The Bellefield Blog

Bellefield is a leading innovator in Legal Mobile Technologies and Enterprise Solutions,
bridging the gap between your enterprise software, mobile devices, and desktop applications.

What All Law Firms Need to Know About Siri

Posted by Gaby Isturiz on June 25, 2015 at 8:46 AM

25127152_sSiri and other text-to-speech technologies offer many conveniences, but is our privacy at risk?

The question boils down to this: is Siri a big blabbermouth disguised as a helpful sidekick?

According to this article published by Esquire titled “Siri is Definitely Sharing Your Data with Third Parties,” a Reddit user discussed having access to voice recordings from random Apple and Samsung customers that were generated through text-to-speech technologies, such as Siri, while working for a data mining company. The user, FallenMyst, shared this experience to serve as a warning to mobile users that their data may not be as private or personal as they might assume.

What does this mean for attorneys who rely heavily on text-to-speech solutions for transcription, timekeeping, and other daily processes? Could Siri and its voice-powered pals be sharing sensitive case information with unknown parties?

Here’s what you need to know about Siri and Privacy:


#1: Understand the difference between selling and sharing data.

There does not seem to be any evidence in the above article (or in the articles linked from it) which indicates that Apple is selling Siri data to third parties. Apple, Google, Microsoft, and others often engage with external companies to enhance their text-to-speech technologies. In order to achieve this goal, it is possible that mobile device manufacturers might share some of their recordings (completely anonymous and apparently up to 5 seconds in length) with these vendors.

Apple’s iOS Software License Agreement also clearly states that, "By using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and dictation functionality in other Apple products and services."

To ensure users’ privacy and anonymity, Apple generates a random number to represent each user and associates their voice command with that number, which is obviously not your Apple user ID or email address. Apple’s IOS Security documentation, “When Siri is turned on, the device creates random identifiers for use with the voice recognition and Siri servers. These identifiers are used only within Siri and are utilized to improve the service. If Siri is subsequently turned off, the device will generate a new random identifier to be used if Siri is turned back on.”

That language seems to authorize sharing only for the purpose of improving Siri. While this was not mentioned explicitly in the article, it is likely that these external companies and their employees/contractors are bound by the appropriate confidentiality agreements between themselves and Apple, Google, Microsoft, etc.

#2: Dictation does carry certain risks.

Having said that, it is very important that attorneys understand that everything that they dictate into their phones (be it an email, a document, a time entry, a text, etc.) will be sent to a server for speech-recognition and there is a small risk of it being heard by a person. To properly assess the risk of information disclosed, your attorneys will need to consider the following:

  • The recordings are completely anonymous

  • The recordings are cut into 5-second clips

  • The recordings are only shared with external companies to enhance the speech-recognition technology

  • Only a small sample of the recordings are ever listened to by a person

Don’t forget, any of this can (and will) change in the future.

#3: The biggest mistake you can make is adopting an “all or nothing” approach.

In our view, each attorney should weigh the convenience of dictation versus the potential risk of information disclosure. Rather than an “all or nothing” approach, the decision to dictate versus type should be made on a case-by-case basis and should depend on what is about to be dictated. For example, dictating “Conference call with client to discuss case strategy” carries little risk of information disclosure simply because there is little useful information attached to it: the recording is anonymous and not associated with an attorney, a client, or a case. In this case, dictation would be appropriate. On the other hand, if you are about to dictate “Conference call with ’Company Name’s’ counsel regarding filing of patent for recently discovered cancer-curing drug,” then it is probably a good idea to skip the dictation and simply type the information. If what you are about to dictate contains a significant amount of “identifying” information, then you should probably abstain from dictation and choose to type instead.

The complex topics of data and privacy will continue to be of top concern for individuals and companies as we navigate a world driven by technology-based interactions and processes. That’s not a bad thing. It is most important to stay educated and aware in order to make the best decisions possible to balance technology utilization and privacy.

New Call-to-action

Share this Post:

Topics: Mobile Technology

© 2019 Bellefield Systems, LLC