You have two options, choose one:
- 1. Google wants to spy on you with a hidden mic
- 2. They had future plans for the mic, but it was disabled, so it wasn't mentioned by the marketing department
For the Singapore Airlines story, you have two options, choose one:
- 1. Singapore Airlines wants to record you
- 2. The infotainment devices in the seats are just off the shelf Android devices
One option gets you lots of clicks and let's the infosec drama crowd tweet obnoxious things and sound insightful. The other is the pretty obvious explanation.
Many people already have Android smartphones, so there is already a Google microphone in your house. The big difference is that you know that it has a microphone.
It might be reasonable to be concerned about this kind of thing in the tech crowd, but the vast majority of people aren't.
So, I agree no malicious intent is needed to make things turn very bad.
- 2. They had future plans for the mic, but it was disabled, so it wasn't mentioned by the marketing department
How about both 1. and 2.? Google wants to spy (for ad context etc) with a mic that will be enabled in due time?
And why move the Overton window to "it's ok to have hidden mics in a bloody thermostat, as long as they're not enabled"?
If you design in something which is later not used, you don't populate that part of the circuit board. Not unless you're intending to use it later, anyway. Components cost money.
A software equivalent would be "we had plans to offer an integrated backup system but that didn't happen, although we still upload your contacts list and the contents of your SMSes to our servers."
If you design in something which is later
not used, you don't populate that part of
the circuit board.
I think there is no doubt they intended to start using it later, because they did.
As long as the microphone never recorded anything, they're no legal downside to including it and not documenting it. There could be a slim but potential issue with advertising a microphone that the customer can never use.
The response to this incident is showing that that view is changing though.
Nintendo released multiple generations of consoles in the US with expansion ports for peripherals that ended up not making market sense to bring to the US.
Things would be much simpler if companies were up front about what they're selling, instead of giving you incomplete information optimized to placate the unsophisticated buyers.
“Don’t worry, those soldiers won’t come out. It’s just in case we want to use them in the future.”
It's just not being currently used.
Maybe.
1. They intend to use the microphone in the future
2. They disabled the microphone after having the boards manafactured right before shipping - what changed?
If they knew they weren't going to use it, why didn't they leave the microphone unpopulated? It would save on their BOM cost too, there had to be a reason.
- so what it's recording now, it only checks if you're still watching.
- so what they're storing it, the plane is a public place and there are cameras on the airports anyway.
- so what it's uploaded to the cloud, everything is cloud-processed these days.
https://www.schneier.com/blog/archives/2013/09/metadata_equa...
You mean "gaining consumer insights to continually develop and improve our products".
Given the existence of a whole industry sector that is all about covertly gathering information about users and selling them off, I don't see what would be that particular far-fetched about this scenario.
Your analysis is sensible. Where we should choose the most likely explanation, it might become sharper:
- In case you're not familiar with it, one helpful tool is prior probability (Bayesian thinking). This video is short and accessible: https://www.youtube.com/watch?v=BrK7X_XlGB8
- There is a public intelligence budget in 2018 of $54.9 billion in the United States[1], as compared with the combined annual R&D expenditure of Apple, Google, Intel, and Microsoft at $53.2 billion[2]. This employs over 100,000 people[3].
- According to Snowden, they covertly use microphones.[4] He had reporters put their mobile phones in a fridge/microwave, since they could be turned on remotely.
A sensible assumption is that you are unlikely to chance upon a covert surveillance mechanisms if one is installed. (For example, speakers could also be used as microphones.) Where a bug is present, I think assigning 1% to the probability of finding it is reasonable.
In view of the above, after you find an undisclosed and apparently (but not physically) disabled microphone in a product, which is more likely?
1. One of the 100,000 people mentioned, using some of the $59,900,000,000 annual budget mentioned, put it there. They do this thousands of times per year, and you've just found one of them. However, the chances of your finding it are low. (1%).
2. It was put in there as part of normal product design but left unused. Perhaps it will be legitimately enabled in a future version. Perhaps Google will use it for OK Google, its voice assistant. It has no covert intention. Google spends a lot of effort on ensuring privacy. The chances of your finding it are very high (90%) - it's not meant to be hidden and is no secret.
