Cycling UK Forum

kwackers wrote:......
The privacy issue bothers me not. If the lights off then its not spooling anything to the servers, it comes on when you say it's name and then passes the next few seconds back to the server....

At least that is what people are told (and probably is the case at the moment). But with the light under software/firmware control and with the Government's Snoopers Charter meaning the Government can require companies to hack their devices secretly, would we know if the Government had forced Amazon to change their soft/firmware so that speech was being sent with the light off and without you saying it's name ?

Ian

kwackers wrote:I've got several Echo's.

I use them for all sorts of things, nothing of profound importance but they're handy for controlling lights around the house and in the kitchen I use it to listen to the radio, set timers, do cooking conversions etc

In general I use them for alarms, to check the weather, to check if my train hasn't been cancelled, to list any upcoming events in my diary, keep lists, listen to the occasional song, check spellings & thesaurus, conversions and general maths stuff.
In the garage it's great. Listen to the radio, convert units, timers and the occasional joke and without having to leave my bench and put my oily hands all over it.

The privacy issue bothers me not. If the lights off then its not spooling anything to the servers, it comes on when you say it's name and then passes the next few seconds back to the server. It's all tedious stuff, if anyone on here wants it I can paste the last few weeks worth of requests - no need to ask the government.

Oh, and it's a doddle to write your own apps for. I've a few in test now for doing stuff.

Kids love them, parents of kids less so "Alexa, play Spongebob Squarepants (again)".
Talking to your computers is the future. Keyboards and mice are so last week...
(Mind you I use voice on my phone to do most things these days, far easier than messing about with touch screens)

did you read the story about Cayla the doll?

Psamathe wrote:

kwackers wrote:......
The privacy issue bothers me not. If the lights off then its not spooling anything to the servers, it comes on when you say it's name and then passes the next few seconds back to the server....

At least that is what people are told (and probably is the case at the moment). But with the light under software/firmware control and with the Government's Snoopers Charter meaning the Government can require companies to hack their devices secretly, would we know if the Government had forced Amazon to change their soft/firmware so that speech was being sent with the light off and without you saying it's name ?

Ian

Yeah we would. (Well, I would) and I suspect enough people would be technically capable of spotting it and make noise.
You can look at the log from your router to see where the traffic is coming from.

mercalia wrote:did you read the story about Cayla the doll?

Yep.
When I'm indulging in treasonous meetings I always turn off my router.

kwackers wrote:

Psamathe wrote:

kwackers wrote:......
The privacy issue bothers me not. If the lights off then its not spooling anything to the servers, it comes on when you say it's name and then passes the next few seconds back to the server....

At least that is what people are told (and probably is the case at the moment). But with the light under software/firmware control and with the Government's Snoopers Charter meaning the Government can require companies to hack their devices secretly, would we know if the Government had forced Amazon to change their soft/firmware so that speech was being sent with the light off and without you saying it's name ?

Ian

Yeah we would. (Well, I would) and I suspect enough people would be technically capable of spotting it and make noise.
You can look at the log from your router to see where the traffic is coming from.

Really? They'll not do them all at once (initially)

[XAP]Bob wrote:Really? They'll not do them all at once (initially)

A company like Amazon would fight any government attempt at surveillance using Echo tooth and nail, the very least you can expect as a user is to find out that access has been requested.
Even the recent murder case threw up a lot of noise and that was accessing the log history of a device belonging to someone who'd been murdered in the hope they'd managed to 'record' something.

Hacking an individual device isn't beyond the realms of possibility but they'll never open all devices. For a start the amount of processing required would completely swamp Amazons servers and if the merest hint got out that the devices were all listening it would kill it and all other voice operated devices dead.

And that would be a shame, I know people who aren't technically savy and use an Echo to do stuff. Folk with limited mobility can turn lights on and off, open and shut blinds, set alarms and listen to music without moving - and then of course there are folk that are blind.
Whilst my use is mainly convenience, voice operation is more than that for a lot of folk. It's taken years to get here, be a shame if we broke the model.

kwackers wrote:

[XAP]Bob wrote:Really? They'll not do them all at once (initially)

A company like Amazon would fight any government attempt at surveillance using Echo tooth and nail, the very least you can expect as a user is to find out that access has been requested.....

