Microsoft says Skype calls are now transcribed in “secure facilities in a small number of countries,” following a new report in The Guardian about the company’s use of contractors in China to listen to some calls to make sure the company’s transcription software is working properly.
Just to be clear: Microsoft grades these Skype audio calls in an effort to make sure that its transcription service is working properly. That’s why the listening/grading is happening at all.
The latest report today is based on information gathered from one of those contractors, in this case a former one who said he listened to transcribed Skype calls with “little” cybersecurity in place to prevent potential state interference. Over the course of two years, the contractor says they listened to private Skype and Cortana audio recordings from a personal laptop at home.
The audio content was accessible via the Chrome web browser and a web app. The contractor says there was little security in place, no vetting of employees, and, as mentioned above, the recordings were accessible without any additional security precautions on the internet in China.
It sounds a bit crazy now, after educating myself on computer security, that they gave me the URL, a username and password sent over email.
A spokesperson for Microsoft responded to The Verge and said that the recorded audio is just “snippets”, and measure ten seconds or shorter. The spokesperson said that no contractor would have access to any audio recordings longer than that, adding, “If there is questionable behavior or possible violation by one of our suppliers, we investigate and take action”.
The Microsoft spokesperson went on: We’ve always disclosed this to customers and operate to the highest privacy standards set out in laws like Europe’s GDPR.
Microsoft was first pegged to be doing this back in August of last year.
As a result, we’ve updated our privacy statement to be even more clear about this work, and since then we’ve significantly enhanced the process including by moving these reviews to secure facilities in a small number of countries. We will continue to take steps to give customers greater transparency and control over how we manage their data.
Microsoft says the recordings are now graded in “secure facilities” across the globe, so it’s certainly possible this former contractor was doing things incorrectly and against Microsoft’s policies. Still, it’s a worrying report that maybe things haven’t changed all that much from last year.