Alexa, Can Police Access Your Recordings? Florida Criminal Case Raises Questions About Smartspeakers
Police in Hallandale Beach want to gain access to a unique “witness” in a criminal investigation.
Adam Reechard Crespo and his girlfriend Silvia Galva had an altercation in their bedroom on a warm July night this year. Galva was killed and now Crespo is being charged with her murder. His defense is arguing the death was an unfortunate accident. Detectives believe an Amazon Echo Dot may have captured voice recordings during the altercation and might have a clue about what happened, according to a report by the Sun Sentinel.
Michael Froomkin is a University of Miami law professor and the founder of the WeRobot Conference, an annual gathering of experts focused on policy and law in the field of technology. WLRN’s Danny Rivero spoke with Froomkin on Sundial about the Florida case and what privacy people who use smart speakers can expect with their data.
The following transcript of the interview has been lightly edited for clarity.
WLRN: There's a murder case in Hallandale Beach that police have asked for recordings from an Alexa Echo Dot. The case presents some questions about who's able to access what information.
FROOMKIN: Well, yes and no. I'll put on my law professor hat for a minute, if you'll forgive me. The frame you started the conversation with - here's a 'witness' - is not the frame a lawyer would use except in talking to a jury. Because what we have here is a record, we have data held by a company, a third party. And we have extensive law about when the police can access records. [Say] the bank has your bank statements and [the police] are trying to investigate you for tax fraud against you. You can say, 'I wrote the bank a letter and said, don't tell anybody,' but it won't matter. Once that record is out, it's out of your control and sometimes even when it's in your controls, it's if it's on paper on your computer, the police can get it.
Because a record has been created?
It's a thing, right? And we have a lot of laws about how the police, with the right judicial process, can go and get things that might be incriminating to you.
People are bringing these technologies into their home. Are they creating records that can later be accessed and used against them?.
So that depends on three things. One is, what does it say in the contract? I mean, what are [the companies] saying they're going to do with your data? The second is, do they actually do what they promised? And the third is, can someone hack the device and get it to do something other than what the company said it was going to do?
And what are the current privacy laws when it comes to something like recording your voice and selling that data to advertisers or to someone else?
So again, the law here is relatively clear, although it varies a little bit from state to state. If somebody surreptitiously puts a recording device in your house without a court order, that's eavesdropping and wiretapping and it's very illegal. If someone records your phone call in Florida without your consent, we are a two party consent state. So both sides of the conversation need to consent. But if you sign a contract when you buy the device, you clicked 'I agree to the terms and conditions.' And in the terms of conditions it says we can record you now. Consent is a complete defense. So the only question is, what exactly do you consent to? And that takes us to the into the weeds of the contract.
There's increasing concern about an individual's health data being captured and sold by companies. For instance, earlier this year, Florida's Chief Financial Officer Jimmy Patronis warned Floridians about sharing medical information with their smart speakers. And it was uncovered by Bloomberg News that Amazon employees were actually collecting voice recordings and transcribing those conversations. Amazon claims that it's using that information to improve the voice recognition software. But if you're a user and you go to one of these technologies to help yourself, how can you protect yourself and know that sensitive information is not being shared around?
Well, what I tell my students or my friends [is] there's one sure fire way to protect yourself against these home devices: Don't buy them. Don't let him in the house. That's the only sure way to protect yourself. And if you can't bring yourself to do that, get a metal trash can and put it on top of it when you're not using it.
Now, the classic advice you're going to see online is a little different, right? They say, 'oh, get into the settings and turn off the microphone and the camera when you aren't using it.' And that's good advice, although you have to then trust the company to actually honor those settings, which is probably a fairly good bet most of the time.
But you also have to trust that the devices aren't hackable and some third party can't come in and do that. And that's a slightly less good bet because everyone's fallible and people find bugs in software and you never know what's going to happen.
Some other advice online is to go into the settings and delete all the old recordings. And that's good advice. But again, you got to trust the company to do that. And if it's not automated, so what happens regularly, you've got a schedule to do it on the first of every month.