A federal lawsuit is alleging that Amazon is recording children who use its Alexa devices, without their consent or knowledge.
Alexa is the built-in voice assistant shipped with devices like Amazon Echo, Amazon Dot, Fire TV and some third-party gadgets.
“Alexa routinely records and voiceprints millions of children without their consent or the consent of their parents,” reads the complaint, which is seeking class-action status. It was filed in Seattle this week on behalf of a 10-year-old girl.
Meanwhile, another, almost identical suit was filed this week in California Superior Court in Los Angeles, on behalf of an 8-year-old boy.
“It takes no great leap of imagination to be concerned that Amazon is developing voiceprints for millions of children that could allow the company (and potentially governments) to track a child’s use of Alexa-enabled devices in multiple locations and match those uses with a vast level of detail about the child’s life, ranging from private questions they have asked Alexa to the products they have used in their home,” the California suit states.
If the allegations are true, the tech giant would be in violation of laws governing recordings in at least eight states, including California, Florida, Maryland, Massachusetts, Michigan, New Hampshire, Pennsylvania and Washington, which require all parties to consent to a recording, regardless of their age.
The federal lawsuit disputes that Amazon is taking such care. “But Alexa does not do this,” the lawsuit claims. “At no point does Amazon warn unregistered users that it is creating persistent voice recordings of their Alexa interactions, let alone obtain their consent to do so.”
The complaints describe how Alexa devices function – by being called to service with a wake-word, usually “Alexa.” It goes on to allege that Alexa captures, records and stores all voices indiscriminately after being woken up, even though the platform is capable of distinguishing different speakers.
In a media statement, Amazon reiterated its stance: “Amazon has a longstanding commitment to preserving the trust of our customers and their families, and we have strict measures and protocols in place to protect their security and privacy,” the company said. “For customers with kids, we offer FreeTime on Alexa, a free service that provides parental controls and ways for families to learn and have fun together.”
It’s unclear what evidence the plaintiffs have against Amazon; the federal lawsuit only alleges that “Amazon’s intentional and unlawful recording caused Plaintiff and the Class members injury to their dignity, well-being and security;” the California litigation states “Amazon’s intentional and unlawful recording violated Plaintiffs and the Class members’ right to privacy in their confidential communications.”
Both plaintiffs are asking for a jury trial, however, so presumably more details will come to light.
More than 100 million Alexa devices have been sold worldwide, and this isn’t the first privacy complaint that Amazon has faced over the home assistant’s recording practices.
In December, Amazon admitted that it inadvertently sent 1,700 audio files containing recordings of Alexa interactions by a customer to a random person. After a newspaper investigation exposed the snafu, characterized it as a “mishap” that came down to one employee’s mistake.
And earlier in 2018, a couple said that an Alexa-enabled Echo device had recorded a conversation of them – without them knowing – and then sent an audio file to one of their contacts.
Other privacy issues around the gadgets have also stirred debate. In April, reports emerged that employees at Amazon were given broad access to geolocation information for Alexa users – thus uncovering their home addresses and even satellite pictures of their houses generated from a service such as Google Earth.
Ransomware is on the rise: *Don’t miss our free Threatpost webinar **on the ransomware threat landscape, June 19 at 2 p.m. ET. Join Threatpost and a panel of experts as they discuss how to manage the risk associated with this unique attack type,* with exclusive insights into new developments on the ransomware front and how to stay ahead of the attackers.**