Microsoft has been accused of putting user privacy at risk by outsourcing Skype and Cortana transcription analysis without any real security measures in place. This is just the latest in a long line of companies that have recently been accused of not taking user privacy as seriously as they should.
Users consume data and that data has the potential to be used in many ways. At the big data level, information can be used to analyze trends or even create new drugs for the healthcare industry. At the personal level, it can compromise financial information, or just impede a user’s privacy. In this case, the latter is what Microsoft is now being accused of.
A new report by The Guardian highlights a former Microsoft contractor revealing that paid outsiders were recruited and allowed to listen in on customer recordings without any security measures in place. The contractor is referring to recordings that were made using both Skype and Microsoft’s Cortana virtual assistant with humans employed to verify automated transcriptions to help improve the performance and accuracy of the technology. Making the accusations all the worse, not only did Microsoft allegedly fail to adequately screen the workers themselves, but information was shared with very minimal protections in place. For example, the contractor say workers would access user data through a Google Chrome web app, over the Chinese internet, from their home laptops.
Microsoft, Cortana Just The Latest Accused Of A Data Failure
It is no longer unusual for a large tech company to be accused of either intentionally or inadvertently failing to protect users. Facebook has routinely been accused of this with the latest accusations surfacing last month when a reported data breach put personal information of more than 267 million users at risk. However, what’s concerning here is the sheer scale and levels of security lapsing that is said to have occurred under Microsoft’s watchful eye. The former contractor explains that at almost every level there was some compromise taking place. When initially joining the team, new contractors were insecurely emailed predictable usernames and passwords, and in plain text. Then, while workers were expected to work in an office location, soon afterwards they were able to work from home, from their own unsecured laptops and computers using the minimally secured login details. All of this is without taking into consideration the digital transactions were taking place over the Chinese internet which raises its own security and privacy concerns.
All in all, Microsoft is being accused of multi-factored data privacy breaches here. While some may argue these are the words of a former contractor, this is not the first time the issue has been reported on considering it was Vice that in August of 2019 revealed Microsoft contractors had been hired to listen in on some Skype calls. The current report simply looks to further add weight to those original claims while also highlighting how deep the security breaches ran. Of course, Microsoft has since confirmed it has made changes to its processes to avoid any similar accusations in the future. As well as explaining any recordings that human reviewers might have been exposed to were “snippets” and not entire conversations. Although that’s unlikely to reassure anyone who is already concerned about the security of their Microsoft data and privacy.
