Do you use Skype or Cortana? If so, this might bother you. Apparently Microsoft had a program to transcribe and vet audio from Skype and Cortana, its voice assistant in China. And it apparently ran for years with “no security measures” which is chilling. This is from a former contractor who says he reviewed thousands of potentially sensitive recordings on his personal laptop from his home in Beijing over the two years he worked for the company:
The recordings, both deliberate and accidentally invoked activations of the voice assistant, as well as some Skype phone calls, were simply accessed by Microsoft workers through a web app running in Google’s Chrome browser, on their personal laptops, over the Chinese internet, according to the contractor. Workers had no cybersecurity help to protect the data from criminal or state interference, and were even instructed to do the work using new Microsoft accounts all with the same password, for ease of management, the former contractor said. Employee vetting was practically nonexistent, he added.
“There were no security measures, I don’t even remember them doing proper KYC [know your customer] on me. I think they just took my Chinese bank account details,” he told the Guardian. While the grader began by working in an office, he said the contractor that employed him “after a while allowed me to do it from home in Beijing. I judged British English (because I’m British), so I listened to people who had their Microsoft device set to British English, and I had access to all of this from my home laptop with a simple username and password login.” Both username and password were emailed to new contractors in plaintext, he said, with the former following a simple schema and the latter being the same for every employee who joined in any given year.
This is not just bad. It is horrifically bad. There are so many ways that this could have ended very badly for Microsoft. Especially since we are talking about the fact that these recordings went to China who are basically a surveillance state. Now, the folks in Redmond have deep sixed this program after it became public. But as far as I am concerned, that’s not good enough. Microsoft needs to answer the tough questions about this program in front of congress or the EU because I think we all deserve to know how pervasive this practice is within the company.
Microsoft Shipped Skype And Cortana Recordings To China For Review….. What Could Possibly Go Wrong?
Posted in Commentary with tags Microsoft, Privacy on January 10, 2020 by itnerdDo you use Skype or Cortana? If so, this might bother you. Apparently Microsoft had a program to transcribe and vet audio from Skype and Cortana, its voice assistant in China. And it apparently ran for years with “no security measures” which is chilling. This is from a former contractor who says he reviewed thousands of potentially sensitive recordings on his personal laptop from his home in Beijing over the two years he worked for the company:
The recordings, both deliberate and accidentally invoked activations of the voice assistant, as well as some Skype phone calls, were simply accessed by Microsoft workers through a web app running in Google’s Chrome browser, on their personal laptops, over the Chinese internet, according to the contractor. Workers had no cybersecurity help to protect the data from criminal or state interference, and were even instructed to do the work using new Microsoft accounts all with the same password, for ease of management, the former contractor said. Employee vetting was practically nonexistent, he added.
“There were no security measures, I don’t even remember them doing proper KYC [know your customer] on me. I think they just took my Chinese bank account details,” he told the Guardian. While the grader began by working in an office, he said the contractor that employed him “after a while allowed me to do it from home in Beijing. I judged British English (because I’m British), so I listened to people who had their Microsoft device set to British English, and I had access to all of this from my home laptop with a simple username and password login.” Both username and password were emailed to new contractors in plaintext, he said, with the former following a simple schema and the latter being the same for every employee who joined in any given year.
This is not just bad. It is horrifically bad. There are so many ways that this could have ended very badly for Microsoft. Especially since we are talking about the fact that these recordings went to China who are basically a surveillance state. Now, the folks in Redmond have deep sixed this program after it became public. But as far as I am concerned, that’s not good enough. Microsoft needs to answer the tough questions about this program in front of congress or the EU because I think we all deserve to know how pervasive this practice is within the company.
Leave a comment »