Microsoft is subject to a scandal at the turn of the decade with a cybersecurity threat of its own. They face allegations implying the company allows its employees to grade Skype and Cortana audio recordings without implementing strong security measures. In response to this, Microsoft released a statement saying that the company has actions to enhance the security of their grading process.
Compromising Grading Job
The allegations came in light of a revelation by a former Microsoft contractor who alleged that he was allowed to access possibly sensitive files right at his home in Beijing. The anonymous source first reported in an office but was later allowed to work from home.
The contractor's job involved reviewing recorded audio from users' Cortana and Skype usage. It's the contractor's job to 'grade' the AI's reading of the users' voice, aiding the AI to learn speech recognition much more quickly and accurately. Microsoft describes the job as "... [the] review [of] short snippets of de-identified voice data from a small percentage of customers to help improve voice-enabled features." In the same statement, Microsoft confirmed that they do outsource the work to other companies.
To do his job, the contractor was given access to a Microsoft program into which he accesses using credentials provided to him in plaintext. To note, account credentials should always be provided through encrypted messaging systems, as plaintext is susceptible to leaks and data breaches.
In addition to this first security lapse, the contractor says that the password given to him at the time was the same password Microsoft gave all new employees in the same year. This opens the opportunity for rogue employees to use these files maliciously.
Finally, since the contractor used to work in Beijing, it is speculated that the Chinese government could have had access to the files during the duration of the contractor's term. The Chinese internet is closely monitored and could be controlled by their government, which makes cybersecurity measures important in the case of handling sensitive data.
Microsoft's Response
Microsoft has since responded to the allegations. According to a report by The Guardian, Microsoft released a statement that they have stopped their grading programs for Skype and Cortana. They have also since moved their human grading facilities in "secure facilities," none of which is in China.
"This past summer, we carefully reviewed both the process we use and the communications with customers," says Microsoft. "As a result, we updated our privacy statement to be even more clear about this work, and since then, we've moved these reviews to secure facilities in a small number of countries. We will continue to take steps to give customers greater transparency and control over how we manage their data,"
Microsoft tried to assuage fears of personal, sensitive information was leaked in the grading process. The files shared are only up to ten seconds long and are randomly sampled from users. The company says that with such short snippets, people don't have anything to worry about. Regardless of the content of the files, the fact that the company had very weak security measures in place is what drew the criticisms in the first place.