Alexa, Amazon's artificial intelligence (AI) service, can tell jokes, record a shopping list, play music, give news and weather updates, and much more. Starting March 28, 2025, it can send your voice recordings to its cloud servers whether you want it to or not.
Amazon is removing one security option and altering another in its Alexa-enabled Echo speakers and Echo Show devices. While the retail and online behemoth assures users that their voices and shared data will remain secure, concerns remain. The changes are for the benefit of their updated AI, Alexa+.
The Listening Cloud
When someone gives their Amazon device the wake word — the default is "Alexa," but it can be changed to "Echo" or "computer" — everything said after that is allegedly encrypted and sent to Amazon's cloud servers. Once there, it's decrypted and turned into text, which is analyzed before a response is sent back to the device. The audio that was uploaded is then deleted, according to Amazon.
As long as the Alexa AI can parse the spoken words, most replies are almost instantaneous. This includes verbal responses as well as activating or deactivating other items linked to the Echo device, such as smart thermostats and security systems. Third-party interactions through Alexa are permitted with customer approval.
Dot users had the option to enable the "Do Not Send Voice Recordings" feature. This caused the conversion into text to occur within the device itself rather than in the cloud, thus keeping audio and voice data from uploading.
On March 28, this option will no longer be available. All audio will be encrypted and uploaded to Amazon's cloud. Amazon claims this is necessary to help train and improve Alexa+, the generative AI intended to replace and upgrade Alexa. The more data they're given access to, the quicker AI language models like ChatGPT and Alexa+ can learn.
Amazon claims all audio will still be deleted after it's analyzed and used for teaching Alexa+, although there is still an element of human review in the process. While there have been some issues with unauthorized breaches to Amazon Web Services, these have mostly been due to issues caused by third-party users. No major breaches of the customer cloud data directly under Amazon's control have been reported.
The other security measure affected is the "Do Not Save Voice Recordings" option. It's not being eliminated like "Do Not Send Voice Recordings" is, but keeping it on means Voice ID settings will no longer work. Those who live alone likely won't notice a difference if Voice ID is off. In a house with multiple people using an Echo device, not allowing voices to be saved means the Amazon AI won't be able to identify who's talking in order to access their preferences, such as music playlists.
Options About the New Options
For those concerned about privacy, the changes going into effect on March 28 might be the final straw for removing the Amazon Echo devices from their homes. State laws on the required transparency of items collecting data and the privacy rights of consumers vary.
The end-user agreement required to use an Alexa-enhanced device declares that user data will be used to improve their services. Any disputes with Amazon must be resolved in King County, Washington, and only a bench trial is permitted under Amazon's conditions of use. Opting out of having voice data uploaded is no longer available, but unplugging the device remains an option.
Related Resources
- Cloud Computing and Law - The Basics (FindLaw's Legal Technology)
- Drafting Enforceable User Agreements and Liability Waivers (FindLaw's Law and Daily Life)
- Ninth Circuit Sides Against Binding Arbitration for Non-Obvious Terms of Service on Website (FindLaw's Federal Courts)
