Some people have expressed concern about what the new Dragon Dictation for the iPhone application does with your contact information. As you may have experienced already, Dragon Dictation for the iPhone goes through your contact list on your iPhone and uploads the names to our server. We do this for a pretty simple reason: we found that people are often dictating names from their address book and expect the names to be recognized. We take this information and create an anonymous user profile for your device that understands what names are likely to dictate into a document. It's important to note that we only upload the names, not the e-mail addresses, phone numbers or any other personally identifying information from your contacts.
Even though there is no personally identifying information, we still treat all of this information with the highest privacy standards. All of our servers are located in the
All of this is spelled out in our license agreement that comes with the Dragon Dictation for the iPhone application. Since most people only see that license agreement briefly when they are installing the software (and they usually can't wait to start using their software, so they don't spend 30 minutes reading a complex legal document...), we provided a link to that agreement here: http://www.nuance.com/company/privacy/.
So the bottom line is that nothing scary is happening with your data and we only use a little bit of information from your phone to help make the dictation accuracy as high as possible. If you have any questions, comments or concerns, feel free to post them here.
Posts
65 comments:
Michael:
Thank you for the clarification, however, I have a couple of additional questions...
You state that your "servers are located in the United States and meet the most stringent privacy and security standards". Can you tell if you have had a 3rd party audit and if so when it was last done?
Also you say you only upload only the names from our contact lists... Is that just the first name or both first and last.
Lastly I would like to know if there is any way I could prevent a particular contact from being uploaded at all.
Answering these questions will go a long way in helping me to recommend your application.
eric wolbrom, CISSP
I run a business using my iPhone, and have government agencies as clients. I can't leagally or morally let these names out of my iPhone or office Mac. You're uploading them breaks my government legal contract (had my lawyer look at it). So, if you would let some of us opt out of that, it would be great.
Also, what if someone wanted to stop using the app, is there a way to go in and delete the names and such off of your servers?
Again, what audit service do we have to verify the security of your servers? What OS are they, what security measures are being taken? As an IT engineer I'd want to know the details about where my private data is being stored by a thrid party.
Ben Balser, ACT, ACSP
@ Eric, you raise valid questions.. But, dude use you head, why would Nuance want contact info for other than the reason Mr. Thompson gave???? Nuance isn't an advertising or marketing firm.
Are they Google??
It has no other value to Nuance other than to provide superior service so it can sell its products for a premium- reflecting quality,
With the amount of enterprise business Nuance does, it's controls would have to be strict. Nuance isn't going to risk misusing a person's info that would damage its sales much more than any benefit that could be gained from profiting off of misuse.
Give me a break. If you don't agree with the terms, delete the app from your phone. It's not required or anything and is FREE. I could see if they made you pay for it and you found out afterwards that your info was being uploaded, but that is not the case. It is just names. No other info is sent according to the post. It looks like you should have read the terms before you "broke your government legal contract." You'd think someone who is so worried about said contract would read the license agreement before deciding to use an app... Also, since you have such a high sense of morality, are you going to notify these agencies that you have violated your contract with them?
Thank you for speaking to this issue, however I must say that most people don't spend 30 minutes reading a license agreement because they assume most services will NOT access such private information without first explicitly stating such action in a conspicuous way. Take for example, Facebook apps which give a noticeable pop-up alert that the app will access the user's friends/wall/contacts/etc. And that's even a social-network tool where people are already exchanging large amounts of personal information on a regular basis.
@ Ben Very well said
Their reasons for collecting this data is "valid", but some people might not want their contacts uploaded and they would accept that the names of the people in the contact list might not be as well transcribed as though they were uploaded to the server.
Nuance, let people opt out of this "requirement". Let people decide whether or not the application should upload the contacts the server or not. Also, allow for removing the contact list from your servers. REQUIRING this "feature" might prove to be more problematic and a deterrent for your product then if you would allow people to choose for themselves.
What might be a good compromise, is to let people opt out of sending their names to your servers, while letting them know that the accuracy might be compromised. Letting them, the user, decide what level of accuracy they need.
Why don't you update your EULA to indicate this? Why is the "speech data" not protected?
