People

Amazon’s head of Alexa Trust on how Big Tech should talk about data

Anne Toth, Amazon's director of Alexa Trust, explains what it takes to get people to feel comfortable using your product — and why that is work worth doing.

Anne Toth

Anne Toth, Amazon's director of Alexa Trust, has been working on tech privacy for decades.

Photo: Amazon

Anne Toth has had a long career in the tech industry, thinking about privacy and security at companies like Yahoo, Google and Slack, working with the World Economic Forum and advising companies around Silicon Valley.

Last August she took on a new job as the director of Alexa Trust, leading a big team tackling a big question: How do you make people feel good using a product like Alexa, which is designed to be deeply ingrained in their lives? "Alexa in your home is probably the closest sort of consumer experience or manifestation of AI in your life," she said. That comes with data questions, privacy questions, ethical questions and lots more.

During CES week, when Toth was also on a popular panel about the future of privacy, she hopped on a Chime call to talk about her team, her career and what it takes to get users to trust Big Tech.

This interview has been edited and condensed for clarity.

How does the Trust team work? That's what it's called, right?

Yeah. I work on the Alexa Trust org, it's part of the Alexa organization overall. The team that I work on is responsible for building all the privacy features, all the privacy controls and settings, and thinking about privacy across Alexa, as well as accessibility. So the aging teams, the accessibility teams, Alexa for Everyone, all reside within this organization. And we're thinking about content issues and the whole gamut. So really all of the all of the policy dimensions and how they manifest in consumer-accessible controls and features is what this team thinks about.

Why is that one team? You just named a bunch of different, equally important things. What is the tie that binds all of those things?

Well … I think it's trust, right? It's, how do we develop trustworthy experiences? We are very much a horizontal organization that works throughout the Alexa org.

And the Alexa org actually is much larger than I even anticipated. When I first was interviewing with the organization, I was really surprised at how big and how quickly it's grown. So it's truly a horizontal effort to think about the customer experience, and all of these areas where there are potential trust issues, and try to deal with them very proactively.

That's a much bigger definition of trust than I would have guessed. I feel like we talk about trust a lot as sort of synonymous with privacy, and so "what do you do with my data" is the core question. But then when you put things like accessibility and ethics in there, it broadens the definition of what you're looking at in this really interesting way.

Yeah, it's a very expansive view. I have worked on privacy for most of my career. It often presents as a defensive issue for companies, right? And even the word "privacy" brings up a sort of connotation that makes you think about all the things you don't want people to know.

But I think of it really as an opportunity to innovate and to try to create more positive experiences, rather than to think of it as a defensive posture. How are we enabling the usage of data to help create better experiences for customers? Because that's really, ultimately what customers want: for you to use data to make this better for me. And I'm totally good with that. The concern is when I'm not sure what I'm getting out of you using my data, and you have it, and why do you have it? That's the area that's problematic. And what I see, and what we're trying to do, is to be very transparent, and to demonstrate time and again how your data is actually benefiting you in this product experience.

That's actually one of the things I wanted to talk about. You said in another interview that so much of privacy and security is basically just, like, don't screw up. There's no positive experience, it's just there until you ruin it. It's interesting to think about it the other way: to say, "What does it look like to be more proactive about privacy and data security?" What does that look like for you, in terms of how to actually put it in front of people in a way that feels useful, instead of just having pop-ups that say, "Don't worry, we're not using your data for bad things?"

Designing for privacy, or designing for trust more specifically, is about baby steps. It's like developing a relationship with a person, right? You have to earn the trust. And you have to do things in the beginning that over time become less important. So the wake word: We rely very heavily on the wake word. You have to invoke Alexa. But the use of the wake word, and the training around that, is in order to make people comfortable with the fact that we are only streaming your requests to the cloud once the wake word has been invoked.

That is about interjecting some conscious friction, to create a trusted experience so that later when we have more advanced features, more advanced conversational-type elements, you'll be in a place where you're comfortable with that experience. It moved you along that learning curve, and got to that place where you trust us to do that for you effectively.

I think it was on Twitter or on LinkedIn, I saw that there was an article that had gone viral. There was a security organization that did a breakdown of an Echo device because there was a theory the mic-off button was in fact just cosmetic. So they did a whole breakdown and sort of mapped out the electronics to prove, in fact, if the red light is on, the wiring to the mic is disabled. The red light and the mic cannot both be on at the same time and vice versa. That was a design choice. There are a lot of choices that are about getting people comfortable with the device, and feeling that degree of trust so that later down the road, we can introduce more features that people will be more likely to use.

