Microsoft says it now reviews Skype audio in ‘secure facilities’

The news follows a worrying report detailing the use of human contractors and insecure equipment in China

Following a worrying report from The Guardian, Microsoft says Skype calls are transcribed in “secure facilities.”

The report details how the Redmond, Washington-based company used contractors based in China to listen to Skype calls and ensure Microsoft’s transcription software works properly. A former contractor who lived in Beijing told The Guardian that he transcribed calls, but had little cybersecurity protection. He reviewed thousands of audio recordings from Skype calls and Cortana on a personal laptop from his home in Beijing over a two-year period.

Further, workers in the review program would access recordings through a web application in a Chrome browser over the internet in China. The Guardian reports that employees were hardly vetted and no security measures were in place to protect recordings from state or criminal interference.

The Beijing contractor who came forward told The Guardian that he heard “all kinds of unusual conversations,” including what could have been domestic violence. Additionally, contractors were reportedly provided with a username and password sent through email in plaintext, which they could have potentially shared with anyone.

Microsoft told The Verge that China is not currently one of the “small number of countries” in which Skype calls are transcribed in secure facilities. A Microsoft spokesperson also told The Verge in an email statement that the company investigates questionable behaviour or potential violations committed by its suppliers. The spokesperson said that audio snippets reviewed by contractors are no longer than 10 seconds, and no one has access to longer conversations.

Microsoft has been transcribing Skype calls for months

Details of Microsoft’s Skype transcription program first emerged in August 2019. At the time, large tech companies like Apple, Google and Amazon were facing public scrutiny for the use of contractors that listened to and reviewed recordings collected by digital assistants. These review programs sought to ensure digital assistants like Siri and Alexa were working properly.

However, unlike the others, Microsoft did not commit to ending the practice. Instead, it updated its privacy policy to clearly outline that it was transcribing audio. It told The Verge that along with updating the policies, it moved the review program to “secure facilities in a small number of countries.”

“We will continue to take steps to give customers greater transparency and control over how we manage their data,” Microsoft told The Verge. It did not elaborate on what steps it would take.

Concerns over digital assistants, smart speakers and contractors listening in on private conversations began with Apple, which ran a ‘grading’ program that assessed if its digital assistant Siri was working properly. The Cupertino, California-based company temporarily suspended the program and offered users an opt-out option in an iOS software update.

Amazon and Google followed suit after similar reports revealed their data practices around the Alexa and Google Assistant digital assistants. Amazon chose to continue the review process, but clarified its policies and offered an improved opt-out feature.

Google initially ended grading for three months in Europe, and later rolled out new opt-out features, wake-word sensitivity settings and more.

Hopefully, Microsoft decides to follow its competitors and introduce stricter data privacy policies and improved opt-out measures.

Source: The Guardian, The Verge