For several years, Microsoft listened and processed the voices of Skype and Cortana users without any security measures. About this publication The Guardian was told by a former contractor of the company, who for two years was engaged in processing user votes using a personal laptop in his home in Beijing.
According to the contractor, workers got access to the Cortana voice assistant command recordings and some Skype phone calls via a web application running in the Google Chrome browser on their personal laptops using Chinese Internet. At the same time, they did not receive any assistance in protecting data from the intervention of cybercriminals or governments. Moreover, according to instructions from Microsoft, for greater convenience, all employees had the same password, and there was no verification at all of the employees themselves.
“I analyzed the records in British English (I’m British), so I listened to people who installed British English in the settings of their Microsoft devices and had access to them through my home laptop with just a password,” said a former sample analysis worker user speech. He received his username and password from Microsoft via e-mail in an unencrypted form, and the login was very simple, and the password was one for everyone.
For the first time about wiretapping conversations conducted through an interpreter in Skype, it became known in August last year. As reported, the Skype application collected and used user conversation recordings to improve Microsoft products, as well as to develop translation and speech recognition technology.
According to Microsoft, the company has since closed the Skype and Cortana user speech processing program for the Xbox, and transferred the rest of the speech sample analysis staff to secure offices located outside of China.