is not known how many users opted in.

Months after Apple promised to make these changes, one of its contractors has gone public - breaching his non-disclosure agreement (NDA) with Apple - writing a letter to a range of data protection authorities across Europe, calling on them to take action against Apple’s “past and present practices”.

The former contractor, Thomas Le Bonniec, was employed between May and July 2019 by Globe Technical Services, an Apple subcontractor, and assigned to the Siri transcription project.

Le Bonniec wrote that he listened to hundreds of recordings every day which were often taken without Siri activation (i.e. without deliberate use of a wake command) and which recorded intimate user data, such as medical details; references to sexuality; political preferences, and drug use. The recordings were not limited to Apple users, but also to relatives, children, friends and colleagues. Le Bonniec claims that other workers were employed in several European cities on a related project to tag words in the recordings to user data, such as their location or contacts.

Le Bonniec expressed frustration that Apple and other companies with similar practices had not faced any legal penalties or even investigations by data protection authorities.

“I am extremely concerned that big tech companies are basically wiretapping entire populations, despite European citizens being told the EU has one of the strongest data protection laws in the world,” he wrote. “Passing a law is not good enough: it needs to be enforced upon privacy offenders.

“It is a matter of public interest to disclose the fact that several millions of people were, and still are possibly, being recorded in violation of their most basic rights […] for these reasons, I request that you, as a data protection authority, set out to protect a fundamental right recognised throughout the Union, to take action and investigate Apple’s past and present practices (and of other tech companies following the same practices), in order to stop these programmes, disclose any data they have collected and intercepted, and find out what they intended to do with it.”

The letter was addressed to all EU and EFTA national protection authorities; the European Data Protection Board; the European Data Protection Supervisor, and the Lichtenstein, Swiss, Norwegian and Icelandic data protection authorities.