But if Amazon do anything that even lets it slip then they are guilty of some pretty serious offences. The thing about the Snoopers Charter is that it is illegal for the company being forced to cooperate to reveal anything about it's cooperation/request for cooperation/etc. And even large companies are not exempt.

And part of the requirement of the cooperation is to do it in such a manner as to ensure the user is not aware. So e.g. (guessing here), the hack to send all speech might be included in another upgrade offering new features/bug fixes. The additional speech might be tagged on to other "Alexa ..." messages (i.e. buffered locally and sent at the same time as other expected data as far as possible), maybe the GCHQ data would be sent to a server called "software.upgrade.amazon .....". In order to keep it secret they might even discard data they cannot tag on to expected routine messages (secrecy being more important than 100% coverage).

Amazon might fight it but that fight would be behind closed doors and secret and the new laws are pretty broad so Amazon might not have much of a case given the new law.

Ian

Psamathe wrote:But if Amazon do anything that even lets it slip then they are guilty of some pretty serious offences. The thing about the Snoopers Charter is that it is illegal for the company being forced to cooperate to reveal anything about it's cooperation/request for cooperation/etc. And even large companies are not exempt.

I understand all that, but the thing about the snoopers charter is that it's a nonsensical piece of legislation made in a global environment by a regime that is technically ignorant.

Good luck to the government forcing a US based international company to not disclose the requests. Particularly when those requests could fubar a product potentially worth billions in the long term. I wouldn't even put money on them to comply with the requests in the first place without doing an 'Apple' and dragging it very vocally through the courts.

That Amazon could 'hack' individual Echo's is beyond question. But the fact is they won't, if they've any sense they won't even make it possible with any updates and if it's not possible then you can't realistically request access.
I currently work on a product that deals with encrypted voice communications and that's exactly what we've done. We're in a weaker position because the software is written in the UK, do you believe the government can put enough pressure on an American company to force a software rewrite? I don't.

If you're worried about Echo then I'd worry about PC's in general. Most have microphones. What about telephones? They're just computers too, in theory you could hack them to enable the microphone even when they're not being used.
Then there are voice operated TV's, remote controls and obviously the old fashioned bugs - including ones that work very well without requiring access to the property.

The whole thing is a minefield, privacy has always been an illusion and in some ways it's better to assume you have none than worry about one piece of technology.

They're just computers too, in theory you could hack them to enable the microphone even when they're not being used.

It is the assumption of those who are under observation that such things are already being done.
It was standard procedure in Greenpeace to remove phone batteries before confidential meetings or briefings. Though on reflection the bit about Special Branch doing a remote snoop may have been a cover story to prevent having to suggest the phone owner themselves may be using it to record.

kwackers wrote:

Psamathe wrote:But if Amazon do anything that even lets it slip then they are guilty of some pretty serious offences. The thing about the Snoopers Charter is that it is illegal for the company being forced to cooperate to reveal anything about it's cooperation/request for cooperation/etc. And even large companies are not exempt.

...... do you believe the government can put enough pressure on an American company to force a software rewrite? I don't.......

I firmly believe Amazon will do whatever they think will be most profitable for them. And as the currently seem to get away with all sorts of things to that end (tax (or rather not paying tax), zero hours contracts, etc.) threats to end such treatment might be quite effective - but I can only guess in that regard.

But I am sure that Amazon is all about $$$$$$ and "doing the right thing" is not even a consideration (beyond it helping generate those $$$$$$$$).

Ian

Psamathe wrote:But I am sure that Amazon is all about $$$$$$ and "doing the right thing" is not even a consideration (beyond it helping generate those $$$$$$$$).

Ian

Exactly. And Echo is a generation one product opening into a market that will one day be worth billions. They're not going to be pressured into losing that battle easily.

tanglewood wrote:
You wouldn't want a communications tool to be out of bounds to GCHQ (warrants, etc) because if that promise was delivered it would immediately attract all the bad guys.

oh for pity's sakes, because nothing bad ever happened from a democracy's citizens being unable to communicate privately. At any rate a number of considerably better communication tools already exist. e.g. Signal - end to end text and calls - both the server and clients are open source so if even if you don't trust OWS and want your own private Signal network for 'bad guy' activities you can do just that, the only people you're picking up on the common communication networks are the incompetent.