If the chances of your finding a covert device is 1% in case there is one, and the chances of your finding an unused but not physically disconnected microphone is 90% if there is one, then to complete your analysis of which is more likely, you should know how many times the scenarios in 1 and 2 occur.
I hope these additional tools - Bayesian probability and some figures about the base rate, could make your analysis sharper. Personally, I feel it's likely that a 1% chance of discovering a covert bug, multiplied by the thousands of such bugs (devices) out there, makes it more likely than the 90% chance of finding a totally unused and unadvertised microphone in a product, since there would be few such cases.
--
[1] https://en.wikipedia.org/wiki/United_States_intelligence_bud...
[2] https://www.statista.com/statistics/265645/ranking-of-the-20...
[3] https://en.wikipedia.org/wiki/United_States_Intelligence_Com...
[4] Pick your reference: https://www.google.com/search?q=snowden+microphones
HAHAHAHAHHAHA, you can not be serious
Next to Facebook, google is the most personally intrusive company there is in the world today
It's strange how you think the latter options are the pretty obvious explanations. "Google wants to spy on you with hidden mic" seems to be the fairly obvious one to me.
What's strange is the amount of pro-government and pro-google comments on hacker news the past few years. I wonder what the two options for why that is?
Also, you are offering a false dichotomy. This isn't an either-or situation. There could be other reasons. Could be that "google wants to spy on you with a hidden mic AND they planned it for the future". Another option is "The mic was put there by mistake". Another is that "the supplier screwed up". Or another is that the "supplier intentionally put it there".
Google spying on its customers would result in an amazing lawsuit. People tear apart and reverse-engineer these things for fun and it would have been discovered in due course. Google knows this. So, no, it's not an "obvious" option at all.
You're starting from a position of "of course google is evil". I'm starting from "how much sense does that make?". We've reached different conclusions because of this.
Pedantically listing a bunch of other options is missing the point, and they basically all fall under option 2.
As for your perceived "pro-government" and "pro-google" views on HN: people have different views on many topics. Maybe this is the only place you encounter views that differ from your own?
On the other hand, Google conveniently forgetting about the mics they installed in people's private residences is actually a big deal. This is exactly the reason I would never buy garbage devices like this. Google couldn't make a better case against such devices if they tried. There's no hint that the disabling of the mic wasn't or couldn't be reversed by Google or other parties. But even if it was secure and didn't record anything, Google broke customers' trust by including a hidden mic. Whether they had future plans or not, they lied to all their customers. If they came out and offered free replacements of any systems, I'd maybe buy their apology. As it stands, it's clearly PR bullshit that this was a mistake. One would have to be extremely stupid, gullible, or both to buy that especially given Google's history. That mic was put there on purpose. I also don't buy it that they never recorded anything with it. Of course, we won't be able to prove it and Google won't tell. But once again, their history tells all.
(Or it could be that everyone working at Google has been carefully chosen to not have such concerns; I do get that feeling sometimes too.)
The engineering team refused to take the less expensive route, and insisted that the mute button physically disconnect the circuit, so that no future engineering team could decide to stealth "unmute" the microphone through software.
To this day, you can disassemble an Amazon Echo device and you will find a physical disconnect of the mic circuitry when you push the mute button. Don't want an "always listening" smart speaker? Just keep it muted, and a red LED circle informs you that the mic is physically disconnected.
I'm proud of the approach that Amazon takes to privacy. Privacy of customer data is considered the most important thing to Amazon, and this customer obsession (the #1 leadership principle) permeates the organization.
Disclaimer: I'm a principal engineer at Amazon.
Update to clarify reasons for this characterization: Parent used the words "refused" and "insisted," which strongly suggest conflict between the pro-privacy engineers and others at Amazon involved in the project. And "so that no future engineering team could decide to stealth 'unmute'" suggests a lack of trust in long-term company management. Nothing in this story supports the later statement that "Privacy of customer data is considered the most important thing to Amazon."
for some reason i'm thinking this point of view isn't held company wide.