I understand about it taking our contact names to enhance the program, but having done this, it still does not recognize most names in my list? With non name speech, it's dead on. Is it that they just haven't been run through by the server yet, or is this as good as it gets with the names?
@anonymous: Nuance may not be an adress-marketer. But Nuance is also NOT a high-security company that primarily militarygrade-secures data as a service. Or? I'd also really need to get some answers on the questions raised. Sure a forename may not reveal much information. But a user-centric (though"anonymous") array of all his relations is something different. Whoever gets a chance to dump this data can built i.e. a really big social map. Or - more simple - just think of a simple search-query: it will reveal the right array of the person in question.
So, nuance you started the game and opened the comments - i think you should answer the raised questions.
I'm willing to accept the innocence and purpose of your use of name information. It makes sense.
Now even though you call it "anonymous profile for your device", the fact that it's locked to the device in any way means that someone who knows the device UUID can come to you with a subpoena and give you the device number, get the data, and know that it's associated with the particular user.
My larger concern is how the "speech data" referred to in the EULA is handled. Since the EULA clearly states you're allowed to hand that stuff over to the government, lawyers, and even AT&T, I'd like to know exactly how the data is stored in relation to my unique identification. Will someone be able to come to you and say "Give us all the dictations made by Distorted Loop," and you'll be able to comply?
I'm eagerly awaiting a response on how you intend to address the issue put forth by Ben above. You may wish to have your team look over HIPAA as an example of a regulation that prohibits this type of information, no matter how innocuous, from being transmitted to a third party.
Hi there,
I'd recommend having it a selectable setting in the Settings app. Pretty sure that would be the best approach to take.
@Eric: we do have third party security testing each year and the most recent was completed a few months ago.In addition we conduct quarterly audits. The first and last name of contacts are uploaded into the language model, so that when you speak names in the course of dictating, the application will do a better job of recognizing those names.
Eric and others have asked questions about giving users control over contact names upload. We are in the process of updating the application to provide this option.
In the short term, this will be a simple option that allows users to opt-out of the contact list upload. Longer term, we will explore options that give users more control over what gets uploaded. As soon as we have tested the short term modification we will resubmit to Apple for approval, and we will let folks know when it becomes available on the store.
@Distorted Loop….great questions regarding the speech data. I will do a little digging on this one to make sure the answers are precise and get back to you soon.
You can always contact our tech support via (http://www.dragonmobileapps.com/supportdictation.html) to discuss your additional questions or requests.
Nirmalya De, Senior Manager, Nuance Mobile
Michael,
Why must you require our contact names for improving the program? Why not just use a phonebook? Would not that be the same?
Also please make it optional to send our contact info to your servers.
Why is it in the EULA a limit to the number of devices I can install this program on? I have multiple iPhones connected to my iTunes. If I have more than one iPhone using the copy I downloaded and have installed with my iTunes, I am, therefore, breaking the EULA?
Is there a way, as others have stated before me, to remove certain, if not all, contacts connect with our "anonymous" account?
Better try this on my wife's phone first.
Two thoughts and one comment.
First the comment: it's a good idea!!!
Now two suggestions: fully explain why the user is expected to upload their contact names to your server so it's clearly understood.
Second, make it an OPTION that someone can decline - this is obvious, yes?
These things should of been done in the first place, to avoid all of this mess! Unless the confusion is part of a deep plot to bring attention to the app?! = )
thanks
All of this is spelled out in our license agreement that comes with the Dragon Dictation for the iPhone application. Since most people only see that license agreement briefly when they are installing the software (and they usually can't wait to start using their software, so they don't spend 30 minutes reading a complex legal document...), we provided a link to that agreement here: http://www.nuance.com/company/privacy/.
Except the linked document isn't the same as the EULA included in the software product. Would you please provide a link to the actual EULA? Also, in the linked document "Data" is used as a fairly crucial defined term, yet there is no actual definition provided.
Just installed, but while web troiling found this unheaval. Uninstalled it before I even ran it. Will wait for next version.
