If it wasn’t scary enough being monitored by random strangers, a former Microsoft contractor reportedly claimed some private calls could have been accessed by the Chinese government!
An anonymous former Microsoft contractor came forward and alleged that Microsoft’s grading program to transcribe and vet users’ audio “ran for years with no security measures.” The audio was sourced both from Skype conversations and Cortana, Microsoft’s voice assistant equivalent of Apple’s Siri. The anonymous contractor also explained how working in any territory ruled by the Chinese regime is hazardous in itself, stating that “Living in China, working in China, you’re already compromised with nearly everything.”
The Guardian reported on Jan. 10 an anonymous contractor’s claim that user recordings were listened to by Microsoft contractors. “The recordings, both deliberate and accidentally invoked activations of the voice assistant, as well as some Skype phone calls,” reported The Guardian..
The former contractor claimed further that “Workers had no cybersecurity help to protect the data from criminal or state interference, and were even instructed to do the work using new Microsoft accounts all with the same password, for ease of management.”
If that weren’t bad enough, employee vetting was described as vanishingly rare. “They just give me a login over email and I will then have access to Cortana recordings,” the former contractor wrote, before adding, “I could then hypothetically share this login with anyone.”
“I heard all kinds of unusual conversations, including what could have been domestic violence. It sounds a bit crazy now, after educating myself on computer security, that they gave me the URL, a username and password sent over email.”
The Guardian gave credit to Vice Motherboard for having reported on this program in November. The Guardian’s coverage also clarified how this program is a step beyond the undisclosed monitoring done by other Big Tech companies. Apple appears to have merely monitored voice assistants, whereas Microsoft was reportedly listening in to Skype calls as well.
What manner of private information was overheard? A contractor Vice reportedly spoke to explained:
"Some stuff I've heard could clearly be described as phone sex. I've heard people entering full addresses in Cortana commands, or asking Cortana to provide search returns on pornography queries. While I don't know exactly what one could do with this information, it seems odd to me that it isn't being handled in a more controlled environment.”
After this information bombshell was revealed, Microsoft claims to have “ended its grading programmes for Skype and Cortana for Xbox and moved the rest of its human grading into ‘secure facilities’ -- none of which are in China,” reported The Guardian.
“We review short snippets of de-identified voice data from a small percentage of customers to help improve voice-enabled features, and we sometimes engage partner companies in this work,” a Microsoft spokeswoman claimed in a statement to Business Insider. “Review snippets are typically fewer than ten seconds long and no one reviewing these snippets would have access to longer conversations.
“We’ve always disclosed this to customers and operate to the highest privacy standards set out in laws like Europe’s GDPR,” the Microsoft spokeswoman stated.
But reform appears to be in the works:
“‘This past summer we carefully reviewed both the process we use and the communications with customers. As a result we updated our privacy statement to be even more clear about this work, and since then we’ve moved these reviews to secure facilities in a small number of countries. We will continue to take steps to give customers greater transparency and control over how we manage their data.”