Senators Jeff Flake (R-Ariz.) and Christopher Coons (D-Del.) have written a letter to Amazon’s Jeff Bezos, following reports that an Echo device recorded a couple’s private conversation and sent it without notice to a friend in their contact list. Flake is chair of the Senate Judiciary subcommittee on technology and privacy and Coons is on the subcommittee’s panel.

The letter reads:

“While Amazon has stated that the company is evaluating options to make this series of events less likely to occur, we are concerned that the device in this instance performed precisely how it was designed … Without prompt and meaningful action, we expect that additional instances like the one summarized above will happen again … The increasing popularity of in-home, internet-connected devices and voice-activated technologies raises questions about the types of data they collect, store, and share, and the degree to which consumers control their personal information … Companies, like Amazon, that offer services through these devices must address these concerns by prioritizing consumer privacy and protecting sensitive personal information.”

Amazon maintains that the incident involved the device mistaking part of the couple’s conversation for a ‘wake word’, which alerts the device to an imminent command or question. Then, according to Amazon, this led to the device sending an audio recording to a specified recipient in the contact list. The couple were chatting about home improvements, meaning that a series of mundane phrases were misinterpreted first as a command to record, then as a command to stop recording, then as the name of a contact, and finally as a confirmation.

The letter asks a series of questions about Echo’s AI, including (paraphrased):

  1. Are Echo devices designed to send voice data to an Amazon-controlled server? If so, when and how frequently? How long is that data stored/retained? How is that data anonimized?
  2. After activation via a ‘wake word’, how long is Echo designed to listen for a command? Does it also record background conversations? Does it store recordings of audio prior/subsequent to a command?
  3. Does Alexa software perform machine learning? If so, does it utilize a collection of stored recordings associated with each device to improve its understanding of each user’s commands?
  4. Is Echo designed to stop actively listening after performing a command? If so, how long after the last command does Echo deactivate and require a new ‘wake word’?
  5. Can third-party developers modify the Alexa software? If so, in what ways, and are there plans to limit this ability? Does Amazon plan to employ a developer to improve Alexa’s service?

Finally, Bezos is asked to describe “any and all purposes for which Amazon uses, stores and retains consumer information, including voice data, collected and transmitted by an Echo device,” and to outline the steps Amazon is taking to minimize the risks of consumer information being misused, abused, misinterpreted, or shared without consent.