Smells like major data mining to me. Do you honestly think that if someone like Steve Jobs had this installed and he was using it to message other business people that this outfit would not read his data daily? The programmers would if no one else did and you'd better believe the "privacy" they speak of would be thrown out the window. Insider stock trading, credit card info, security passcodes and more being collected and archived by these guys. Can anyone say "Trojan Horse"?
"All of our servers are located in the United States and meet the most stringent privacy and security standards."
I would be interested in finding out what 'standards' you are meeting. There are many approaches to it, but you don't seem to be sharing that information.
You also state in your policy that you reserve the right to change the agreement at any time; what is protected now may not be in the future.
I would also like to point out that the United States currently has no law about data protection or privacy - which some other countries do. In fact, you could change the agreement tomorrow and allow sharing with other companies because there IS no protection against this.
Perhaps as an added feature, you should not just allow an 'opt-in' for sharing contact names but also force a complete data purge when you alter your user agreement or when the user decides requests it. This allows the owner of the information to also be in control.
Charles
eher fällt weihnachten aus, als das stimmt
Just installed, but while web troiling found this unheaval. Uninstalled it before I even ran it. Will wait for next version.
Ditto. But I think I will post a blog to warn others. I know of several legal and medical professionals that might unintentionally get sucked into this potentially illegal disclosure that may put them at risk with state and federal agencies because of privacy regulations. Apple should pull this app immediately until updated to remove this risk. It seems like Apple may have some liability as well.
The document you are providing a link to is not the agreement being agreed to with the software product.
darn you Dragon - you finally get the voice recognition software to a point where it actually works and you do something stupid like this which makes us all sorry we downloaded. Make no mistake WE are your customers - everyone that jumped to download have probably purchased more then one dictation program throughout the years and pretty much given up until this iPhone app. Now just to get a couple of names correct you have, like a phony clairvoyant, behind our backs, gone through the house to give your predictions greater accuracy. Dragon appears to be clueless about their customers not to know this was going to cause a huge uproar.
Thanks for addressing some of the concerns regarding privacy issues.
I would also like to know what happens if the user deletes the program. I believe I remember reading in the agreement, that any transcriptions are also stored on your server as well. Are my transcriptions deleted when I delete the program? Are my contacts deleted when I delete the program?
I appreciate the option to "opt out", and can understand why a person would want to do so. What I worry about is every memo, etc being stored on a server, even if I ultimately never sent the memo, or it was meant for my personal use only.
I would not want to dictate something as an email when I was angry or frustrated, never send the email, but still have that transcription follow me around forever. Can you comment on the lengh of time the transcriptions are stored and/or overwritten on your server.
Thanks
Quite frankly I don't think most people don't spend 30 minutes reading a license agreement
because it is ridiculous that we should have to do so.
This may be fun for lawyers, but come on, my mortgage doesn't take more that 3 or 4 minutes to read.
The lawyers and the "Cover our ass" attitude is getting real old, the consumer has no protection and is offered no guarantees.
Any truly responsible company would not need to have such an agreement to use a service as they would be offering a clean, secure and reliable product.
How many times have we seen companies that have been "Hacked" and customer info stolen only to claim they are not responsible and read your user agreement.
Just more corporate "Cover only our ass" bull
I'm not buying it at any price, even free.
As I said before, here it is from the agreement,
NUANCE WILL HAVE NO LIABILITY TO YOU OR ANY OTHER PARTY FOR FAILURE TO KEEP THE DATA CONFIDENTIAL OR TO OTHERWISE HANDLE OR TREAT THE DATA IN ANY MANNER.
You might as well just post your address book on Twitter, that's how secure it is
Like many others I am sure, I rushed to the App store to download the app until I seen the comments, then decided to hold off. Giving users the ability to opt out makes sense and I am glad you are implementing this. Once that is an option, I will certainly reconsider, but here is my question. Apple's voice application works well for me, how are they able to be so accurate with the names in my address book without uploading anything to a remote server?
I think the functionality sounds great. I've had trouble with other voice recognition software on iPhone where it can't figure out that when I say "Karen" it needs to dial/enter "Karin" (my wife's spelling). And since this is just a list of names, with no phone numbers, I can't see how the informatino could be used to harm me should someone illegally access it. Hell, most of it's on my Facebook page, etc. already.
