[LINK] We'll just send your speech to our servers ...

Stephen Wilson swilson at lockstep.com.au
Thu Oct 13 11:12:14 AEDT 2011 

On 12/10/2011 8:06 PM, Kim Holburn wrote:
> 
http://arstechnica.com/apple/news/2011/10/siri-is-iphone-4s-only-today-but-where-will-it-be-tomorrow.ars
>
 > So to do its speech recognition, your iPhone 4S sends your speech to 
a server
 > on the internet and gets return text. Anyone see any issues with that?

You bet!

One assumes that the voice data is personally identifiable.  Therefore 
it is subject to Privacy Law.

The ALRC in its review of Australian privacy law recommended that 
legislation be amended to tighten controls around biometrics.  
Specifically, the ALRC recommends that biometric templates and data be 
treated as Sensitive Personal Information.  That means that transborder 
flows of voice data will be subject to higher scrutiny.  It seems likely 
that these law reforms will go through, although not in a hurry.

I don't know if user authentication by voice biometrics is part of Siri 
or not, but if not, I bet it will be. If biometric data in future is 
indeed treated as Sensitive, then Australian law will require express 
consent for collection to be given *before* collection.  If a bunch of 
voice data is collected and recorded today for some purpose like 
convenient phone shortcuts, and then later on that data is re-used for 
biometric user authentication, then the holder of that data may have a 
very big compliance problem.

[BTW this problem is likely to hit Facebook with its face recognition 
like a tonne of bricks one day.  They are today running biometrics 
algorithms over photos of people without consent.  Most of the subjects 
in the photos didn't even upload the photos in the first place, and had 
no say in what Facebook subsequently does with them.  None of the photos 
were originally uploaded for any purpose other than storing them in 
albums in the cloud.  No biometric usage was contemplated.  And the 
Facebook Privacy Policy is silent on this.]

Is there a Siri privacy policy?  What Secondary Use of saved voice data 
does it contemplate?

Cheers,

Stephen Wilson
Lockstep

http://lockstep.com.au <http://www.lockstep.com.au>
Lockstep Consulting provides independent specialist advice and analysis
on digital identity and privacy.Lockstep Technologies develops unique
new smart ID solutions that enhance privacy and prevent identity theft.

More information about the Link mailing list