How was the article?

Features
2020/01

Former Contractor Exposes Security Risks In Microsoft’s Grader Program

At a certain point in time years ago there would have been a justification for being outraged over data leaks and privacy concerns over smart home appliances. Back then the technology was new and innovative and corporations made promises that user data — along with various collected information — would be safe and secure. Today, after numerous leaks, whistleblower reports, and even the revelations from the Prism program giving intelligence agencies access to devices and applications, being shocked about another breach of user privacy is just disingenuous.

By no means should it be acceptable, but one who trades what should be for what is sets themselves up for their own failure. If you use a smart device, appliance, or machine you should at this juncture understand you have no expectation of privacy in your own home.

Serving as yet another example of why many in the tech field remain skeptical, a former contractor for Microsoft revealed to the Guardian the disturbing extent that the audio recordings collected through Cortona and Skype were exposed to potential breaches.

“There were no security measures, I don’t even remember them doing proper KYC [know your customer] on me. I think they just took my Chinese bank account details.”

As part of a grader program where a human will review audio to ensure the translation software is functioning correctly, check audio quality, and even listen into live calls the anonymous contractor revealed how the files collected by Microsoft could potentially be accessed by anyone. As his login information, password and even the URL for which he could work from home with were sent as plain text over email in China where they possess one of the most extensive internet surveillance states on the planet.

There was no cyber security to this system; everyone essentially shared the same password and the same access. Following exposure last summer by Vice Microsoft began putting an end to the scope of the project downsizing it while moving facilities into safer more secure facilities.

“We review short snippets of de-identified voice data from a small percentage of customers to help improve voice-enabled features, and we sometimes engage partner companies in this work. Review snippets are typically fewer than ten seconds long and no one reviewing these snippets would have access to longer conversations. We’ve always disclosed this to customers and operate to the highest privacy standards set out in laws like Europe’s GDPR.

 

“This past summer we carefully reviewed both the process we use and the communications with customers. As a result we updated our privacy statement to be even more clear about this work, and since then we’ve moved these reviews to secure facilities in a small number of countries. We will continue to take steps to give customers greater transparency and control over how we manage their data.”

For a final caveat this transition to a more secure environment with tighter regulation is entirely pointless. Every backdoor Microsoft has for the Prism program, every exploit it has to allow intelligence to crack its encryption are all used by every nation with a competent cyber warfare team. Even if hypothetically Microsoft wasn’t a participant in Prism program these nations would have teams spending every waking day trying to tunnel their way into these databases.

We’re in Orwell’s nightmare, a wonderful world where Alex Jones is a crackpot despite being correct. Use these devices and apps with that in mind.

Other Features