Tech giants oppose bill to outlaw unauthorised IoT device recordings

A bill proposing the outlawing of unauthorised IoT audio recordings has been weakened following significant lobbying efforts from tech firms including Amazon and Google.

The 'Keep Internet Devices Safe Act' was passed on 10 April 2019 by the Illinois state senate and entailed the banning of devices such as Amazon's Echo from making recordings of the owner's audio without explicit permission.

In the bill's original wording, any recordings including spoken words or other audible or inaudible sounds from the owner's device could not be kept by the device or the device's private entity (manufacturer).

Failure to comply with the laws as set out by the bill would have granted the owner's a legal right to sue the private entity with a maximum punishment being a $50,000 fine per case. This is the key part of the bill that was changed.

After a heavy lobbying push from the Internet Association, a group promoting a free and open internet comprised of the biggest internet tech firms - Amazon, Google, Microsoft, Twitter et al. all included - it was decided that consumers couldn't bring their own cases against the private entities.

The main arguments presented by the group were that the bill originally created a "significant legal liability for companies" because it would encourage frivolous and frequent class action lawsuits from affected consumers.

The amendment to the bill states that only the Attorney General may bring cases to private entities on behalf of afflicted consumers.

The amendment also added a section relating to written user agreements: "No private entity may turn on or enable a digital device's microphone unless the registered owner or person configuring the device is provided certain notices in a consumer agreement (instead of a written policy)."

On the day of the bill's original passing, news broke that Amazon had admitted that recordings are taken from its customers' Echo devices and then sent to Amazon employees for review, supposedly to better train Amazon's algorithms, Bloomberg reported.

The original report shows that Amazon employs thousands of people dedicated to developing the Echo speaker and Alexa assistant. This team is fed customer recordings for transcription, annotated and then used to make Alexa smarter.

One of the sources told Bloomberg that sometimes the staff tasked with listening to the recordings hear upsetting and perhaps criminal activity. Two sources claimed to have heard what sounded like a sexual assault. In these cases, workers would turn to internal chat rooms to share the experience and vent any adverse emotions about the ordeal.

"We take the security and privacy of our customers' personal information seriously," an Amazon spokesman said in a statement. "We only annotate an extremely small sample of Alexa voice recordings in order [to] improve the customer experience".

Amazon gives users the option to opt-out of sharing recordings for the purpose of developing new features, but even when opted-out recordings may still be sent to the reviews and development team, according to the company.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.