Surprise! Another smart home device has the ability to spy on people.
I doubt anyone who is reading this will be shocked by this news, but here we go.
Back in early February, tech giant Google announced that Nest Secure, its home security and alarm system, was now compatible with the company’s Home Assistant voice-control function.
Here is an excerpt from that announcement:
Nest Secure has supported Google Assistant integration for quite some time, but with this most recent update, the product is taking that to a new level by turning itself into a Google Assistant speaker. This is just like what the Nest Cam IQ did last year. With the flip of a switch in the Nest app, you can set the Secure as an always-listening Assistant speaker. (source)
Nest users didn’t know a microphone existed on their security device, to begin with.
In order to be compatible with a voice control feature, the device would need to have a microphone.
That important detail was never disclosed in any of the product material for the device, which has been on the market since 2017.
“As recently as January, the product specs for the device made no mention of a microphone,” the Associated Press reports.
A Google spokesperson told Business Insider this was an “error.”
“The on-device microphone was never intended to be a secret and should have been listed in the tech specs. That was an error on our part. The microphone has never been on, and is only activated when users specifically enable the option.
Security systems often use microphones to provide features that rely on sound sensing. We included the mic on the device so that we can potentially offer additional features to our users in the future, such as the ability to detect broken glass.” (source)
On February 6, owners of Nest security cameras received an email from Google, warning them to secure their login credentials with things like two-factor identification and stronger passwords.
The routine security reminder comes after an uptick in Nest camera hacks and even the occasional hoax, many of which have been downright bizarre and creepy: An Illinois family recently had its device breached by a hacker who spewed abusive epithets through the camera’s microphone into their living room, while another criminal peered into a baby’s room in Houston, Texas, for example. (source)
Google claimed the email was sent as a reminder and said there hadn’t been a breach of the broader Nest user base. As of February 2018, Nest had at sold 11 million of the devices.
This excerpt from the email was published by Popular Mechanics:
For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet. If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials. For example, if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands. From there, people with access to your credentials can cause the kind of issues we’ve seen recently. (source)
Google has faced criticism in the past for its location data-tracking practices, along with allowing third-party developers to read people’s emails on Gmail, reports CNET.
And, Business Insider reminds us that in 2010, Google acknowledged that its fleet of Street View cars “accidentally” coll... transmitted over consumers’ unsecured WiFi networks, including emails.
“Nest’s failure to disclose the onboard microphone included in its secure home security system is a massive oversight,” said Ray Walsh, a digital privacy expert at BestVPN.com. “Despite Google’s assurances, the fact is that the device has a microphone which could potentially have been hacked or accessed by Google to perform covert corporate surveillance.”
The Register asked Google if any Nest microphones had been activated prior to the company’s announcement of their existence and whether the company could confirm that no audio data was collected during that period. “Google claims that the mics were never used prior to disclosure, which would preclude the possibility of covert data collection,” the tech site reports.
The Electronic Privacy Information Center (EPIC) has asked the Federal Trade Commission (FTC) to force Google to sell its Nest division and surrender any data that was collected from Nest customers.
In a brief statement on its website, the nonprofit privacy and civil liberties advocacy group said:
Following reports that Google installed secret listening devices in the homes security product Nest, EPIC asked the Federal Trade Commission to require Google to spin-off Nest and to disgorge the data obtained from Nest users. It is a federal crime to intercept private communications or to plant a listening device in a private residence. (source)
Last year, Google came under fire for its participation in a controversial Pentagon program called Project Maven, which would use AI and machines to track and identify objects using drones for the Department of Defense.
Even Google employees objected to the company’s involvement in that program. In a letter signed by more than 3,100 Google employees, the workers stated: “We believe that Google should not be in the business of war… We cannot outsource the moral responsibility of our technologies to third parties.” It was reported that about a dozen employees resigned in protest over the project.
The Intercept reported that Google was forced to shut down the project after members of the company’s privacy team raised internal complaints that it had been kept secret from them.
In late 2018, more than 1,400 Google staff, many journalists, and human rights organizations called on Google to halt a controversial project called Dragonfly, a highly censored Chinese search engine:
Dragonfly is a search engine specially built for China. It would unleash more censorship on a mass scale by selectively blocking certain search terms, apparently at the behest of China’s government. Human rights groups are blasting the company for aiding and abetting China’s mass surveillance and rights violations which could result in potential imprisonment. (source)
Google used to have an iconic clause in its code of conduct that said, “Don’t be evil.” Last year, that clause was removed.