Who are these engineers? Have they ever spoken publicly about this stance?
So while I agree with you, it _also_ wouldn't surprise me if someone raised the concern, but that person was on a different / more silo'ed team and therefore the concern never reached the execution stage. Herego too many management layers and/or nodes of entropy for communication.
But that's just a hypothesis.
And when you go looking, sure enough, there it is in the backlog down in Priority "We'll get to it when we get to it, after all these other more important things that needed to be completed by last week."
https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School...
https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School...
"The school district intentionally did not publicize the existence of the surveillance technology. It also actively sought to conceal it.[23][41]" https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School...
I've worked on several products that had capabilities that we were told by attorneys could not be "advertised" (i.e., no references to them) until the complete feature was ready to be announced.
The '1st order' response of marketing doing their job is 'who cares?'. Few people care about tech tidbits that are not user oriented.
There's already tons of things to worry about and address - and every single bit of copy takes up valuable space.
The issue also does not fit into the standard communications framework: Hey, should we should tell people that there is a microphone, even if it is not working and does nothing? How do we even do that? "Hey, your alarm has a microphone!" Wouldn't that seem odd, why does it have a microphone?! You'd even have to kind of explain it: "Your product has a microphone so that one day in the future, you might enable some other features that don't exist yet"
"this has privacy implications" - no - it only has the perception of privacy implications. Because Google is not actually intervening on people's privacy, it's unlikely they really thought about the need to give people an unneeded affirmation.
Maybe they had a discussion about it, maybe it just didn't rise to the level of 'very important'.
Only with a very specific concern for a subgroup of customers who are wary of these things, would someone have enough leverage to get that "Hey, there's a microphone that does nothing!" notice on the box.
Google is not doing specific evil. They are not trying to infiltrate your homes and take nude pictures of you so they can look at them or sell them.
They are systematically evil, in the sense that it makes sense for them to sell you voice/video features that you want in order that they might provide you even better services. And their AI will use nudies of you in a backwards way to learn more about you.
They're getting evil due to their scope of influence, and negative externalities, much like FB has problems with 'Russian interference in elections' - i.e. not a problem they are trying to create, not a problem they want, just a sensitive byproduct of their product and massive success.
I've got to disagree here: it has privacy implications because at Google's end they can issue a software update and now be monitoring all audio, and the T&C no doubt say they can be unilaterally varied without notification. That all means that Google think I accept Google snooping on me; of course I don't but in court Google lawyers would say I did, and them being in a position to do that is important.
Also, if Google can enable the mic at some point then it's likely that's a possibility for a third party (crackers), OR that Google could do it in response to a legal demand from a government.
There seems no good reason to me that the specification summary can't say "microphone - not in use yet, reserved for future applications"; with a sentence somewhere expanding on that explaining they want the ability to improve the device later and do shipped a mic because it could be useful to expand the products capabilities.
Some of us actually do read instruction books; it would no doubt get some column-inches in a positive way ("what changes might Google make").
Google know everything they make is going to get a tear-down and that mics are going to be discovered in short-shrift: it's ignorant to not anticipate that. In fact one really has to assume they knew this "issue" would come up.
I can see this slipping through the cracks between different job roles' responsibilities, although after this incident they'd probably go through a post mortem and find a way to incorporate new checks into the product launch process.
Not a good look for Nest...
[1]: https://www.bundesverfassungsgericht.de/SharedDocs/Entscheid...
You could have found it by dismantling the device and the renter would have won their case against the landlord.
[1]: http://www.justiz.nrw.de/nrwe/ag_koeln/j2015/220_C_482_14_Ur...
Yes, millions are a much bigger temptation, but you still have a choice. In the hand, either they decided those companies where matching their ethics, or they gave up on ethics for money.
Given our entreprenarial culture, is that surprising ?
This is the flow of the Silicon Valley startup ecosystem.
However, what i think happens is that you see a headline "Google buys Nest for $3.2 billion" but the reality (again, i'm assuming here) is that in order for Nest to get that $3.2 billion, they need to reach certain sales goals. So now the little companies drive ends up being to reach sales goals.
