Microsoft listened to Skype calls with 'no security' to protect recordings, report says

Microsoft uses human reviewers to improve voice services like Skype and Cortana, but a report says it had "no security measures" in place to guard data.

Carrie Mihalcik Former Managing Editor / News
Carrie was a managing editor at CNET focused on breaking and trending news. She'd been reporting and editing for more than a decade, including at the National Journal and Current TV.
Expertise Breaking News, Technology Credentials
  • Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.
Carrie Mihalcik
2 min read
Skype logo
Jaap Arriens/Getty Images

A Microsoft effort to improve Skype  calls and the  Cortana  virtual assistant by listening in on user interactions reportedly had "no security measures" in place to protect data. Contract workers in China were able to access recordings via a web app from personal computers in their homes, according to a Friday report in The Guardian. 

An unnamed former contractor told the publication he reviewed thousands of recordings on his personal laptop from his home in Beijing over the two years he worked for Microsoft. The recordings included deliberate and accidental Cortana activations as well as some Skype calls, according to The Guardian. Workers were reportedly given no cybersecurity help, and usernames and passwords to access recordings were emailed to new contractors in plain text. 

Microsoft has human workers listen to "short snippets" of voice conversations to improve services like Skype and Cortana, media reports revealed this past summer. And it's not just Microsoft. Apple, Google, Amazon, Facebook and others all had similar programs in place. The industry practice raised privacy concerns from consumers about how their voices and data were being used. Some of the companies have since made changes to their programs, including letting people opt out of audio reviews.

Microsoft has also made changes, including moving its review program to "secure facilities," none of which are in China. 

"This past summer we carefully reviewed both the process we use and the communications with customers," a Microsoft spokesperson said in an email Friday, in response to a request for comment on the Guardian report. "As a result we updated our privacy statement to be even more clear about this work, and since then we've significantly enhanced the process including by moving these reviews to secure facilities in a small number of countries."