Vista Speech FUD not funny for people with disabilitiesPosted: February 6, 2007
If you are a person with a disability that requires you to use your voice to control your computer, people are trying to scare you. So goes a thread in George Ou’s blog the other day. Apparently, someone could play out "FORMAT C: Yes!" through the speakers of your speech-enabled PC and the microphone could pick it up and execute it!
This is not a new problem. Risks-Digest published a funny story about voice recognition working all too well during a presentation.
I’ll get to my security opinions in a moment, but what I’m reacting to is the effect of scary reports–FUD, really–on the consituency this feature was designed for–people with disabilities.
I know several friends who are unable to control their computers through a keyboard and must use speech recognition software. They need the same level of control with their speech that the rest of us take for granted at the keyboard.
I once had to use text-to-speech software myself after retinal surgery left me blind for a short while. I’m still able to use a keyboard, but as a person with disabilities myself, I’m very sensitive to issues surrounding people with disabilities.
This FUD really hurts those of us who need to use adaptive technologies such as speech recognition. It’s already hard for such people to find gainful employment ("it’s too expensive to hire you") and it could be worse now ("Our IT staff has recommended against hiring you because your speech software violates our security policies.")
This problem–while it is an interesting theoretical problem that needs to be brought up amongst specialists–is not one that can be laid on Microsoft alone. Any speech recognition system that relies on audio transmission will potentially have this problem. (The Bell System resolved this a century ago by inventing the handset, and the hybrid transformer, making sure that your voice and your caller’s voice never interfered with each other. But most people use mics and speakers and don’t get the benefit.)
(Could frequent speech users use a phone headset for computer audio and avoid this problem? Yes, but it wouldn’t make the press or the blogs. Can’t have that.)
The Ubuntu project, for example, could have speech recognition code donated to them as Sun donated their screenreader to them, and the same thing would happen. Any system that needs to be controlled can and even will have potentially harmful commands available if it’s to be useful to a broad number of people, and speech users need to have all the control they can get to be independent and self-sufficient.
It’s still easier for the bad guys to send you phishing emails pretending to be from your bank, or to give you spyware pretending to be dancing pink elephants than it is to screw you over with a speech exploit.
Microsoft didn’t invent this to profit from yet another security debacle. They did this so more of their customers could use their systems. I won’t pretend they’re altruistic but helping people with disabilities is good. Not FUD. Just something for security bloggers to keep in mind.