There are many reasons why people might want to buy one of Amazon’s Echo devices for their home — for example, to stream music from the Internet, hear weather reports, control Web-connected appliances and order paper towels. They probably don’t buy an Echo to supply evidence about themselves to the police.
That may become part of the package, however, because of the way Amazon enables people to control an Echo with their voice. The device has a microphone that’s always on, waiting for a “wake word” that causes it to record and send the user’s request to Amazon’s servers online. There, the speech is analyzed and converted into a command (e.g., “Alexa, set a timer for 15 minutes”). Amazon holds onto those recordings until the user deletes them through the Echo smartphone app or on Amazon’s website.
For law enforcement agencies, those recordings may be a useless collection of vocal snippets — or, potentially, they could include a telling utterance by the victim or the suspected killer. After all, the device sometimes starts recording because it hears something close to a wake word, even if there wasn’t one spoken. That’s why homicide investigators in Arkansas want to hear the recordings made by an Echo in a Bentonville home where a man was found dead in a hot tub four days before Thanksgiving in 2015. They obtained a search warrant, but Amazon questioned its validity and refused to comply. “Amazon will not release customer information without a valid and binding legal demand properly served on us,” the company said in a prepared statement. “Amazon objects to overbroad or otherwise inappropriate demands as a matter of course.”
Legal experts say that the courts are likely to treat smart devices such as the Echo the same as any other data-gathering device in the home, whether it be a security camera or an answering machine. If investigators can meet the standard for obtaining a search warrant — by showing probable cause that evidence related to the crime can be found there — manufacturers like Amazon that hold onto the data will have little choice but to turn it over.
This is a glimpse of the future, and it’s an uncomfortable one. Homes are gradually accumulating devices that record various aspects of their occupants’ lives, continuously and often without their owners’ realization, in order to offer a variety of services. Maybe the device keeps your family’s weekly schedule, changes the TV channel or presents a movie on demand. Or maybe it checks the contents of your refrigerator to fill out your weekly grocery order. In each case, the device leaves a trail of digital footprints for the government — or for malicious hackers, if they steal your passwords — to follow.
And that’s just part of the picture. Already, millions of people are carrying around smartphones that are not just listening for wake words (“Hey Siri!” or “OK, Google”), but are continuously alerting multiple app providers to their owner’s location. Cars are tapping into the cloud too for information services and entertainment, becoming another potential gold mine of recorded data.
It’s easy to imagine a future in which almost everything a person does, no matter how mundane, leaves marks of some kind online that could be pieced together later to provide a picture of one’s activities. That’s great for providing consumers with information and services, and it may prove useful for law enforcement, but it raises significant privacy concerns.
It’s up to the courts to protect the public against fishing expeditions by investigators seeking to examine every piece of information a smart device collects from the moment it enters a home. The courts need to make sure searches are relevant, with a clear and limited definition of what that means.
More important, device makers have to build privacy protections into their products and services. That means gathering only the data needed to deliver the specific service sought by the user, and holding onto it no longer than is needed to complete that task. Companies often like to retain user data for their own purposes — for example, honing their voice-recognition technology or enabling targeted advertisements — but if they do, they should remove any link to the users who generated the information.
Without public pressure, however, the companies developing these devices could become partners with government in the creation of a de facto surveillance state. The dispute between Amazon and the Bentonville investigators could help in that regard by making consumers more aware of what’s at stake here. Echo buyers can’t and shouldn’t count on Amazon to resist legitimate search warrants. But they can and should demand that Amazon not keep endless logs of consumer data.