Amazon employees charged with auditing Alexa users’ commands can access customer location data and home addresses, according to Bloomberg.
The Alexa review team is based on three continents and transcribes, annotates and evaluates a percentage of voice recordings Alexa picks up, to help the digital voice assistant adapt to and respond to commands, according to Bloomberg, citing five employees familiar with the program.
But the employees told Bloomberg that access to Alexa customers’ geographic coordinates can easily be used to find home residences through third-party mapping software. While there is no evidence that the data has been used to locate individual users so far, members of the team told Bloomberg they were concerned Amazon was granting overly broad data access that could easily be used to identify individual users.
“Anytime someone is collecting where you are, that means it could go to someone else who could find you when you don’t want to be found,” Lindsey Barrett, a staff attorney and teaching fellow at Georgetown Law’s Communications and Technology Clinic, told the publication.
While much of the information stored by the software can’t be traced back to individual users, Amazon also collects location data to allow Alexa devices to answer requests specific to local conditions such as restaurants or weather. An Amazon team member gave Bloomberg a demonstration in which they pasted a user’s coordinates into Google Maps and were able to find their address.
The number of Amazon employees who have access to such data is unclear, but two employees told Bloomberg they believed it was available to the majority of workers in the Alexa Data Services Group until recently.
An Amazon spokesperson told The Hill that the company's policies bar employees from accessing customer data.
“Access to internal tools is highly controlled, and is only granted to a limited number of employees who require these tools to train and improve the service by processing an extremely small sample of interactions," the spokesperson said. "Our policies strictly prohibit employee access to or use of customer data for any other reason, and we have a zero tolerance policy for abuse of our systems. We regularly audit employee access to internal tools and limit access whenever and wherever possible.”
The allegations follow another Bloomberg report that members of the team, based in countries such as India, Romania, Costa Rica and the U.S., analyze voice recordings captured after users “wake” the system with a key phrase, either intentionally or accidentally.