seers-logo-1.svg

Apple’s Siri: Whistleblower Points to Data Protection Failures

Siri is being watched. Many Apple users have the right to know that their beloved application may be compromising on their data privacy. According to the whistleblower, strict action is needed to prevent Siri from processing voice recordings.

Ireland’s Data Protection Commissioner (DPC) contacted Apple again after the whistleblower contacted them. Thomas Le Bonniec worked as a former Apple subcontractor. He was in charge of the “Bulk Data”, where he was transcribing user requests in English and French.

What did he tell them:

He was able to file a complaint with other colleagues last year. The letter addressed to the European privacy regulator reported the “massive violation of the privacy of millions of citizens’’:

“I am extremely concerned that big tech companies are basically wiretapping entire populations despite European citizens being told the EU has one of the strongest data protection laws in the world. Passing a law is not good enough: it needs to be enforced upon privacy offenders.”

In these violations, the project aimed at listening to various recordings received from Apple devices in France to correct the transcriptions of Apple’s vocal assistant (Siri). These iWatch, iPhone, and iPad recordings were mostly collected without users being aware of it. This means that the consent was somewhat muddled up. Yours could be one of them. The recordings were even taken without activation of a virtual assistant by the user.

The consent also becomes problematic since it was not just the direct users who were being recorded. People in the background involving anyone who was in the range of the device, including children, family, coworkers and friends were all being recorded without notice.

Le Bonniec reported, “The system recorded everything: names, addresses, messages, searches, arguments, background noises, films, and conversations.” This is critical because a company is simply not allowed to use data subjects to collect unnecessary information from unknown and uninformed participants.

The DPCs’ response

Ireland’s Data Protection Commission (DPC) is under a lot of pressure to investigate major data processing activities of companies located in Silicon Docks which is home to many high-tech companies. These include the headquarters, home of Google, Facebook, Twitter, Linkedin and many others.

According to the Whistleblower, “nothing has been done to verify if Apple actually stopped the program” claiming his sources already confirmed the program is ongoing and is asking for immediate action by the authorities.

Is spying legal for tech giants?

Le Bonniec stated:

“It is worrying that Apple (and undoubtedly not just Apple) keeps ignoring and violating fundamental rights and continues their massive collection of data.”

Many products from Amazon and Google do not comply with data protection requirements according to recent lawsuits. Apple, though a very large company owning more resources than many nations, may not be far from one for itself. Could this be another class-action lawsuit waiting to happen? Perhaps. Can this spread out of Ireland and be tested in an international court of law? Perhaps.

According to DPCs’ Annual Report 21 multinational technology enquiries have involved names like Twitter, Facebook, Instagram, Apple, Quantcast, and more. The results are awaited though.