Risks and Security of Voice Technology

The era of typing texts is going into oblivion as the use of voice technology is taking the center stage. There can only be an increase in the use of voice technology since it is now being preferred both for personal and businesses use. Technology around the world has never taken the back seat, but according to Gartner Research, the revolution of voice technology brings about the next paradigm shift in the world of IT.

From checking account information, answering a question, phone searches to turning up a thermostat, voice-enabled digital services from leading manufacturers around the world like Amazon, Microsoft, Apple, and Google are gaining more popularity.

Implementing the voice technology in the business environment will help organizations to cut down on operating cost while providing better services for their customer, said Dan Miller, the founder of Opus Research, an analysis firm which focuses on intelligent assistance as well as voice technology.

Two years ago, as estimated by Miller, almost 2, 700 intelligent technology products had been implemented by over 1,200 companies, with 400 of those products voice-enabled. And not only that, the AI digital market which includes voice-enabled devices is set to have more than four billion consumer devices by the end of 2017 which could exceed seven billion by 2020, this is as reported by IHS Market.

The Risk Involved
Despite the simplicity of use that may come with the voice technology and more people showing interests in voice-enabled devices, experts have warned that the tools are not devoid of specific risks and challenges which users should be cautious of. According to Wenzler, chief security strategist at AsTech Consulting, a cyber-risk management firm, technology users face more risks with the addition of voice. He said that adding more features to a device requires the addition of more code thus making the device more complicated and creating more avenues for it to be hacked.

Majority of the devices that use voice technology also make use of the internet, and most times manufacturers do not install enough security measures in them like many data-collecting devices that belong to this nascent group. The voice-enabled devices can be easily compromised, and this could cause so many problems, said Wenzler.

For instance, any device using voice as a biometric identification factor is vulnerable in the sense that the device can be tricked into mixing up who the actual owner of the device is, or owner’s voice can be intercepted and the voice print used for other purposes. The owner’s voice is the password, and because it cannot be changed or easily altered, its security effectiveness goes the moment it is compromised.

There are also serious privacy concerns associated with voice-enabled devices. Matthew D. Green, an assistant professor of computer science at John Hopkins University’s Information Security Institute made it known that most of these devices come with always-on microphones which listen to everything said by the user. Though the devices are expected to listen to a “wake word” to activate them to listen and respond to a voice command, it is still possible that voice data can be leaked. And this poses privacy risk in the business world where the phone could be erroneously activated, and a supposed private conversation would be found in the Google cloud.

As a result, the private conversation could become accessible to hackers if they break into the device or the cloud systems storing the data. The presence of microphones in offices will lead to a situation where people will want to eavesdrop on the conversation, said Green. This could be dangerous for businesses that use voice data that must not get the attention of their competitors.

Protective Measures to Take
Organizations that are interested in using or developing voice-enabled devices should also take into consideration challenges associated with the collection of data. Voiceprint collections are like other types of personal information that also need protection, said Larry Ponemon, chairman, and founder of the Ponemon Institute

There are various approaches by which protective measures can be taken against risks associated with voice technology. One of such is, as recommended by Dr. Judith A. Markowitz, the implementation of security systems that make use of multifactor authentication instead of depending mainly on voice. She said another biometric could be used as a back up to speaker verification if there are doubts about a person’s identity. Besides, businesses should equally ascertain the importance of the data being protected to be sure of the level of security it requires. She said two or more types of protection might be needed if the data requires high security.

To prevent data breaches and secure voice data privacy, it is preferable that organizations use voice-enabled systems that store the data directly on a device or locally instead of the cloud. Dr. HomayoonBeigi, president of Recognition Technologies and an adjunct professor at Columbia University, said that risk would be minimized if the audio is retained instead of having them in the cloud. However, only data that are necessary should be preserved.

Guiding principles that can help in addressing voice data privacy have been released by The Voice Privacy Alliance which is a non-profit association of IT risk, cybersecurity and privacy experts. As advised by them, businesses should clarify their purpose for collecting voice data, allow consumers to choose the use and sharing of the data as well as give them permission to opt-out when they want to. Informed consent should be written and simplified for the consumers to understand the collection, use, security, sharing, retention and destruction practices for this data.

It is equally recommended by the VPA that businesses should have the competent personnel to oversee data privacy while also having monitoring of data privacy as part of their internal audit programs, risk, and compliance as well as routine governance.

The voice technology poses a good omen, but enough caution should take to avoid falling victim of the risks that come with its usage. If necessary protective measures are taken, the side effect will not be much pronounced.