This is going to get interesting.
President Obama -- ostensibly through The White House and his administration and staff, natch -- now has a personal chatbot on Facebook Messenger. You can ask a question like “how many steps do you do per day using your FitBit?” or “Can you send me a selfie?” and the bot will parse out your question, confirm a few things...and then proceed to create a security nightmare for you that could prove to be the worst thing Facebook has done in their existence to betray user privacy.
Why is it such a problem? Let’s cover some of the less-than-serious issues first. The chatbot is rudimentary at best. It only allows you to send a “letter” to the President. That means it is essentially a way for The White House to sift through thousands of missives using some basic automations. You can’t send images, can’t engage in any banter, and should not expect an immediate response from a chatbot platform that is intended to provide immediate responses using machine learning.
Worse, the bot is awkwardly slow and almost unusable. When I tested it, the confirmations arrived after a few minutes. Again, even though chatbots should provide immediate attention to users, this one waits before asking for the next confirmation about your question. Users will likely assume the bot is done talking and move to other things, which is what we do now on social media. It’s like handing a letter to the postal clerk, then standing there for five minutes, then having the clerk ask you a question. Funny, you thought the letter was halfway to Washington.
OK, those are problems. The worse one has to do with security. When I tested the bot, it asked for my zip code, my full address, my email, and my phone number. What was that all about? It’s probably perfectly normal and a smart idea if you are the person in charge of making the bot and handling the requests. It legitimizes the bot conversation.
Yet, who has access to this information? The White House? The tech team running the bot? Facebook itself? The Democratic party so they can now start sending me mailings and calling me to support Hillary Clinton this November? Hackers who can easily intercept these messages and steal my identity and break into my bank account now that they have collected so much personal information? Anyone who happens to have access in any way?
This doesn’t seem so bad at first, but there’s something not quite right about handing over personal details to a chatbot at this stage in their development. There is no guarantee that the information will be used wisely, that it will stay protected. It was handed over to a server somewhere in an unencrypted state. It’s the same reason I won’t ever give my credit card information to a chatbot. How do we know it won’t be abused? Chatbots are infants. They are not that intelligent yet, as proven by the third-grade mentality of the Obama bot.
My advice is to do two things. First, don’t bother with the bot until Messenger supports encryption or The White House switches you over to a secure chat to collect the information and leaves the Messenger chat for funny quips and travel advice. Second, complain. Why does this bot even exist? What security precautions have they taken? Do they realize we’re in the middle of an election cycle that is focused so much on security issues, email, and user rights?
Dear President Obama, I want my email, address and phone number back.