TY - GEN
T1 - Can i trust her? intelligent personal assistants and GDPR
AU - Furey, Eoghan
AU - Blue, Juanita
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/6
Y1 - 2019/6
N2 - Voice Command Devices and the Intelligent Personal Assistants they embody have become ubiquitous in homes and offer individuals many convenient and entertaining features. The Amazon Echo and its intelligent personal assistant, 'Alexa', is a leading innovation in this area. This novel research examines aspects of trust and privacy relating to personal use of the Echo. It aims to demonstrate the types of data that may be vocally extracted from a selection of the multitude of applications that may be linked to the Echo. In the era of Voice IoT, Big Data and Artificial Intelligence, trust and privacy concerns are paramount for the individual. Personal data has never been more valuable, both to large reputable corporations and to criminal groups. The European Union's General Data Protection Regulations (GDPR) came into force in May 2018, aiming to protect the privacy of personal data of EU citizens. This has further highlighted the trust issues stemming from this technological medium. This paper demonstrates that a typically configured Echo device can prove to be a vulnerable channel by which personal information may be accessed. Where no safeguards are implemented, a plethora of data including personal identifiable information and personal health information is available from the device. Data exposure by simple vocal request leaves the system vulnerable to inquisition by any unauthorized individual who is within 'ear shot' of the device. The research explores the extent to which these risks can be reduced or mitigated, offering a set of recommendations aimed at building trust and preserving user privacy, while still enabling functionality of the device. Trust and privacy are based on a triad of shared responsibility. While the GDPR enforces trust between the voice service providers and the consumers, adherence to these recommendations will empower individuals to trust against privacy breaches from local sources.
AB - Voice Command Devices and the Intelligent Personal Assistants they embody have become ubiquitous in homes and offer individuals many convenient and entertaining features. The Amazon Echo and its intelligent personal assistant, 'Alexa', is a leading innovation in this area. This novel research examines aspects of trust and privacy relating to personal use of the Echo. It aims to demonstrate the types of data that may be vocally extracted from a selection of the multitude of applications that may be linked to the Echo. In the era of Voice IoT, Big Data and Artificial Intelligence, trust and privacy concerns are paramount for the individual. Personal data has never been more valuable, both to large reputable corporations and to criminal groups. The European Union's General Data Protection Regulations (GDPR) came into force in May 2018, aiming to protect the privacy of personal data of EU citizens. This has further highlighted the trust issues stemming from this technological medium. This paper demonstrates that a typically configured Echo device can prove to be a vulnerable channel by which personal information may be accessed. Where no safeguards are implemented, a plethora of data including personal identifiable information and personal health information is available from the device. Data exposure by simple vocal request leaves the system vulnerable to inquisition by any unauthorized individual who is within 'ear shot' of the device. The research explores the extent to which these risks can be reduced or mitigated, offering a set of recommendations aimed at building trust and preserving user privacy, while still enabling functionality of the device. Trust and privacy are based on a triad of shared responsibility. While the GDPR enforces trust between the voice service providers and the consumers, adherence to these recommendations will empower individuals to trust against privacy breaches from local sources.
KW - Amazon Echo
KW - GDPR
KW - Personal Data
KW - Privacy
KW - Voice Command Devices
UR - http://www.scopus.com/inward/record.url?scp=85075926794&partnerID=8YFLogxK
U2 - 10.1109/ISNCC.2019.8909098
DO - 10.1109/ISNCC.2019.8909098
M3 - Conference contribution
AN - SCOPUS:85075926794
T3 - 2019 International Symposium on Networks, Computers and Communications, ISNCC 2019
BT - 2019 International Symposium on Networks, Computers and Communications, ISNCC 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2019 International Symposium on Networks, Computers and Communications, ISNCC 2019
Y2 - 18 June 2019 through 20 June 2019
ER -