Not the words, just the spikes in volume that a cough represents, and the space between them. Different flus have different cough patterns. They already had the pattern for bird flu coughs and had set alarms for when those patterns were spotted by their machines.

and that sounds like total rubbish on a number of lines. I'm severely sceptical that a flu strain has a unique cough pattern and even if it did, it would be surely drowned out by an individual's own unique cough pattern (one so obvious that humans can readily identify known individuals by the sound of a cough). If there were a small theoretically discernible signal there you'd either need the individuals 'baseline' cough as well to pick out the change, or you need a decent amount of existing cough data from which to do some fairly heavy deepmind esq machine learning. Given H5N1 has, despite the drama, infected a mere 600 odd people over the 10 years since it cropped up (and another 200 or so for the newer H7N9 one) it seems unlikely sufficient cough data exists.

Bird flu in the UK is one of the few things you're actually less likely to die from than terrorism and that's a high bar.

Stevek76 wrote:....

Not the words, just the spikes in volume that a cough represents, and the space between them. Different flus have different cough patterns. They already had the pattern for bird flu coughs and had set alarms for when those patterns were spotted by their machines.

..... If there were a small theoretically discernible signal there you'd either need the individuals 'baseline' cough as well to pick out the change, or you need a decent amount of existing cough data from which to do some fairly heavy deepmind esq machine learning. Given H5N1 has, despite the drama, infected a mere 600 odd people over the 10 years since it cropped up (and another 200 or so for the newer H7N9 one) it seems unlikely sufficient cough data exists.

Bird flu in the UK is one of the few things you're actually less likely to die from than terrorism and that's a high bar.

Plus, when GCHQ detect a coughing they then have to identify the individual doing the coughing, check back through that individual's medical records and find out if they had bird flu or some other flu some other condition, etc. so they can add that coughing pattern to that for the particular strain of flu (or coughing cause)!! Great detecting a coughing pattern but if you have no idea who is doing the coughing, no idea if they have flu, bird flu, smoking too much, etc. then you can never start to do any sort of analysis on the patterns.

So not only are GCHQ mass monitoring voice phone calls, they are tracing those calls back to individuals and checking through those callers' medical records, etc. all without any warrants and all completely unrelated to terrorist activities or even safety of the nation.

Ian

tanglewood wrote:

thirdcrank wrote:

tanglewood wrote: ... When the first wave of bird flu threatened, some of us in government departments were summoned to Cabinet Office to discuss how we would be able to deal with a massive lethal spread. I did my bit about death registration and statistics that have a 1 month lag - not great. But the guy from GCHQ was fascinating. They were monitoring the pattern of coughs over the phone networks. Not the words, just the spikes in volume that a cough represents, and the space between them. Different flus have different cough patterns. They already had the pattern for bird flu coughs and had set alarms for when those patterns were spotted by their machines.

Really clever, and I was really pleased this sort of early warning was protecting us. ...

I'm in a bit of a dilemma. Are these the words of somebody out to impress us wide-eyed simpletons, who's not too bothered about breaching confidences in the attempt to demonstrate how important they are, or carefully crafted and planted words from some secret squirrel squad, intended to allay the fears of the 1984 theorists? :shock:

:lol:

Ah ha! (Strokes white cat).

No, really, analysis of coughs was openly described and discussed in those meetings with 30+ civil servants in them. Don't feel I'm breaching any rules!
...

And nobody questioned the legality of this. Nobody questioned how GCHQ knew who was doing the coughing and what sort of flu they suffered from (i.e. how GCHQ has access to those medical records as well). Nobody questioned how GCHQ were doing all this monitoring without warrants for something totally unrelated to terrorist threats, etc. (As Stevek76 pointed out) Nobody questioned how they established a bird flu pattern when so few people had caught bird flu and how they identified those people and when those people were on the phone ...

I'd find it worrying that a Cabinet Office meeting would have people so prepared not to question things when there are so many suspect aspects to such a claim.

Ian

Psamathe wrote:And nobody questioned the legality of this.

Of course some aspects are best kept secret, but Parliament was kept entirely in the dark about GCHQ's activities. And either Rifkind's committee was also kept in the dark, or he was misleading Parliament.

Where are Amazon servers? One webmail provider closed down rather than comply with US government demands. I guess Amazon hasn't closed down because it is happy to cooperate with the NSA.