Security awareness

What Does Your Intelligent Personal Assistant (IPA) Know About You?

Ki Nang Yip
August 30, 2017 by
Ki Nang Yip

1.   Introduction

Artificial intelligence (AI) is no longer a theme in science fiction. It is being integrated into our daily life as a result of the high adoption of intelligent appliances. Smartphones can be considered as the engine of driving the popularization of AI. The various capabilities of smartphones allow more sophisticated interactions between human and machine (HMI). Moreover, the Internet of Things (IoT) technology provides the technical architecture for wearable smart devices for personal and medical use. While technology is moving closer to our daily life, smartphones and other intelligent devices are witnessing a shift of user behavior in searching and commanding from traditional desktop/typing to voice. This background encourages hardware and software developers to focus on AI technologies such as natural language processing and machine learning. In this new wave of innovation, intelligent personal assistant (IPA), also known as virtual personal assistant (VPA), is the representative product that serves as the symbol of a new era of AI and HMI.

1.1. What is Intelligent Personal Assistant (IPA)?

IPA is a software application. It assists the user to perform tasks ranging from information search, location services, remote activation, appointment management, health data monitoring to online purchase. The power of IPA lies in its ability of recognizing and dealing with user commands in natural languages. IPA can also record the user input to improve its performance and accuracy over time. The proliferation of smartphones, tablets and mobile applications serve as the ideal platform and medium for IPA. IPA is usually embedded in major operating systems of smartphones and other intelligent computing devices.

Two year's worth of NIST-aligned training

Two year's worth of NIST-aligned training

Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.

1.2. The Current IPA Market

IPA is a new and competitive market for information technology companies. There are hitherto five major IPAs as of early 2017.

1.2.1. Siri

Siri is the IPA of Apple. It was first launched in 2011 on iPhone to answer the inquiries of it users. Other devices of Apple – Apple TV, iPad, and iWatch, to name a few – also have Siri installed on it. Siri is knowledgeable in news, movies, sports, directions and local businesses. It also can control some smart home devices.

1.2.2. Google Now

Google Now has the largest search engine of the world to empower its capabilities. More importantly, it crawls the data and information stored on the Gmail and search history of Google services’ users to respond to their inquiries. Google Now enjoys the advantage of having vast personal data and third-party services information on the web. It can be used on Android, iOS and Chrome.

1.2.3. Cortana

Cortana is developed by Microsoft. The huge market share of Windows and Office makes Cortana an ideal IPA when it comes to inquire Outlook calendar/appointments. Furthermore, Cortana is also supported by Microsoft’s Bing search engine, making it efficient in acquiring information such as sports, weather and location. Cortana works best on Windows, though it is also accessible on iOS and Android.

1.2.4. Alexa

Amazon is the developer of Alexa. It is embedded in Amazon video and audio gears: Echo, Echo Dot, Tap and Fire TV. Alexa can respond to inquiries about the weather, traffic and other information. It also allows its users to do voice shopping on Amazon. Besides, it can control an increasing number of smart home appliances.

1.2.5. M

M is a conceptual IPA developed by Facebook. It is designed to be an integral part of the Messenger application, in which it attempts to answer any inquiries from its users. Unlike other IPAs, M suggests a combination of AI and human intelligence to perfect its capabilities. Facebook intends to set up a team of human officers to support and complement M. It is foreseeable that the AI aspect of M will be powerful thanks to the personal data Facebook collected in the last decade.

2. The Data IPAs Collect from Their Users

The aforementioned IPAs are built and supported by the core services of their developers. These developers are established technology giants having extensive experience in collecting user data and converting it into business opportunities and monetary models. Therefore, the IPAs are not only made to facilitate our daily life, but also collect data through a new channel. As they are always embedded in the user’s device, they can also navigate other information of the device without acknowledging the user. To a certain extent, IPA is no longer the traditional secretary or administrative assistant who locks the door and asks for permission before performing his job. It can bypass this traditional step to do its job faster, notably, reading the user’s email, contacts and other relevant, yet sensitive, information to accurately execute the command. The following attributes are some of the essential information that the IPA gets to know its user.

2.1. Personal information

Basic information about the user is a prerequisite for many digital services nowadays. The name, gender, date of birth, email address and phone number are the most elementary information for the IPA to know about the user. Depending on the authority the user grants to the IPA, it is possible that the IPA acts as the user himself to access, activate and use other services of the device. Personal information is a first and essential attribute for the IPA to know the user, and thus conduct tasks in his name.

2.2. Financial details

One interesting attribute of IPA is its growth with the user in time. As the user commands fund transfers, payments and online shopping, the IPA will be able to understand the user’s financial conditions better than the user himself. In this perspective, the IPA can cross-reference pay days, new tax laws, financial products, stock market information, etc. to help its user implement financial decisions more efficiently.