CREEPY CREEPY CREEPY
Who are you guys... Little Brother?
Excellent concept, but I won't use Dragon Dictation until there is an option not to upload contact information. I'm an attorney, and ANY unauthorized disclosure of client names would be a violation of client confidentiality and state bar rules.
Surely the software is sufficiently sophisticated to learn a few names over time without needing a list of my contacts, just as it learns other words.
I'm far more concerned with my
actual voice transcriptions being stored and possibly not kept confidential than I am with my contacts. They store everything we say. Everything. That's really scary if you ask me.
Hi, Just found out that my dictations are transmitted to your server. Have deleted the app from the phone, but now have a lot of fear as to what can happen to my data. While this may be required for your iPhone app to work, I am not comfortable with having no control over my voice dictation data.
I need to have a way to delete my voice dictation cache on your server. I also require that as soon as my voice dictation to text processing is complete, you permanently and irreversibly delete my data without transmitting it or copying it.
I'll say this right now. If anyone ever let info about get uploaded by a third party, that would be the last time they were allowed to do so. I've already had it out with "friends" who agreed to let websites take my information so that they can spam me with invites and other garbage.
Make an opt out, or most of us permanently "opt out".
Simple solution.... Include an option to disable this feature (default to off, and have an option to turn it on to improve spelling).
Wont be using or recommending this app untill then.
The difference between this and dictation data being sent to servers is you can choose what you want to dicate.
YES, PLEASE GIVE OPT-IN/OPT-OUT OPTIONS ABOUT EXPORTING OUR CONTACT!
And for anyone that has already run the app and had contact info uploaded, please provide an option to delete any data currently stored on the server. It should actually be deleted and not just unlinked from the phone.
Dang - I just read this right after I approved the T&C. And as a poster said, even I delete the app, they still have the data.
What a bunch of bull.
I used older Dragon dictate programs on my desktop.
There was NO requirement to send our DICTATIONS to your server back then, and there's NO WAY I'm using any software that sends all my private dictations to the web.
Unfortunately the backlash from this is severely limiting use of the software which I would love to use!
I won't even open the software until all my communications and contacts go no further than my own iPhone.
I'm also doing everything I can to spread the word about this on twitter/facebook/etc.
I have no doubt you have good intentions, but the news is full of well intentioned companies that have their data stolen. It's too big a security hole to risk.
I have really loved dragon over the years, and a scandal with so many people saying bad things about the company can affect sales in years to come.
It's much harder to change peoples opinions than it is to form them.
I also rushed to download. I am quite shocked in two regards:
1. That a reputable, long standing company would do such slight of hand. And,
2. That Apple allows access to this information by an app developer.
Anyone with $100 can download the SDK and develop and submit an app. That means that any app developer (luckily I believe that Dragon is a reputable company) can do the same thing. This is a huge and I mean huge security breach. So what if the EULA says it can be done. What is legally (questionable) correct and what is a breach of security and morally reprehensible is another.
What I do want to know is how I get my information securely deleted now that it has been uploaded? Please let me know asap. I am taking it on blind faith that they do not collect the notes associated with the contacts. Again, how could Apple let this happen, let alone this company. I am astonished.
Several people have asked about speech data and I'd like to provide more information on why we need it.
Your recorded voice is transcribed by speech recognition software, without the use of humans.
Our spoken language is always evolving. For example:
- New terminology: How often did people say "twitter", "facebook", or "Tivo" ten years ago?
- New names become popular
- Demographics change, and new accents and dialects become prominent, new slang enters common usage
The only way for Dragon to become better at recognizing speech is if it learns from real world human speech. We use the voice-to-text requests from real users to continually train the system.
This voice-to-text data is stored and protected by stringent security and privacy practices. The data is used only for improving the accuracy of our speech applications. It's also important to note that Nuance does not retain your phone number, home address, email address, or any other information that can be used to contact you. Your iPhone is identified to us only by the unique, 40-character UDID provide by Apple's iPhone OS, which we cannot associate with your phone number or other personal identity information.
