So you bought a loved one an Amazon Echo. Maybe it was on sale, or maybe it was on someone’s list. But inevitably, an Echo is a bad gift. It’s also a lazy gift. But don’t worry. It’s not too late to return it and get a better gift.
The Echo is still the problematic, privacy-invading spy machine it was last year and the year before. In fact, recent reports show that Amazon is not only still mishandling Echo recordings and user data, but it’s also actually getting worse about it. German tech magazine c’t recently reported on an incident in which one Amazon user requested a copy of the personal data the company had collected from him, a request that’s now allowed under the EU General Data Protection Regulation (GDPR).
The man did not own an Echo, so he was surprised to see a folder containing some 1,7000 WAV audio files and transcripts from Echo devices and the Alexa app. The unnamed Amazon user was even more surprised to find that the recordings and transcripts belonged to someone else.
While sending someone a total stranger’s Echo recordings is bad enough, the way that Amazon handled the situation is downright abominable. When the user with the wrong data alerted the company about the mixup, Amazon didn’t reply. The link to download the data was disabled soon thereafter, though the man had a copy of the files on his computer and handed them over to the investigative team at c’t. The recordings and transcripts enabled the journalists to piece together intimate details of the stranger’s life, including the names and identifying details of the stranger and his circle of friends.
The magazine contacted the stranger and confirmed that the recordings were his. And despite GDPR rules that explicitly require companies to notify affected users about a data breach like this within 72 hours, the stranger said that Amazon did not contact him. The company later told Reuters, “This was an unfortunate case of human error and an isolated single case.” Amazon apologised to the stranger and gave him Echo Dot and Echo Spot devices as well as a free year of Amazon Prime membership. (Seriously!)
Can you imagine if that stranger were your mother or your uncle? It could be if you give them an Echo device this holiday season. Heck, you might even be opening them up to an even more destructive invasion of privacy, since Amazon has shown time and time again that it’s incapable of protecting its user data or preventing Echo devices from making terrible errors. Earlier this year a couple in Portland, Oregon was horrified to find that their Echo had recorded a private conversation and then sent that recording to one of their coworkers. Amazon described that situation as an “unlikely … string of events.” Which is apparently the company’s way of telling the world not to worry about Echo devices secretly recording your intimate moments at home.
There’s also the hacker problem. While Amazon doesn’t give exact sales numbers, the company said this week that it had “sold tens of millions of Echo devices” and had “increased the number of Alexa compatible smart home devices to more than 28,000 devices from more than 4,500 brands.” Based on this sheer volume of gadgets alone, it’s fair to assume that any Alexa-enabled device is a prime target for malicious hackers who might want to steal the personal data of millions to sell on the black market or worse. It’s possible, too. Last year, Wired reported on one hacker who installed malware onto an Echo and turned it into an always-on wiretap. We don’t know if this malware has made it out into the real world, and based on its history of brushing off Echo exploits, we certainly don’t know if Amazon would ever disclose such a thing.
But even if you assume that Amazon won’t make any mistakes or fall prey to evil hackers in the near future, you can always count on the government getting access to Echo devices. This is just a fact. Although Amazon initially resisted government requests to Echo recordings and transcripts, the company has now handed over data to authorities when served subpoenas. The first reported incident of this happening was in a 2017 homicide case, and it happened again last month. Meanwhile, the FBI would not confirm or deny that it was wiretapping Echo devices the last time Gizmodo asked the agency about it. God only knows what the NSA and CIA are doing with these always-on recording devices.
S0 do your brother-in-law or your cousin know what they’re getting into when they turn on that Echo Dot you just bought them? The Dot seemed like a good idea at the time, because you’re not very close, and Amazon has the new one on sale, which is cheaper than two movie tickets and a bag of popcorn. God, imagine what grandma would think if you told her that the Echo Show you picked out for her contains not only an array of always-on microphones as well as a camera. Hackers could hypothetically watch her go to the grocery store and then rob her for all she’s got. And even if she doesn’t really know what hackers are, she definitely doesn’t want to come home from Safeway to a burgled bungalow!
That might seem like a sensational and hypothetical threat. But one thing is for sure: you still have time to return those Echo devices and buy better gifts. For the same price as an Echo Dot, you could buy your brother-in-law or cousin this well-reviewed CuisineArt waffle maker (which cannot double as a spying device) and have some cash left over to buy waffle mix.
Seriously, just get your loved ones anything but an Echo. Get the kidsthis 36-pack of Play-Doh, another fun treat that cannot spy on them. Get your dad a deluxe canvas bag from Klein Tools, which is a classic that he’s probably always wanted but always thought was a little too pricey. Get your sister-in-law a indoor restroom for dogs. She doesn’t have a dog? Get her a dog. Get her a cat. Get both. Turn the house into a zoo. Get anything, anything but an Echo.