So i'm not sure the elegant products get mutated so much to serve the new owners, i think the acquired company gets mutated to cash out.
At least in that case, you have it very very backwards. Nest made Google more like Nest, not the other way around.
Detecting broken glass with a microphone? Does the device even have enough CPU power (and RAM) to add advanced advanced audio processing features? Or was this going to upload the audio to Google's servers to do the work? If it's the latter, that would necessarily[1] require uploading audio without a wake-word trigger.
Either they just admitted to wanting always on microphones in the home, or they are blatantly ling about why the microphone hardware was included. Designing hardware for a large market usually involves a lot of value engineering to reduce the number of parts or replace a feature that requires expensive parts with a functionally similar design that is cheaper. Saving $0.01 (or less) by removing an optional resistor doesn't sound like a lot, but it adds up if you're selling >100k units. A microphone is much more expensive[2]. A part that costs $0.366 (or more[3]?) needs a good reason to be included, and "for the possibility of new features" isn't good enough. So what was the real intended use that justified including a moderatly expensive part?
[1] The robber about to break your window isn't going to call out "Ok, Google" first so the Nest Guard knows it can upload an audio clip.
[2] https://www.mouser.com/Electromechanical/Audio-Devices/Micro...
[3] $0.366 when buying >10,000. Up to $0.75 in lower quantities. (prices from a random example: https://www.mouser.com/ProductDetail/DB-Unlimited/MO064402-4... )
[1] https://www.amazon.com/Honeywell-Intellisense-FG-1625-Acoust...
(I still think it's insane that the bean counters and value engineers let them include a microphone that wasn't needed.)
Couldn’t it run a local model to detect possible incidents, and when a local confidence threshold was exceeded, upload to Google to run a more intense model? I’m pretty sure this is how things like “Hey Siri” and “okay Google” are implemented.
Remember the time google lied about performance impact of adblockers in chrome so they wanted to remove function that lets adblockers work? They changed their position after being pointed out that's a huge lie. It was last week.
Maybe they understand and do not care, because there are many vocal critics. But having a microphone in a product and not disclosing it? If not even google can keep track of what they should tell us, how on earth do they think they deserve trust?
(Not a dig incidentally, just that at some point the pattern of behaviour must reach a point that swings Occam's Razor to malevolence being the most likely explanation)
1. History of privacy violation? Check.
2. Increasing pace and scope of privacy violations? Check.
3. Financial incentive to continue and expand privacy violations? Check.
4. Lack of legal oversight deterring continuing and deeper privacy violations? In every single nation, check.
At this point the onus is firmly with Google / Alphabet to prove the ethics of their actions, because we already know their intent.
I suppose they could try to instil a whistle-blowing culture whereby people are rewarded for highlighting potential problems list this to other silos[2], but then like external bug bounties you get into a new family of argument about what the problem is worth, who truly found it first, and the race to be first will lead to a lot of noise around any useful signal.
[1] the engineers will know it is there as they are designing the thing, the money people will know as they will have been involved in the "it is cheaper to just leave it and disable it than to redesign it out" decision-making process.
[2] no matter how flat/heterogenus/other-all-together-now-buzzword-compliant-word-of-the-momemtn a company claims to be, there will be siloed groups within it, and within them like Russian dolls in larger organisations.
> how on earth do they think they deserve trust
They probably don't, individually. They are like us, with similar concerns.
But they don't need to think they deserve it individually as long as the company overall can convince enough of us that they do (and convince enough of us that will never be convinced of that, that it doesn't really matter in the long run anyway).
Today we have a asymmetry of transparency: institutions and companies are intransparent while the individual isn’t. This assymetry in information translates into an asymmetry of power.
The traditional way citizen of free societies dealt with asymmetries of power was to divide them.
A government could easily sentence and jail anybody if it weren’t for some strangely roundabout rules that made this hard.
The privacy movement is part of a powerplay between individuals and entities that go beyond single persons.
Of course you also have those who think it is about their dick pics..
