(Please cut me a little slack on this post, dripping with sarcasm: these latest examples of some smart home device makers’ contempt/obliviousness toward customers’ privacy and security shoved me over the edge!).
Once upon a time two smart boys in their dorm room thought up a new service that really made a new technology hum. When they turned it into a tiny company, they ever adopted a cute motto: “don’t be evil.” Neat!
Then their little service got very, very big and very, very profitable. The motto? It kinda withered away. Last year it was even dropped from the company’s code of conduct.
Which, conveniently, allowed that once tiny company to produce this abomination: the Google Nest Guard (the alarm, keypad, and motion sensor portion of Nest’s Secure home protection system) featuring a mic.
Oh, did I point out that Nest didn’t mention the mic’s presence? No, that fact only emerged when it announced the Guard’s integration with Google’s Assistant voice device (Sample command: “OK, Google, surveil my family.”) and Business Insider ferreted out the mic’s presence:
“The existence of a microphone on the Nest Guard, which is the alarm, keypad, and motion-sensor component in the Nest Secure offering, was never disclosed in any of the product material for the device.”
On Tuesday, a Google spokesperson told Business Insider the company had made an “error.”
“The on-device microphone was never intended to be a secret and should have been listed in the tech specs,” the spokesperson said. “That was an error on our part.”
Oh. All is forgiven. It was just an “error on our part.”
Except, how can I say this politely?, that’s utter baloney. It seems as if the mic just sorta got there. No engineer suggested adding it. No executives reviewing the design conveniently overlooked it.
Nope, that mic was there intentionally, and Google is so morally corrupt and/or amoral that they simply chose to ignore telling the public.
And, while we’re at it, let’s not heap all the opprobrium on Google. Amazon subsidiary Ring actually let its employees view videos shot with its doorbell device:
“These videos were unencrypted, and could be easily downloaded and shared. The team was also given a database that linked each video to the Ring customer it belonged to.”
As I’ve said many times before, my perspective on the issues of privacy and security are informed by my prior work in corporate crisis management, which taught me that far too many engineers (I have many friends in the profession, but if the shoe fits, wear it) are simply oblivious to privacy and security issues, viewing them as something to be handled through bolt-on protections after the fun part of product design is done. In fact, in adding the prior link, I came across something I wrote last year in which I quoted from the Google log — which contained nary a mention of privacy concerns — about an aspect of AI that would allow identification of what shop a batch of ramen came from. Funny, huh? No — scary.
Another lesson I drew from my past was the phenomenon of guilt by association, which is incredibly rampant right now: people conflate issues as diverse as smart home privacy violations, Russian election tampering, some men’s inability to find dates (I kid you not, and the result may be lethal for some women), the so-called “deep state,” etc., etc. The engineers I know tend to dismiss these wacky ideas because they aren’t logical. But the fact that the fears aren’t logical doesn’t mean they aren’t very, very real to those who embrace them.
That means that even those companies whose smart home devices DO contain robust privacy protections risk people rejecting their devices as well. Trust me on this one: I work every day with rational people who reject the cloud and all the services that could enrich their lives due to their fear of privacy and security violations.
That’s why responsible IoT companies must become involved in collaborations such as the Internet of Things Association, and IMC, working on collaborative strategies to deal with these issues.
Let’s not forget that these gaffes come at the same time as there’s a lot more interest among regulators and elected officials in regulating and/or even breaking up the Silicon Alley behemoths. You’d kinda think they’d be on their best behavior, not doing stupid things that just draw more criticism.
I’m fed up, and I won’t shut up. Write me if you have feasible suggestions to deal with the problem.
IMPORTANT POSTSCRIPT!
I just discovered a Verge piece from last month to the effect that Google is belatedly getting religion about personal privacy, even — and this wins big points in my book — putting its privacy policies in plain English (yes!) rather than legalese. Here’s a long piece from the article. If they follow up, I’d be the first to praise them and withdraw my criticism, although not of the industry as a whole:
“So today, as Google announced that it’s going to sell a device that’s not all that different from the Facebook Portal, whose most every review wondered whether you should really invite a Facebook camera into your home, Google also decided to publicly take ownership for privacy going forward.
As we discovered in our interview with Google Nest leader Rishi Chandra, Google has created a set of plain-English privacy commitments. And while Google didn’t actually share them during today’s Google I/O keynote, they’re now available for you to read on the web.
Here’s the high-level overview:
We’ll explain our sensors and how they work. The technical specifications for our connected home devices will list all audio, video, and environmental and activity sensors—whether enabled or not. And you can find the types of data these sensors collect and how that data is used in various features in our dedicated help center page.
We’ll explain how your video footage, audio recordings, and home environment sensor readings are used to offer helpful features and services, and our commitment for how we’ll keep this data separate from advertising and ad personalization.
We’ll explain how you can control and manage your data, such as providing you with the ability to access, review, and delete audio and video stored with your Google Account at any time.
But the full document gets way more specific than that. And remarkably, a number of the promises aren’t the typical wishy-washy legalese you might expect. Some are totally unambiguous. Some of them go against the grain, like how Nest won’t let you turn off the recording light on your camera anymore because it wants to assure you!
‘Your home is a special place. It’s where you get to decide who you invite in. It‘s the place for sharing family recipes and watching babies take first steps. You want to trust the things you bring into your home. And we’re committed to earning that trust,’ Google says.”
Maybe somebody’s listening!