Amazon Echo Murder Case Raises IoT Privacy Questions for Enterprise Users


Joel Reidenberg was quoted in Tech Republic about a murder case that involves Amazon Echo, a voice command device that police believe may have recorded evidence pertinent to the investigation.

While Amazon released some account details to police, it has yet to offer any data from its servers, according to the New York Times. “Amazon will not release customer information without a valid and binding legal demand properly served on us,” the company said in a statement. “Amazon objects to overbroad or otherwise inappropriate demands as a matter of course.”

“This reflects the significant privacy issues associated with this always-on, always-listening device,” said Joel Reidenberg, founding academic director of the Center on Law and Information Policy at Fordham University. “In this case, the prosecutor has reason to believe the Echo was in effect witness to a murder. As such, it is discoverable information.”

Personal assistants and other Internet of Things (IoT) devices that can record conversations in the home will likely be targets for subpoena in civil litigation going forward, such as divorce proceedings, Reidenberg said.

It’s likely that we will soon see state legislation looking more carefully at eavesdropping statutes, Reidenberg said. “Most states have eavesdropping statutes, but the problem is, most device owners have consented to the eavesdropping,” he said. In a majority of states, with that implicit consent, this recording could be used in court, he added.

More than half of major new business processes and systems will incorporate some element of IoT by 2020, according to a Gartner report. The spread of IoT devices in the office raises substantial security concerns for companies, Reidenberg said, “in that they become tools for the exfiltration of confidential business data very easily.”

This means business leaders need to be aware of what devices are deployed in their office, and set rules for employees on what is allowed in the workplace, Reidenberg said. They may also want to set rules about where listening devices are permissible—perhaps an Echo is allowed at the reception desk, but not in the boardroom where highly sensitive matters are discussed, he added.

“The thing to keep in mind with this case, and similar ones that will come down the road, is that the developers of these personal assistants will have opportunities to re-engineer the technologies to try and avoid some of the problems,” Reidenberg said.

Read the full article.


Comments are closed.