At first glance, there was no witness to the grisly murder of Christine Sullivan, who was stabbed to death alongside a friend, Jenna Pellegrini, at her home in rural New Hampshire in the U.S. last year.
But as detectives searched the secluded colonial-style home and its tree-lined garden, they came to realise that a big clue was staring them in the face.
For on the kitchen worktop was an Amazon Echo, one of the increasingly ubiquitous ‘smart speakers’ that can perform a host of household tasks, from checking the weather and playing music to creating shopping lists and looking up recipes.
Such devices follow a user’s spoken commands, so are almost always listening out for fresh orders. What’s more, this one was likely to have been within earshot of Sullivan’s cold-blooded killing, and could be the first-hand witness police were looking for.
That was the theory, at least. So last month, a judge hearing the trial of Sullivan’s alleged killer, a former housemate called Timothy Verrill, ordered Amazon to turn over any voice recordings that the Echo made between January 27, 2017, when the women were murdered, and January 29, when their bodies were found. Prosecutors now hope they might be able to prove Verrill’s guilt. The defendant, who protests his innocence, presumably hopes otherwise.
Whatever the outcome, the whole thing provides a stark illustration of a strange (and some might say chilling) new truth: that the high-tech gadgets, increasingly part of our daily existence, also happen to be highly efficient surveillance devices.
In a world where more and more products, from TVs and ‘home assistants’ to washing machines and even children’s toys are designed to connect to the internet, we are slowly filling our homes with things capable of spying on us. To some, including murder detectives, this can only be a good thing.
Yet to privacy campaigners, the increasing popularity of ‘connected’ devices, tens of thousands of which will be wrapped up under Christmas trees tomorrow morning, portends a dystopian future.
The new breed of technology is part of the so-called ‘internet of things’ through which our homes, cars, and possessions can be controlled remotely, often via smartphone. Yet this not only allows tech giants to chronicle our daily habits, it can also allow friends, family and even complete strangers to eavesdrop on our intimate moments.
A recent article in the Harvard Law Review argued that such devices were turning corporations into ‘surveillance intermediaries’, which hold vast quantities of our personal information, and can be turned over to third parties without our knowledge.
Take, for example, the case of ‘Danielle’, a woman from Portland, in the U.S. State of Oregon, whose Amazon Echo recently took it upon itself to record her late-night conversation with her husband, and sent it to his employee.
She told a local TV station how the employee then telephoned asking why he’d been emailed a sound file of their domestic chat.
According to Amazon, the incident occurred by accident because Echos (just like their rival devices, Facebook’s Portal, Apple HomePod and Google Home) are operated via a ‘wake word’, which users say in order to highlight the fact they are about to give them a task. It mistook one of Danielle’s remarks as its ‘wake word’.
‘Echo woke up due to a word in background conversation sounding like [the Echo’s ‘wake word’] “Alexa”. Then, the subsequent conversation was heard as a “send message” request. At which point, Alexa said out loud “To whom?” At which point, the background conversation was interpreted as a name in the customer’s contact list. Alexa asked, “[contact name], right?” Alexa then interpreted background conversation as “right”.’
Two-thirds of the products, which include anything from toys to robots, that connect to the internet or synch to a smartphone app, were found this week to be sharing children’s data with third parties such as advertising firms.
The Parker Teddy Bear, for instance, gathers information about its user’s habits and social media activity, according to The Times. However, its privacy policy says it cannot guarantee the privacy of data it holds.
Many other smart toys have what Which? magazine has described as ‘concerning vulnerabilities’ which could ‘enable a stranger to talk to a child’.
The vulnerability is caused by the fact that any device controlled via a smartphone can also be accessed by anyone who is nearby and possesses a device — such as a phone — with Bluetooth capability. The ‘hacker’ can say something inappropriate to the child, or listen to what the child is saying. If the device has a camera, it can be used to watch them.
Last year, the FBI warned American parents to do their research before buying any toy that contained speech recognition software or an internet connection. Meanwhile, more than two million private messages left by parents for their children (and vice versa) on the server of one of the smart toy providers were hacked.
Such developments are particularly concerning to anyone who has made use of the growing trend for smart devices — particularly ‘home assistants’ — to replace phones for calling and messaging.
At present, Apple users can make and answer iPhone calls via their HomePod, while Google Home devices can make free calls to UK landlines or mobiles. Facebook’s portal devices can also be used to call your friends.
While these firms say they do not keep records of users’ conversations, Amazon (whose Echo has around a 75 per cent market share) does things differently.
It admits to storing users’ conversations by ‘streaming audio to the cloud’, as it describes in its privacy policy. In theory, this means your conversations with friends and family made through Alexa Calling and Messaging may be recorded and uploaded to its servers in real time.
Worryingly, among more than 12,000 words of Amazon terms and conditions are contradictory statements as to what it actually does with the recordings.
One policy says Alexa is not ‘recording all my conversations’, and that ‘Echo devices are designed to detect only your chosen wake word’.
But elsewhere we read that ‘Alexa processes and retains your Alexa interactions . . . including voice inputs . . . and content you provide or receive through [Alexa]’ and that ‘your messages, communications requests and related interactions’ are all stored in its online servers.
Another potentially Orwellian feature of the Echo home assistant is ‘Drop In’ — a video-calling service which allows any enabled contact to ‘drop in’ to someone’s device unannounced and begin a video conversation with them.
Crucially, the function does not provide an option for a recipient to decline the call before the camera starts rolling. The hazards of this function in a bedside Echo device go without saying.
Little wonder, perhaps, that critics say the only way for users to ensure they aren’t filmed or recorded unawares is by unplugging the devices from the wall.
‘People may not understand how much data is collected by home hubs, and how that information may be analysed,’ said Jim Killock, executive director of Open Rights Group, a privacy rights group.
‘If they are on, they are listening and recording. While companies may be responsible and delete it, there is a temptation to use it and make money from listening to you in the background.’
Silkie Carlo, director of Big Brother Watch, a privacy campaign group, says: ‘The very idea of a smart home is one of ambient surveillance and constant recording. Many smart devices are essentially internet-connected surveillance devices that their owners have limited control of.
‘The terms are deliberately set out to protect the company’s interests rather than the user’s. Families should think carefully about the security risks before spending their money on these devices.’
Earlier this month, the Mail revealed how multinational companies harvest valuable data from their customers.
One of the worst offenders was, predictably, Amazon. It detailed in its privacy policy how it ‘collects’ a treasure trove of customer data including home addresses, credit history, ID documents, dates of birth and locations.
It collates its customers’ product searches, downloads and documents saved on Amazon Drive, and ‘periodically imports and stores’ their contacts on Alexa Calling and Messaging.
Amazon also ‘shares your personal information’ with extensive third-party companies ‘to perform functions on [its] behalf’, and does not make clear what information it collects is used for.
Buried within the small print are clauses which state that if customers don’t co-operate with terms, including agreeing to Alexa recording and storing their voice recordings, Amazon can revoke their access to the home assistant hardware without a refund.
All of which begs the question: are these increasingly popular smart devices actually assisting their owners? Or are the home assistants only really designed to assist the rapacious tech giants?