But it's telling even that those sort of conspiracy theories exist, right? People think the same thing about Facebook turning on their microphone. Does it feel like there is this perception hole that every big tech company is in right now? That you, as Alexa, have to go out of your way to convince people that you're doing the right thing, as opposed to even starting in a neutral place? It just feels like we're in this place where people are learning to be suspicious about things that they don't understand.

I'm kind of a hardened cynic. That's just my natural disposition on things. So yes, I think we are in a period of time right now where skepticism is at an all-time high. And I think deservedly so, in the world we're living in at the present moment.

But what I'm often heartened by is that people have put this device into their homes, into their most sacred private spaces with their families with their loved ones. To do that is a big leap of faith and trust in Amazon and Alexa. So the mere fact that we're there is already a sign that people have extended to us the benefit of the doubt and have said "we trust you."

So it's not even so much about having to earn that trust in the first place as it is having to be worthy of that trust, right? Or be worthy of that privilege of being in that space. That's the goal for me: to make sure that we continue to be worthy of the trust they've already placed in us, which is not a hurdle everyone gets over.

What about as you think about things like default settings versus giving people choice? You can give people all the options in the world, but we know for a fact that most people are never going to change anything. So I'm suspicious of the idea that that's a solution to these problems, but it's definitely part of the solution. How do you think about making good decisions for people versus letting people make decisions?

First of all, no two people have the exact same notions of privacy. It's different generations, different cultures, different backgrounds, different experiences, all driving different expectations. No matter where you set a default, it's not going to be right for everybody. So there has to be the ability to change it. And you have to make that easy to find.

So in the Alexa context, voice-forward commands to try to make it as easy as possible to be able to say, "why did you do that," or "delete what I just said," or "delete everything I have ever said" — those kinds of interactions help reduce the friction in privacy, they make it easier for people to exercise those those options.

Your default settings generally represent your organizational bias, in one way or the other. And in this case, the default settings that we have reflect our ability to use data in a way that's going to improve the product and make it better for the customer. So that's where they are. And that's how they've been determined. But they're not immovable. And that's the most important part.

Well, that education piece seems hard, though. We've seen Facebook, for instance, try to explain why it collects a lot of data. And it doesn't necessarily track for a lot of people. There was this big dustup with WhatsApp, people lost their minds. Is it harder than you're making it sound to help people understand what you're doing with their data?

In some ways, I think that this product gives you a more immediate example of that data benefit than other products. I mean, I spent a lot of my career talking about the benefits of targeted advertising, and how if you're going to get an ad, better to get a targeted ad than one that's irrelevant. But the relative benefit to you as a customer, as an individual, for that use of your data doesn't really feel as meaningful as the types of experiences or improvements we're able to make.

And there's lots of data, particularly looking at introducing Alexa into new countries and languages and dialects, where the ability to use that voice data to dramatically improve our responses and our accuracy is something that is noticeable by people over time. I think people would recognize that, that trajectory.

That's fair. And it does seem like most people, when you explain it to them, will understand pieces of it like that.

This is why I love "Alexa, why did you do that?" Because Alexa doesn't always get it right the first time, and to be able to actually ask and get a response about what that reasoning was, and you can see it in real time — you can't do that with a lot of other experiences. That's a cool one that I hope more people use.

But we are faced with some real challenges under regulation about explainable AI. These technologies are getting more and more sophisticated, and when they work really well, sometimes we're delighted, and sometimes we're creeped out. It's that balancing act of like, "Wait a minute, that was really useful … should I be worried?" Which is why trust is so important to develop, so that when you get to that moment, you can offer a customer benefit without it being intrusive, or invasive or feeling somehow uncomfortable. Devices should learn!

You're a privacy person, so I have a current events question for you: We're in the middle right now of this privacy versus transparency debate, where it's either better to let people use encrypted services because they can't be watched or becomes a problem because bad people can do bad stuff in those encrypted services and nobody can find them. And obviously, this shows up in lots of scary ways recently. Where do you fall on the debate?

I will have to speak to this on a personal level, but all the messaging apps I use are end-to-end encrypted for primary messaging. I think it's important, and I think that there's a role that they play that is important. There are lots of people who think that people aren't really concerned about privacy in the world, and we've passed that moment where privacy is an issue. Just based on the number of people that I've seen crop up on Signal and Telegram in the last week, I can tell you that people really are paying attention. So I think that if that's the indicator that we should be looking at, then I would say privacy is not dead. People really do care. And it's something everybody should be paying attention to.

Entertainment

Niantic’s future hinges on mapping the metaverse

The maker of Pokémon Go is hoping the metaverse will deliver its next big break.

Niantic's new standalone messaging and social app, Campfire, is a way to get players organizing and meeting up in the real world. It launches today for select Pokémon Go players.

