Microsoft Now Reviews Skype and Cortana Audio Data in “Secure Facilities”
A former Microsoft contractor told in an interview that he worked from home in Beijing while performing the transcription of Cortana recordings and calls made on Skype. The unidentified worker used to review audios using his personal laptop for two years. The company used third-party contractors who reviewed audio snippets to make sure its transcription software was working properly.
“I heard all kinds of unusual conversations, including what could have been domestic violence. It sounds a bit crazy now, after educating myself on computer security, that they gave me the URL, a username and password sent over email,” said the contractor.
An interview with the former employee followed a summer report on Microsoft. The August 2019 report revealed the fact that Microsoft hired third-party contractors who listened to Skype and Cortana voice recordings with “no security measures.” They were allowed to transcribe recordings from home across Beijing using their personal laptops. To do that, the contractors used a web app in a Google Chrome browser. Furthermore, to gain access to the conversations, the workers were provided with a username and the same password that they received in emails.
No other security measures were taken, making state or even criminal interference possible, and no proper background check of new employees was made either. Thus, thousands of audio conversations from Cortana and Skype were reviewed this way with no cybersecurity protection.
Following the summer report, Microsoft stated that Skype and Cortana grading programs were ended, and the review program was moved to facilities outside of China. Moreover, the contractors who reviewed the material had no access to audio “snippets” that were longer than ten seconds.
This past summer we carefully reviewed both the process we use and the communications with customers. As a result we updated our privacy statement to be even more clear about this work, and since then we've moved these reviews to secure facilities in a small number of countries. We will continue to take steps to give customers greater transparency and control over how we manage their data.