@Nirmalya De... Thanks for addressing these issues. I am excited by the technology and the potential this app shows.
The issues raised here are spot-on. As an attorney, it is critical to the confidential nature of the relationship with my clients that no-one, be it a mobile service provider, prosecutor, or other third party, be able to potentially link my UUID to specific names.
Likewise, I can't use this app for dictation purposes if there are any possibilities that a third party could gain access to my "speech data" and recover an otherwise confidential communication directed to a client. Is there any periodic purging of the speech data?
Also, what would Nuance do if it received a subpoena for "all data stored on your servers" associated with a particular UUID.
I love the idea of this app, but privacy issues must be satisfied before I could comfortably use it.
my problem with this app is, that if the data is available because it is stored on your servers - then there is a way to get it and to connect it to uuid's - ergo to individuals.
if it's done by hackers or law enforcement doesn't matter as we see in europe - where hackers steal bank account information and sell it to authorities.
i think this process of solving a dictation problem is a no go.
isn't there a smarter way?
Nirmalya De,
> This voice-to-text data is stored and
> protected by stringent security and privacy
> practices. The data is used only for
> improving the accuracy of our speech
> applications.
Your full policy as stated on your website is that "NUANCE WILL HAVE NO LIABILITY TO YOU OR ANY OTHER PARTY FOR FAILURE TO KEEP THE DATA CONFIDENTIAL OR TO OTHERWISE HANDLE OR TREAT THE DATA IN ANY MANNER." The all-caps is in your policy.
If Nuance doesn't have enough faith in its security and privacy measures to stand behind them, how do you expect your users to trust them?
Larry
WHAT WOULD REALLY HELP:
After reading all these comments about security breach, Dragon violating the privacy, etc.
I came to a conclusion.
What about a "Help us" button within the App ?
In this section of the App, Everything we will say will be send to their servers.
The addition of "New Words" is a another idea;
Typing a new word, recording it, and sending it to Dragon.
(since we would be on the "Help us" section, sending the new words will be automatic)
@ Nirmalya.. When u said:
- New terminology: How often did people say "twitter", "facebook", or "Tivo" ten years ago?
I do not think that you learned about twitter, Facebook or tivo from the Dragon Dictation.
I assume(with all due respect that the people at Nuance are not locked up in a cage with no possibility of going out.
The News talk about Facebook (and what ever new "cool" names) all the time.
Blogs, Forum, Media,etc... New words are everywhere.
If when dictating, a word is not recognized, the possibility of adding a new word and having the option the send THE word to Nuance. (something like, "Add and Send" and "Only add new word")
If also, we can create a dictionary of new word added within the app, with the possibility of sending a selection of words.
I understand how dangerous it can be for Attorneys and business man to let the app take their personal contacts, but i think they will have no problems in sendings "new words" such as Blockbuster, Pepsi, msn or for instance when we add -ish to almost any words.
personally, i have no problem Adding to Dict. "I *googled* you, and *facebooked* you, yesterday"
But not having the option to chose what we want to send is a big turn-off...
I THINK IF WE ALL WRITE IDEAS TO NUANCE, LIKE OPT-IN, OPT-OUT MENTIONED EARLIER, NUANCE WILL BE ABLE TO MAKE THE BEST DICTATION APPLICATION FOR iPhone AND HOPEFULLY SOON FOR iPod TOUCH USERS.
Thanks
My concern is that this uploading of contact names seems to be pointless. I have a “Laura” and a “Laurinda” among my contacts. (No “Lauren”.) Yet, when I say “Laurinda” it gives me “Lauren”. So, what’s the point if the software doesn’t give preference to those names it took from my contacts?
I don't understand why Dragon is making it a big deal to create an anonymous user profile for our device by uploading the names of contacts to their servers. 'Not doing this' isn't going to make the app work any less better or make the user experience any less pleasurable. Simply allow the app to be downloaded without uploading the contacts from the device. This shouldn't be a big deal. It will still be a great app and now more people will be willing to download it.
Well, why do the text to speech data have to be stored at all? And what is the use for the UDID beyond the translation process as such?
