‘Alexa, delete what I just said’: U-M researcher discusses smart speaker privacy concerns
Amazon announced a new feature this week that will allow Alexa owners to use a simple voice command to ask the smart speaker to “delete what I just said” on all recordings made that day. The announcement was applauded by some who have been concerned about privacy of the speakers, yet others question whether it goes far enough.
Florian Schaub, assistant professor at the University of Michigan School of Information, has conducted extensive research highlighting privacy concerns with the popular devices and has called for this kind of feature to better integrate privacy controls into how people use smart speakers—with their voice.
As you understand it, how will this new feature work?
Schaub: With this new feature, users can just tell their Alexa to “delete everything I said today” or “delete what I just said.” This should then delete either all voice commands said to the speaker for the day or just those said shortly before giving the delete command. Unfortunately, these new privacy features are not enabled by default. One has to enable it first in the Alexa privacy settings on Amazon’s website or app.
You’ve been suggesting this solution for some time. Does the way Amazon executed it go as far as you would have liked?
Schaub: We found in our research that current smart speaker privacy controls do not align well with people’s needs and how they use their smart speakers. The primary way of interacting with Alexa or Google Home is by voice—you talk to the device. However, until now you had to go to the Alexa privacy settings on the Amazon website or mobile app to see and delete Alexa’s voice recordings of you.
These new voice commands are the first important step towards better integrating privacy controls into the device user experience. Keeping track of your privacy doesn’t have to be difficult if the privacy controls are designed well, and we have been suggesting for some time that smart speaker makers should offer voice commands like this.
A question that I have in regard to these new privacy controls is how Amazon will make customers aware of these new voice commands. A big problem with voice assistants is that we have to learn what commands they respond to, which means extra work is required to help users discover such features and encourage them to use them.
In addition to the ability to delete past voice records, our research has also shown a need for better ways to mute the microphone. While smart speakers have a mute button, very few participants in our study had used it on their devices either because they thought it would only switch off the speaker—not the microphone—or because it required them to walk to the device and press a button on it which is quite different from the typical way of interacting with the smart speaker by voice.
It would be great to see Amazon and Google also introduce voice commands to mute the speaker for a period of time. For example “Alexa, stop listening for the next 10 minutes” could mute the device and Alexa could then announce when it is ready for voice commands again after the 10 minutes are up.
Some have been critical that it only erases one day? Is that limiting?
Schaub: I understand how this can be perceived as limiting but I think the more important feature is the “delete what I just said” command. It makes it easy to remove something from your history when you realize in the moment that something might be sensitive. This is great. Being able to erase all voice recordings of the day is also a useful feature but it is not clear to me why this needs to be “one day” specifically. Given that Alexa and other voice assistants are touted to be “conversational,” it would be nicer if a user could ask Alexa to delete voice history for specific times, for example, the last two hours when you had guests over for dinner. For longer time spans, it might be more useful if users could just opt out of Alexa storing voice history at all.
Will this get Amazon out of the hot seat with lawmakers who are concerned about the company violating consumer privacy by recording things heard after the “wake” words? In other words, by offering the option to erase does that give the company an out if people fail to take advantage of it?
Schaub: I don’t think this will have a large impact on the current debate over whether we need more stringent privacy regulations for tech companies. Amazon did not really change what data they store or what of that data customers can review and delete. The only difference is that now customers can delete prior recordings with a voice command instead of having to find the Alexa privacy settings and doing it there. I think that’s a big step towards more usable privacy controls for smart speakers, and providing privacy controls that are useful and usable is something that needs to be considered in future regulation.
However, the bigger policy conversation we need to have should focus on limiting what data companies can collect and how they can use and share it, as well as creating consistent privacy requirements and protections across companies and industries rather than focusing on specific sectors, such as online services or smart devices.