PhD candidate Esther Görnemann held an advanced training session for the Austrian Data Protection Authority on the Market, Functioning and user’s privacy concerns regarding Amazon Alexa. The training documentation was shared among the European Data Protection Board and is now available on the Privacy lab website. 

The presentation covers a broad spectrum of issues around the technology behind voice assistants. It gives a comprehensive but understandable overview of the functioning of Wake-word Detection, speech recognition, Language Understanding and Language Generation. The author conducted a qualitative research study focusing on the interactions between users and the Amazon Alexa voice assistant and uncovered a number of specific privacy and security concerns users expressed. In the given presentation, these user concerns will be addressed one by one with the goal of identifying how legitimate and realistic they are. For this effort, published research, hacking attempts, submitted patents, public statements, media coverage and user experiences are efficiently analyzed and combined to reach satisfactory conclusions.

Core findings

  • The wake word detection module balances out precision and latency, causing false positives: the wake word is often recognized although it was not said by the user. 
  • Recent research points to discrepancies between transmitted recordings and recordings accessibly stored in the user’s profile.
  • Recent patent submissions suggest that voice recordings can be used to infer detailed and intimate knowledge about the user, especially in combination with other available information.
  • Privacy policies, Product information and Terms of Use are formulated vaguely and do not provide exhaustive information
  • The lack of access control and user authentication causes specific privacy and security issues

Amazon Alexa – Market, Functioning, user’s privacy concerns

About the author

PhD candidate Esther Görnemann works at the Institute of Information Systems and Society at Vienna University of Economics and Business, supervised by Prof. Sarah Spiekermann-Hoff.

The documentation has been developed for a professional training held April 24, 2019 at the Austrian Data Protection Authority in Vienna.

As part of the ITN Privacy&Us, this research project received funding from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 675730.