Image: Niantic

Pokémon Go sent Niantic to the moon. But now the San Francisco-based augmented reality developer has returned to earth, and it’s been trying to chart its way back to the stars ever since. The company yesterday announced layoffs of about 8% of its workforce (about 85 to 90 people) and canceled four projects, Bloomberg reported, signaling another disappointment for the studio that still generates about $1 billion in revenue per year from Pokémon Go.

Finding its next big hit has been Niantic’s priority for years, and the company has been coming up short. For much of the past year or so, Niantic has turned its attention to the metaverse, with hopes that its location-based mobile games, AR tech and company philosophy around fostering physical connection and outdoor exploration can help it build what it now calls the “real world metaverse.”

Keep Reading Show less
Nick Statt

Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at nstatt@protocol.com.

Every day, millions of us press the “order” button on our favorite coffee store's mobile application: Our chosen brew will be on the counter when we arrive. It’s a personalized, seamless experience that we have all come to expect. What we don’t know is what’s happening behind the scenes. The mobile application is sourcing data from a database that stores information about each customer and what their favorite coffee drinks are. It is also leveraging event-streaming data in real time to ensure the ingredients for your personal coffee are in supply at your local store.

Applications like this power our daily lives, and if they can’t access massive amounts of data stored in a database as well as stream data “in motion” instantaneously, you — and millions of customers — won’t have these in-the-moment experiences.

Keep Reading Show less
Jennifer Goforth Gregory
Jennifer Goforth Gregory has worked in the B2B technology industry for over 20 years. As a freelance writer she writes for top technology brands, including IBM, HPE, Adobe, AT&T, Verizon, Epson, Oracle, Intel and Square. She specializes in a wide range of technology, such as AI, IoT, cloud, cybersecurity, and CX. Jennifer also wrote a bestselling book The Freelance Content Marketing Writer to help other writers launch a high earning freelance business.
Climate

Supreme Court takes a sledgehammer to greenhouse gas regulations

The court ruled 6-3 that the EPA cannot use the Clean Air Act to regulate power plant greenhouse gas emissions. That leaves a patchwork of policies from states, utilities and, increasingly, tech companies to pick up the slack.

The Supreme Court struck a major blow to the federal government's ability to regulate greenhouse gases.

Eric Lee/Bloomberg via Getty Images

Striking down the right to abortion may be the Supreme Court's highest-profile decision this term. But on Wednesday, the court handed down an equally massive verdict on the federal government's ability to regulate greenhouse gas emissions. In the case of West Virginia v. EPA, the court decided that the agency has no ability to regulate greenhouse gas pollution under the Clean Air Act. Weakening the federal government's powers leaves a patchwork of states, utilities and, increasingly, tech companies to pick up the slack in reducing carbon pollution.

Keep Reading Show less
Brian Kahn

Brian ( @blkahn) is Protocol's climate editor. Previously, he was the managing editor and founding senior writer at Earther, Gizmodo's climate site, where he covered everything from the weather to Big Oil's influence on politics. He also reported for Climate Central and the Wall Street Journal. In the even more distant past, he led sleigh rides to visit a herd of 7,000 elk and boat tours on the deepest lake in the U.S.

Fintech

Can crypto regulate itself? The Lummis-Gillibrand bill hopes so.

Creating the equivalent of the stock markets’ FINRA for crypto is the ideal, but experts doubt that it will be easy.

The idea of creating a government-sanctioned private regulatory association has been drawing more attention in the debate over how to rein in a fast-growing industry whose technological quirks have baffled policymakers.

Illustration: Christopher T. Fong/Protocol

Regulating crypto is complicated. That’s why Sens. Cynthia Lummis and Kirsten Gillibrand want to explore the creation of a private sector group to help federal regulators do their job.

The bipartisan bill introduced by Lummis and Gillibrand would require the CFTC and the SEC to work with the crypto industry to look into setting up a self-regulatory organization to “facilitate innovative, efficient and orderly markets for digital assets.”

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers crypto and fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Google Voice at (925) 307-9342.

Enterprise

Alperovitch: Cybersecurity defenders can’t be on high alert every day

With the continued threat of Russian cyber escalation, cybersecurity and geopolitics expert Dmitri Alperovitch says it’s not ideal for the U.S. to oscillate between moments of high alert and lesser states of cyber readiness.

Dmitri Alperovitch (the co-founder and former CTO of CrowdStrike) speaks at RSA Conference 2022.

Photo: RSA Conference

When it comes to cybersecurity vigilance, Dmitri Alperovitch wants to see more focus on resiliency of IT systems — and less on doing "surges" around particular dates or events.

For instance, whatever Russia is doing at the moment.

Keep Reading Show less
Kyle Alspach

Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at kalspach@protocol.com.

Latest Stories
Bulletins