2.3. Location

IPAs are highly useful when the user is performing manual tasks and looking for informational assistance at the same time. The most frequent situation should be driving. For examples, the user can ask for the shortest way to reach his destination; where is the closest grocery store, cinema, French restaurant, the residence of a contact. Through these inquiries, the IPA can also learn additional information, such as the traveling duration between point A and B as well as the traffic conditions. More importantly, for IPAs connected to the vehicle, they can monitor the gasoline consumption and suggest gas stations within a certain distance. Thus, the locations of the user can be pinpointed to the utmost details by the IPA.

2.4. Contact

Similar to the location search function, it is imaginable that the user commands the IPA to give a call, write a message and schedule an appointment with a contact or service provider while driving, cooking or playing video games. The IPA can learn from these contact commands to learn the relationship status between the user and the contact. Attributes such as the contact frequency and communication duration can help determine the relationship hierarchy of the user. In addition, if the user provides further contact information such as social media identity and birthday, the IPA can indirectly acquire this data to remind the user what this contact shares on social media and getting a gift for him on his birthday.

It is important to be aware that IPAs are capable of learning a great deal of information beyond the user himself. This is in particular true when there is abundant information registered about the other contacts. The IPA market demands a high threshold where there are not many choices. A great majority of IPA users use the same product. This characteristic helps the developers behind IPAs to more precisely achieve user profiling.

2.5. Personal Preferences and Intents

As the interaction between the user and his IPA increases, the IPA can learn considerably many preferences of its user by cross-referencing the history of search, contact and location, schedule, and entertainment, to name a few. For instance, a user of Google Now has been searching the key words “bicycle”, “travel”, “camping”, and a particular location for a few days. He has visited a few bicycle retailers using the IPA’s location service. The IPA can analyze the time he has spent on which web pages based on the relevant keywords as well as estimate the time he stayed in the physical store by comparing the route data to evaluate his bicycle preference. Thus, when this user asks Google Now to suggest good bicycle deals in his city, the IPA can suggest the most pertinent results based on all these attributes. It is also worth mentioning that Google can place a precise advertisement for his bicycle need. The same pattern can take place in the case of looking for a restaurant, a cinema, a birthday gift and a travel destination. IPAs can always cross-reference fast within its reach of records, resources, data and platforms to gather an answer for their user. In a way, they know better the preferences and intents of the user than the user himself.

2.6. Health data

Smart wearable devices are increasingly gaining popularity around the globe. These devices help monitor the user’s biometrics. As such, some IPAs are specialized in healthcare for their users. They require the user to fill in a detailed questionnaire concerning his health status and ask for permission to access other applications on the device so as to optimize the virtual assistance performance. In this perspective, the IPA knows extensively the user’s medical history, allergies, exercise frequency, age, body mass index (BMI), diet, and medication, to name a few. Similar to the points above, IPAs and their developers can efficiently cross-reference this data with other information to create highly customized responses and advice. This can go beyond accessing the calendar and time just to remind the user what time to take pills and when to go to the doctor. It can anticipate the stress level and health conditions through analyzing the weather, local pollutants, and exercise frequency, so as to provide relaxation options or other medical suggestions.

As discussed, the IPAs are developed by powerful high technology companies. IPAs are certainly built to effectively assist their user. Nevertheless, it is crucial not to underestimate how much they know about their user. Having a comprehensive understanding about the locations of the user, his search history (products, services and any other information), his contacts and social network and his health status can make the IPAs, naturally their developers, incredibly knowledgeable about the user. In the era of big data analytics and AI, the potentials of such information can be highly profitable for advertisers and marketing campaigns.

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

3. Conclusion

The different IPAs are still in their early stage of development. The potentials of IPA are unprecedented and it is likely to revolutionize considerably the daily lives of people as well as many industries. Having the capacity to constantly monitor and cross-reference the user’s location, health status, search history and contacts could suggest that IPAs are more knowledgeable about the user than traditional human secretaries. Moreover, despite the extraordinary investment budgets for IPA development, the investing information technology companies do not seem to charge their users for using it. The intention is therefore evident. The data the IPA users generate will be highly useful and probably lucrative for the investors. In such a new environment, the data collection ethics, data security and threats are likely to become a new issue for both the users and developers to deal with.

Ki Nang Yip
Ki Nang Yip

Ki Nang is a researcher in cybersecurity, industrial espionage and political science. He conducts his PhD research in Paris. He studies state-funded cyber-espionage, political impacts in cyberspace for corporate development, and new forms of cybercrime. In his spare time, he also follows cybersecurity and political issues in China, U.S. and Russia.