A recent report from The Intercept centered around the National Security Agency’s (NSA) use of voice recognition algorithms may provide some insight into a growing number of concerns about the IoT. To be clear, the advent of mic-enabled systems such as Google Home, smartphones, smartwatches, Amazon’s Alexa, and others may be relatively recent. However, the NSA began funding the National Institute of Standards and Technology Speech Group to solve challenges presented by speaker recognition as early as 1996. What’s more, the government has been using voice recognition software and storing voiceprints since as far back as 2003, according to a leaked NSA memo. Although the system cannot technically be used to spy on U.S. citizens without probable cause and a warrant, the agency has not been known to follow those rules in every instance and there are loopholes that could allow for precisely that use. With consideration for the number of microphones the average American has around them at any given point, it may be appropriate that some red flags are set off by the rapid rise of IoT systems.
To better understand the reasons for concern, it is important to know how the NSA’s system works in-so-far as that can be known. The technology behind that system has advanced at least rapidly since its inception with major advances being made on a regular basis between 2004 and 2012. The first iterations have effectively been used as a way to catch conversations of individuals including terrorists, politicians, drug lords, spies, and agency employees, with a high degree of certainty that those were the individuals being watched. A December bombing attempt in Detroit in 2009, during which terrorists were able to effectively hide their identities through the use of voice modification, resulted in the next big leap. As of 2010, the agency’s algorithms can determine who an individual is, even if they modify their voice, speak different languages, and use a previously unrelated means of communication such as speaking over a new cell phone number from a different region of the world. That automated identification system then links new communications to a repository of data about that individual.
The Insider Threat initiative publicly enacted under President Obama in 2011 was intended to provide clearer guidelines on how the surveillance of U.S. citizens could be undertaken. Specifically, the initiative allows for the employees of the government to be monitored and there are other legislative boundaries in place meant to dissuade the warrantless collection of data on U.S. citizens. However, there are loopholes in where data can be collected from, such as if the data passes through foreign servers. Meanwhile, IoT systems, smartphones, and other devices have become ubiquitous and there is no public oversight to the data being collected. Google and other companies in the business of IoT have explicitly denied cooperating to hand over voice recognition data about their customers. Google has even gone so far as to label the NSA’s activities as a security threat. However, there is nothing in place to halt the collection of American voice data from the IoT for the creation of voiceprints if that data crosses the U.S. borders and the companies are not storing the majority of that data locally or in an anonymized fashion. Until preventative actions are being taken by the companies involved in the IoT, it isn’t likely that concerns about privacy and security are going to go away. In fact, as technologies surrounding A.I. digital assistants, voice recognition, and home automation continue to grow in use, the concerns are likely to become more pronounced.