Obfuscating User Input

Controlling sensitive information on hosting platforms

When deploying voice applications, the first question developers often face is whether to host their own voice gateway or outsource this function to an application service provider (ASP). To help with this question, there is a great article in Developer.com. If you are outsourcing this function, then there are several things you will need to keep in mind – most of these are discussed in the Developer.com article. One very important consideration for governments deploying voice applications using the ASP model is the protection of citizen information.

VoiceXML ASPs like BeVocal and TellMe provide suites of online tools for developers, among them are tools to help developers analyze calls. Typically, these log analyzing tools capture information that is spoken or input via DTMF by users — there are a number of instances where having this information is useful in debugging an application and/or analyzing how it is working. However, if you are creating voice applications that will be used by citizens and taxpayers, chances are these applications will utilize citizen-specific identifiers (e.g., Social Security numbers).

For some very obvious reasons, it is generally not a very good idea to have this information stored in the log files of a VoiceXML ASP. Fortunately, there is something developers can do.

BeVocal Platform

The BeVocal Platform provides an extension to the VoiceXML 2.0 specification to allow developers to control the logging of user input. The bevocal.logging property lets a developer manipulate when information is recorded in the trace logs used in BeVocal’s log browser tool. The following code sets the value of the bevocal.logging property to “false” and prevents user input from being logged (the default value is “true”).

<property name=“bevocal.logging” value=“false”/>

The BeVocal platform also allows devleopers to have their log files (and any captured utterances) encrypted. This is accomplised through the use of naother extension – the bevocal.securelogging.enabled property.

TellMe Platform

Just like the BeVocal Platform, the TellMe platform has its own extension to control logging. TellMe provides the “tellme.confidential” attribute to the Property Tag. One point of contrast between the two platforms — unlike the BeVocal extension, the “tellme.confidential” attribute must be set to “true” in order to control logging.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.