Alexa, don’t store this recording: California bill targets smart home speakers
June 25, 2019
A bill making its way through the California Legislature would prohibit makers of smart home speakers from saving or storing recordings without users’ explicit consent.
The Anti-Eavesdropping Act, which cleared its first committee Wednesday, would also ban smart speaker device manufacturers from sharing with third parties recordings of verbal commands or requests heard by the devices. Under the bill, Amazon, Google, Apple and other makers of smart speakers may store recordings only when consumers give their permission in writing.
“Recent revelations about how certain companies have staff that listen in to private conversations via connected smart speakers further shows why this bill is necessary to protect privacy in the home,” said Assemblyman Jordan Cunningham, R-San Luis Obispo, the bill’s author, in a statement.
Last month, Bloomberg reported that thousands of workers around the world listen to what users tell Alexa, the virtual assistant in Amazon Echo devices. Amazon said those workers listen to and transcribe recordings as a way to improve the technology, which is voice-activated and allows users to ask the devices to play music, read books, make phone calls and more. In a subsequent article, Bloomberg also said those workers also could access location information for Alexa users, and look up home addresses if they wanted to.
Amazon, which allows Echo users to review and delete their recordings, has not returned a request for comment, and neither has Apple.
Google said it is monitoring AB 1395.
“We believe that the combination of strong and balanced regulations, with products that are designed with privacy in mind, will help provide individuals with confidence that they’re in control of their personal information,” a Google spokeswoman said.
Cunningham, who introduced the bill in January, did so as part of a state lawmakers’ “Your Data, Your Way” package of legislation, which aims to complement the California Consumer Privacy Act, which was signed into law last year and takes effect next year.
TechNet, the California Chamber of Commerce, Internet Association and CompTIA oppose AB 1395, saying it’s unnecessary because another state bill signed into law last year, SB 327, already requires makers of internet of things devices to equip them with “reasonable” security features.