Hey Siri, are you still recording people's conversations despite promising not to do so nine months ago?

I’m sorry, I will continue ignoring that question

Apple may still be recording and transcribing conversations captured by Siri on its phones, despite promising to put an end to the practice nine months ago, claims a former Apple contractor who was hired to listen into customer conversations.

In a letter [PDF] sent to data protection authorities in Europe, Thomas Le Bonniec expresses his frustration that, despite exposing in April 2019 that Apple has hired hundreds of people to analyze recordings that its users were unaware had been made, nothing appears to have changed.

Those recordings were captured by Apple's Siri digital assistant, which constantly listens out for potential voice commands to obey. The audio was passed to human workers to transcribe, label, and analyze to improve Siri's neural networks that process what people say. Any time Siri heard something it couldn't understand – be it a command or someone's private conversation or an intimate moment – it would send a copy of the audio to the mothership for processing so that it could be retrained to do better next time.

Le Bonniec worked for Apple subcontractor Globe Technical Services in Ireland for two months, performing this manual analysis of audio recorded by Siri, and witnessed what he says was a “massive violation of the privacy of millions of citizens.”

“All over the world, people had their private life recorded by Apple up to the most intimate and sensitive details,” he explained. “Enormous amounts of personal data were collected, stored and analyzed by Apple in an opaque way. These practices are clearly at odds with the company’s privacy-driven policies and should be urgently investigated by Data Protection Authorities and Privacy watchdogs.”

But despite the fact that Apple acknowledged it was in fact transcribing and tagging huge numbers of conversations that users were unaware had been recorded by their Macs and iOS devices, promised a “thorough review of our practices and policies,” and apologized that it hadn't “been fully living up to our high ideals,” Le Bonniec says nothing has changed.

“Nothing has been done to verify if Apple actually stopped the programme. Some sources already confirmed to me that Apple has not," he said.

"I believe that Apple's statements merely aim to reassure their users and public authorities, and they do not care for their user's consent, unless being forced to obtain it by law,” says the letter. “It is worrying that Apple (and undoubtedly not just Apple) keeps ignoring and violating fundamental rights and continues their massive collection of data.”

In effect, he argues, “big tech companies are basically wiretapping entire populations despite European citizens being told the EU has one of the strongest data protection laws in the world. Passing a law is not good enough: it needs to be enforced upon privacy offenders.”

Not good

How bad is the situation? According to Le Bonniec: “I listened to hundreds of recordings every day, from various Apple devices (e.g. iPhones, Apple Watches, or iPads). These recordings were often taken outside of any activation of Siri, e.g. in the context of an actual intention from the user to activate it for a request.

Robot maid

Apple programs Siri to not bother its pretty little head with questions about feminism


“These processings were made without users being aware of it, and were gathered into datasets to correct the transcription of the recording made by the device. The recordings were not limited to the users of Apple devices, but also involved relatives, children, friends, colleagues, and whoever could be recorded by the device.

“The system recorded everything: names, addresses, messages, searches, arguments, background noises, films, and conversations. I heard people talking about their cancer, referring to dead relatives, religion, sexuality, pornography, politics, school, relationships, or drugs with no intention to activate Siri whatsoever.”

So, pretty bad.

How did Apple justify what would appear to be a transparently illegal act carried out daily on millions of people? It didn’t. After the program was exposed last year, Apple said it would make changes and move the system in-house as well as make sure that only recordings made by users that explicitly opted-in to doing so.

That opt-in/opt-out option was added to software updates for iPhones and Macs late last year but the system and process remains entirely opaque. And Apple has maintained its usual approach of refusing to even acknowledge requests for more information.

What about the Irish Data Protection Commission (DPC) whose job it is to make sure companies within its jurisdiction (most tech giants have put their European headquarters in Ireland thanks to very generous tax breaks) comply with the law?

And the regulators?

In December 2019, when the news broke of the program, the DPC put out a statement that referenced digital assistants from Google and Amazon as well as Apple and said it was “currently engaging with those organisations to establish the manner by which their voice assistant products comply with data protection requirements.”

Its plan, it said, was to “identify common areas of concern and to identify what further steps including guidance may be necessary to bring additional clarity to the application of data protection requirements in the use of voice assistant technology.” We're still waiting.

Le Bonniec makes it plain he doesn’t believe the issue is being taken seriously enough and that his letter is intended to push the matter. “This public letter is meant to ask authorities to take action and to call upon people who can testify to their experience with Apple, through a public channel or whistleblowing. This statement will also be shared with the press, and to the organisations protecting our digital rights.

"By doing so, I am breaching my Non Disclosure Agreement in order to help the authorities investigate and determine whether Apple actually ceased these practices. The risk I am taking will be worth it only if this letter is followed by a proper investigation and action from your side. I trust you understand that the privacy of millions of people is at stake and that your action is crucial to protect it.” ®

Keep Reading

Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021