[1] http://shakespeare.mit.edu/julius_caesar/julius_caesar.2.2.h...
In 2008 a study was carried out that attempted to use facial recognition to identify passengers for signs of terrorist activity [0], so maybe they are used for that.
On the other hand, as you say it was probably just cheaper to use an off the shell Android tablet that has a built in camera...
[0] https://www.newscientist.com/article/dn14013-in-flight-surve...
1. Accept the OEM design (cameras uncovered) but possibly have to deal with people not liking a camera shoved in their face (camera active or inactive)
2. Modify the OEM design (cover the camera, costing money) and nobody even knows that there was a camera there in the first place
So I'm curious as to why they chose #1. A pure cost-saving exercise? Reserving use of the cameras at a later time? Didn't have the option of modifying the design? Didn't think people would mind the thought of being filmed?
[Yes]
rhetorically... Why?
There's no way I'm getting a digital personal assistant like Google Home or Amazon Alexa. It's a novelty that trades privacy for a little convenience, and I'm not that lazy.
It's a similar phenomenon to the "post-Hilary" world of the Wikileaks email docs. People assume there was hard evidence proving a criminal conspiracy by the DNC to rig the election somewhere in there... mostly because that's what other people told them. Not because they've bothered to look.
People's cynicism has led them to put more trust in the metafictional reality of leaks than actual reality. Which, ironically, makes them easier to manipulate even as they believe themselves to be somehow above indoctrination and control having reached enlightenment through the "Snowden revelations."
Google will learn from this mistake, and next time they'll use a fancy MEMS microphone or a similar technology and place it inside a semiconductor package.
When do you think such a feat will be discovered by independent researchers? Probably never.
People just keep buying the same boxes without even being aware that the hardware inside these boxes might be completely different revisions.
Who's to say that future batches of Nest won't have cameras added for "future use"? Who's gonna go through the effort of checking every fresh batch of Nests for revisions like that? And what are the chances of actually catching it when it's only rolled out in small batches?
Privacy has always been an important factor when people consider any Google products, and they are fully aware of that so this topic must have always been on their list of priorities. For a company like Google with rigorous testing/approving processes in place before a product is even launched, to come back and say that it was an accident is pretty hilarious, though realistically what else could they have said?
I still like them. It's a love-hate relationship, we have passed the denial phase and entered the acceptance stage long time ago.
In fact, I think it's more plausible that this entire foray into IOT is to collect even more data for use in advertising (e.g. get more microphones in more places). Why else would an advertising company get into such a wide array of businesses?
Yes, their products are convenient and typically get good QA testing, but there's still no way I'll be convinced that they're not trying to get as much data as possible to contribute to their core advertising business.
Can you change the title to say "Nest Gaurd's", because this has nothing to do with the Nest Thermostat, which is called, "Nest".
> Can Nest Secure detect breaking glass? No. We’re working on bringing glass break detection to Nest Guard, the main hub of Nest Secure. Nest Detect, the open/close motion sensor, doesn’t have a microphone, so it can’t detect breaking glass. But its motion sensors can detect movement by intruders as well as when a door or window opens and closes depending on how it's installed.
https://nest.com/support/article/Frequently-asked-questions-...
This was listed before this big announcement.
Anyone who is even remotely familiar with hardware design will know this cannot be an accident in any way and form. It's there because its designed to be there. The fact that its not documented takes it firmly in the territory of extreme malice and dystopic surveillance unconstrained by any ethical concerns.
The only folks for whom this is not a concern are those unburdened by any sense of societal or ethical concern. They represent those sections of the tech community who have zero compass or qualms and do not see any problem building a toxic dystopic society.
Perhaps had Google assistant been more useful, fewer people would've felt so upset. The mic can also be used to detect broken glass, etc.
How is it problematic? What exactly will change? Customer’s will abandon Google’s products? Google will stop this practice?
There will be exactly zero repercussions, and more “ooops it’s an error we never meant it to he a secret” down the line.
* sensors
* endpoints it talks to
* update timeline
* security protocols and device specific passwords