Sure, you only save the UDID, but the UDID can be linked by other parties to specific persons, so I would definitely not dictate sensitive data...
Re. Why text to speech data is stored:
Our system periodically and automatically updates its general acoustic and language models (used by all users of the app) on all the data seen before – this adjusts the models to better reflect what users are saying and how they are saying it, and thereby improves performance across the whole population of users. These are ‘statistical’ models which get better with more data they can learn from; hence the benefit of periodically retraining with the cumulative data.
And to answer the use for the UDID beyond the translation process:
In addition (to the discussion above), the system makes individual, user-specific adjustments to these models to effectively personalize them and further increase accuracy a given user will see. We use the device UDID to select the correct personalized model when a user connects to the service. This personalization starts happening as soon as the user dictates ten or so utterances, and continues thereafter. So, the more you use Dragon Dictation, the better it gets.
As promised, we’ve added an additional privacy setting that will allow you to choose whether you upload contact names to our servers. Check our blog post at http://blog.dragonmobileapps.com/2009/12/you-speak-dragon-listens.html.
Also, visit the privacy section of our support page at http://www.dragonmobileapps.com/supportdictation.html
Nobody is forcing you to use it. Don't like it? Don't like the privacy policy? Don't use it.
If your data is that important you can't blame anyone else because you didn't read the EULA.
@ DragonMobileApps...
Hi, i'm not sure if i understand in what the iPod touch (2G and 3G) is different from the iPhone when it comes to dictating and send the info via your server using WiFi.
Is it because the iPod touch requires something else?
Reading this quote: "We are looking at providing Dragon Dictation for iPod Touch, we will keep you posted.", is becoming redundant...
Hearing something else concerning the iPod touch will not hurt.
So my question is: Why is the iPod touch version taking longer to develop??
Thanks
Ok, I understand about the cantacts, though it's still feels a little awkward, but the answer, which I appreciate the respose on, to the other part of the question, "your video leaves you with the illusion that you can voice your contacts into the address field". I think that if you're really concerned about perceptions you should review the " just open your email or sms and just press send" part of your video. You should include, manually add a contact to the address field and paste the text in to the body then press send.
iPod Touch does require additional development efforts. We are working on it. We will let you know of the availability as soon as we can.
What i really love about the people at Nuance is that they care so much for their customers.
You guys at Nuance are unbelievable! you are available everywhere; Twitter, Facebook, youtube, and Dragon Blog..
you really want what's best for your customers, even though a good 75% percent were whining because they thought you were "stealing" informations from them...
I think having your stuff connected to your servers is really nice. i haven't tried the application yet since its not yet available for the ipod touch ( but soon to be !!)
so i was wondering: does Dragon dictation only works when there is an internet connection ??
cuz for ipod users, the connection is not always available....
thanks Nuance for supporting your customers.
I think more companies should follow you...
Thank you!
Yes, it does require internet connection. Your transcribed texts as well as the result list are sent over the data channel.
Visit: http://www.dragonmobileapps.com/supportsearch.html; System Requirements & Installation.
When will dragon dictation come out for iPod touch?!
Hi,
When will the version be updated so that it provides an option to opt out of uploading contacts?
Regards,
dave
The current version of the Dragon Dictation app lets you have the option to upload contact details. Our blog post - http://blog.dragonmobileapps.com/2009/12/you-speak-dragon-listens.html gives you more details on the feature.
Interesting article. Thanks for sharing it. It was great.
Regards,
http://www.mobile-phone.pk
Hi, I am from New Zealand. Any word on when/if this app will be in our local App Store? AT the moment I am using a competing product (starts with 'V') that is available in our local App store and works quite well. Would love to be able to try yours.
I don’t understand why names and addresses need to go to the server in the first place. Can see the benefits from a vocabulary and pronunciation perspective, but personal data really is it completely necessary? Giving people the option is the best move.
Dan,
You have the option to upload (or not) contact names during installation and any later point too. We do not store address or any other personal information (phone number, email address). You can get more details on optional contact names upload visit our FAQ article http://www.dragonmobileapps.com/apple/supportdictation.html under Privacy -> Optional Contact name upload.
Post a Comment