Moulton Bill Would Protect Consumers from Eavesdropping Digital Assistants in Speakers, Doorbells

Automatic Listening Exploitation Act would create recourse for consumers when smart speakers and doorbells make recordings in violation of the technology’s user agreements

moultonWASHINGTON —Today, Representative Seth Moulton (D-MA) will introduce the Automatic Listening Exploitation Act. The bill would create recourse for consumers when the manufacturers of smart speakers with personal assistants and smart doorbells collect private conversations and data in violation of their terms of agreements.

“Smart speakers and doorbells are great, but consumers should have a way to fight back when tech companies collect more data than Americans have agreed to give up,” Moulton said. “More broadly, Congress should give Americans a bigger say in the data that companies collect. It’s time for a next generation of digital privacy laws, and it can start by holding corporations to their own privacy commitments.”

The Automatic Listening Exploitation Act of 2019 would allow the Federal Trade Commission, one of the government agencies tasked with protecting consumer data privacy, to seek penalties when digital personal assistants and smart doorbells record private conversations of users who haven’t said the device’s wake word or phrase or activated the doorbell. The penalties would total up to $40,000 per infraction at the federal level. The bill also allows consumers to require the deletion of any recording or transcript of sound captured by a smart speaker or video or image captured by a video doorbell’s camera.

The fine per incident would add up for companies that break the user agreements with their customers.

NPR and the Edison Institute released a study on smart speaker ownership data on June 25. The group found 51 million Americans own a smart speaker, about one in four Americans, and that 14 million of those Americans purchased a smart speaker in the last year. Half of users say they trust the manufacturers of the speakers to protect their data, and more than half are worried about their speakers being hacked.

The Verge reported in January that first-to-market Amazon is estimated to have sold more than 100 million devices, including the Echo and Dot which feature Amazon’s digital assistant, Alexa. Apple sold 86.2 million of its Siri-enabled Homepods by the end of 2018, and according to RBC Capital Markets, Google Home sales created $3.4 billion in revenue and will climb to $8.2 billion by 2021.

According to a Bloomberg report in April, Amazon “employs thousands of people around the world”–including in Boston–who listen and transcribe recordings of what people tell their devices so that they can make improvements to the technology.

Amazon’s recordings that are taken after a user says the wakeword is well within the terms of agreements users accept when they activate the products. But, a separate report by The Intercept found Ring has “a history of lax, sloppy oversight when it comes to deciding who has access to some of the most precious, intimate data belonging to any person: a live, high-definition feed from around — and perhaps inside — their house.”

According to that report, Ring provided its Ukraine-based research and development team “virtually unfettered access to a folder on Amazon’s S3 cloud storage service that contained every video created by every ring camera around the world.”

The Moulton bill would penalize companies when data is used outside of the terms of agreement, which appears to have happened at Ring.

The bill comes as Americans debate who should be responsible for enforcing the terms of the user agreements between technology companies and American consumers, and whether consumers should have collective recourse when companies use or share their data without permission.

Facebook, for example, recently incurred the wrath of the Federal Trade Commission after sharing tens of millions of peoples’ personal profile information with Cambridge Analytica, which used it to assist President Trump’s 2016 presidential campaign.

The fallout from this issue, and other recent incidents involving Americans’ digital data, has led Congress to engage more directly on data privacy issues.

According to Roll Call, technology companies have welcomed the intent of federal action, because it means that they will no longer have to contend with as many as 50 individual state standards when developing devices. But, the same report indicated strong resistance from the private sector and between the major political parties over where that effort should focus.

Meanwhile, governments in the European Union have cracked down on the flow of personal digital data from the EU to companies in the US. Earlier this year, for example, Facebook lost an appeal to Ireland’s Supreme Court which would have prevented tighter data sharing laws from taking effect.