We need a full investigation into Siri's secret surveillance campaign

By Ted Greenberg

No one wants their most private activities secretly monitored. That’s why wiretapping is strictly regulated in the US and most of the world. Federal law makes it a crime for the government to surveil communications without a court-ordered warrant. This is not the issue here. Nor is this a case involving one-party consent. Who authorized the makers of Apple’s Siri and their vendors to listen to private conversations in my home? Not me. So why should Apple be allowed to do this? This is what we must find out.

Every tech company with voice-activated computer assistants like Amazon’s Alexa and Apple’s Siri, Microsoft’s Cortana and Google Assistant promises to protect privacy. But an ongoing privacy scandal involving Apple’s Siri personal assistant raises fundamental questions about whether these promises can be believed – and cries out for aggressive investigation by regulators on both sides of the Atlantic.

Last summer, the Guardian revealed that Apple was allowing its Siri voice assistant to transmit recordings of people without their knowledge. A former contractor who worked for Apple in Ireland told EU regulators that he heard highly personal conversations as part of a project that transcribed portions of Siri recordings to improve the feature’s voice recognition. Apple apologized after the infractions were revealed and said it had suspended the project while it implemented better practices.

Now, in a 20 May letter to EU privacy regulators, the whistleblower, Thomas Le Bonniec, renounced his non-disclosure agreement with Apple and demanded that regulatory authorities investigate Apple. He told the EU that while working for Apple his work included listening to the private conversations of people all over Europe talking about their cancer, dead relatives, religion, sexuality, pornography, relationships and drug use, among other topics, in secret recordings made by Siri and sent to Apple without their knowledge. Le Bonniec said regulators needed to take action because big tech companies “are basically wiretapping entire populations”.

So far, all the EU has done is say it is talking with Apple. In May, an Irish regulatory authority told Politico it is “still engaged with Apple on a number of fronts, [and] still getting answers to questions”.

Meanwhile, there is no evidence the US has done anything to determine the extent of Apple’s secret Siri surveillance program. Laws protecting private communications include not only wiretapping at the federal level but state laws protecting against invasion of privacy. The Federal Trade Commission (FTC) could determine that it’s an unfair trade practice to tell a consumer you’ve protected their information and then to secretly listen in, even if it’s only snippets or anonymized. So it’s critical to investigate whether Apple’s EU-based privacy abuses also took place in the US.

What’s clearly needed now is a comprehensive investigation in the US, as well as in Europe, into what Apple did with its Siri monitoring program, and whether the other big tech companies have been responsible for similar abuses. The FTC is working on antitrust inquiries of Facebook and Amazon. The Department of Justice is allegedly investigating or considering investigating Google, Facebook and Apple. And in a potential breakthrough, the CEOs of the big four tech giants – Apple, Facebook, Google and Amazon – have just testified before the House judiciary committee about their alleged anti-competitive conduct.

Notably, both Google Assistant and Amazon’s voice assistant Alexa have also reportedly engaged in monitoring consumers without their knowledge. Those investigating these companies on antitrust issues should add these reported privacy violations to the scope of their investigations into each of the tech giants.

Apple should be undertaking its own investigation as well. Siri gets about 15bn requests from customers a month. Even if only a small percentage of them were secretly monitored, that’s a lot of people whose privacy was violated. As a publicly traded US company with a $1.5tn market capitalization, Apple has reporting obligations to its investors under US securities laws to alert them to any material risks to the company. If the facts show that Apple did engage in what Le Bonniec called a “massive violation of the privacy of millions of citizens”, the implications for liability to class-action suits and regulatory fines could be substantial.

When a publicly traded company admits it hasn’t lived up to its promises, the company’s audit committee can – and should – order a comprehensive, impartial investigation by an outside law firm to find out what happened, and to report to its board of directors – and ultimately, to the public - as a way of coming clean with their customers and investors.

Public reports suggest that Apple acquired people’s private information both intentionally, as part of its efforts to improve Siri’s functionality and voice recognition, and accidentally, especially with the Apple Watch. But without comprehensive investigations, we may never know the extent of the damage to Apple’s customers, as well as what Apple has done to clean up its apparently egregious privacy violations. We need to make sure that when a company promises to protect your privacy, it pays a significant price when it breaches that trust.

  • Ted Greenberg served as a federal prosecutor in the US justice department. During his tenure he investigated money laundering, terrorist financing, fraud and corruption