In the summer, the user privacy world was shaken by the revelations of Microsoft using human reviewers to evaluate Cortana recordings and help the AI improve. According to recent reports, the situation was a lot worse than Microsoft liked to admit back then, engulfing Skype recordings too. As “The Guardian” reports now, Skype audio was reviewed from Chinese workers who were doing this from their home computers, and Microsoft had no security measures in place whatsoever. As confirmed by former contractors, they were free to share the sensitive recordings with whomever they wanted.
Even if their intentions weren’t to share or sell this data, Microsoft provided no cybersecurity tools or training to help them keep it protected from hackers. One reviewer states that he has collected thousands of Skype phone calls in his laptop for review over the years, and he isn’t even compelled to delete them now. The only background that these reviewers provided to Microsoft was their language knowledge credentials and their bank accounts. This is how far the “we take security and privacy protection seriously” goes for tech behemoths like Microsoft, and it’s safe to assume that the story is similar with the other companies that were exposed for doing the exact same thing last summer.
Even if Microsoft didn’t realize their mistake on any of the steps they have taken in this project, they surely knew that any data which ends up on Bejing servers is subject to scrutiny by the Chinese government. Thus, sensitive recordings from Skype and Cortana users from the United States or other places in the world could have been already accessed by the Chinese regime, stored, and used against individuals or even organizations. Putting cost-efficiency over data protection is fundamentally wrong, and a blatant betrayal of the users’ trust towards Microsoft and its products.
The company has assured the media that their grading programs for Skype and Cortana have been scraped, and whatever reviewing takes place now is happening in secure facilities and under strict supervision. This means that there’s nothing going on in China anymore, and Microsoft states that this has been the case since last summer. However, some user has been exposed already, with their recordings still sitting on other people’s computers and their sensitive data being available for potential exploitation at any time in the future. Microsoft has never notified these users, nor have they given them any kind of compensation for the irreversible damage they incurred.