Should We Trust Cortana?

If you are Windows Phone user, you might already know about Cortana. It is personal assistance for Windows Phone and in upcoming version of Windows, which is Windows 10, it integrate inside Windows to help and assist you. Cortana is really powerful and it helps you to be more productive and it actually work as your personal assistance. However, the big question remains which is how much could we trust Cortana (In term of privacy)?

Cortana associated with your Microsoft Account and there is no way to use it without sign-in with your Microsoft Account. The more you use it, it will get smarter and it create a personality of you in the cloud. To understand this let see a simple scenario with Cortana. I booked a flight and let Cortana remind me about it, I have my calendar there so Cortana could see my schedule and remind me about my meetings. I could add my favorite restaurants, place to visit, news, etc. In the other word, you will share whatever you like with Cortana and it associate with your Microsoft Account. The good part is when you are in different device , let say you put your phone somewhere else and you are using your Windows 10 PC, Cortana is there to remind you and show things which you are interested on your PC. So what you like associate with your Microsoft Account. Where are these data? They are located in Microsoft data center or Microsoft cloud and they are follow Microsoft privacy statements and with restrictions of access and in secure area. But information itself is very sensitive, they are more sensitive than your emails or your share data. They are your personalities. It is a version of you on the cloud and if someone access it without authorization, he or she would know a lot about you. For example, teams which you support, political parties in your interest, area of interest, job, location and your personality. With such information, you could control people because you know what they like and you could highlight them to gain their favor and it is interesting trick for governments to gain vote. Government agencies could also use these data to find out if anyone interested in doing something against the government or national security. It is a lot easier to find your location and see your plans. When police investigating someone, his or her secretary is the best one and is the first person which is being questioned, because he or she would know a lot about the suspect and has complete data of all meetings, travels and others. Of course secretary is human and might or might not collaborate or try to protect his or her boss. But Cortana is not human, she doesn’t have feeling, conscience or human value and will do just what has been told. This is what makes thing more complicated about Cortana. What if one of government authority show up in Microsoft data center with warrant to check your Cortana data? In the other word, question your digital secretary? Does Microsoft provide sufficient mean to protect your privacy? This not only question for Cortana, this is the same question should be asked from all other companies who provide digital assistance like Apple’s Siri. There are many problems with privacy in the cloud which hasn’t been solved yet. Data being stored outside countries or data center, so it would be interesting if there was possibility to store Cortana’s data as private cloud within a country or within internal servers. Another issue is related to data access, systems should be designed in such a way that no one could have any form of access to those data. Even administrators shouldn’t have capability to view data, so when authorities request check data, we could allow them but they couldn’t do anything and they won’t access it. Another issue is there should be transparency over what is being monitored. For one example, if certain words which might associate with terrorism activities being used in Cortana, are they being recorded and reported to authorities? If yes, this should be explained.

Cortana is great application and it demonstrates the power of cloud. But there are many privacy issues remains unanswered. This open up opportunities for researchers to come up with new privacy model for cloud.


Comments are closed.

%d bloggers like this: