
Home Surveillance: Governments Tell Google's Nest to Hand Over Data 300 Times - walterbell
https://www.forbes.com/sites/thomasbrewster/2018/10/13/smart-home-surveillance-governments-tell-googles-nest-to-hand-over-data-300-times/amp/
======
mauvehaus
Increasingly, I'm of the mindset that you shouldn't create data you can't
destroy; "smart" thermostats, cameras, and whatever else all seem to create a
bunch of data and upload it to the cloud. Once there, it's out of your
control, and can be subpoenaed and used against you.

I remember the brief period when teaching internet literacy involved teaching
people that any text, photo, or video, uploaded to the internet should be
considered public, regardless of how the access was limited at the time of
upload. Now, people[0] are buying smart devices and uploading all kinds of
stuff without even thinking about it.

To a lesser degree, we see the same situation with Event Data Recorders in
cars. They record data that can be used against the user in the event of a
crash. Are most people aware of this? I doubt it. Having sat on a couple of
juries, I've witnessed how ruthless lawyers can be about picking apart an
innocuous action to support the case they're making, whether there's
malice/negligence/whatever behind it or not.

Maybe we ought to treat creating data as a special case of "Don't talk to the
police"[1]

[0] Lay people, the HN crowd is probably making an informed choice. We aren't
the majority though.

[1]
[https://www.youtube.com/watch?v=d-7o9xYp7eE](https://www.youtube.com/watch?v=d-7o9xYp7eE)

~~~
maxxxxx
Isn't that what GDPR is about?

~~~
philwelch
GDPR is a government regulation, and governments are routinely above their own
regulations, especially when it comes to intelligence. To quote one former US
Vice President: "Of course it's a violation of international law; that's why
it's a covert action".

~~~
maxxxxx
The first sentence was "Increasingly, I'm of the mindset that you shouldn't
create data you can't destroy;". GDPR enables destruction of that data.

~~~
philwelch
Once the data is out there, though, you're vulnerable. You can "destroy" it
later, from the perspective of a company, by asking the company nicely to
destroy it for you, but that does nothing to protect you from state actors who
may have had access to the data before. In fact, a state actor would likely
take "asking nicely to destroy data in accordance with the rules and
regulations" as a signal of which data was the most interesting to collect and
retain.

~~~
tjoff
Exactly, and one of the main points GDPR is to force companies to think twice
before collecting data in the first place. Thanks to GDPR significantly less
data will be out there.

------
emcarey
Amazon provides government there own portal to view the video footage via an
app. SO at least google makes the government ask before handing it
over...Amazon gives it to them plus the upset on their facial recognition
tech.

See their marketing video to police on the portal here:

[https://www.dropbox.com/s/x83gyclt497fi8t/Ring%20Neighborhoo...](https://www.dropbox.com/s/x83gyclt497fi8t/Ring%20Neighborhoods%20Portal_1.mp4?dl=0)

~~~
ryukafalz
The video you linked contradicts your statement. The portal lets law
enforcement request video footage from a camera owner before handing it over,
but the owner still has to approve the request. Personally, I don't see a
problem with that.

~~~
emcarey
That's not how it actually works in practice. this is the feel good video
representing the most positive version of this type of transaction. ring
police portal is not only deployed in America but also in the Middle East. Not
everyone who signed up for a cool doorbell gadget, paying for the service to
store your videos, expected it would be used for mass surveillance.

This is how China operates. The police merely 'request' footage before an
owner hands it over right?

Either way this shouldn't be deployed with our law enforcement because it's
fundamentally not a secure application. It's not encrypted, there are no
controls in place for need to know for access to make these civilian requests
and can be hacked by an 11 year old. Police didn't buy this product or ask for
it on the market....Ring just gave it to them...from the ukraine.

thats weird.

------
labbyz
So, wit.ai got bought by Facebook. Any players left in this space that aren't
data hoarding companies? Does the market still care for privacy and a close-
to-open-source/hackable intelligent assistent?

~~~
zwkrt
At what point did the market care for that?

~~~
fucking_tragedy
There's a niche market for such products, in which a high premium would be
paid for a product that _successfully_ meets the needs of its purchasers.
Unfortunately, _successfully_ is defined by the high floor of convenience
provided by multibillion dollar companies, so I understand that it's tough to
compete with that.

I've participated in adjacent niche markets where consumers 1) most likely
work in tech 2) have needs that 99.9% of people don't care about 3) are
willing to pay a premium 4) have the means to pay that premium.

It's too bad that there are so few businesses willing to tap into this market.
Part of me believes this is a marketing issue, though. I've yet to see a
campaign that really nails our core concerns _and_ does so elegantly.

------
lykr0n
These devices trade convince for privacy.

The minute you allow a device you do not 100% control to send data to a
service provider, you should not consider that information private. The
service provider has no legal obligation to keep the information or data
private- I assume somewhere buried in the Terms of Service it says as much.

~~~
markovbot
The Ring devices are frequently pointed at the outside of people's houses. Its
effectively giving Amazon a bunch of surveillance cameras all over the street
from people's doors.

~~~
rafaelc
Ring is owned by Amazon, not Google

~~~
markovbot
Derp, i was confusing it with nest. Thanks for pointing that out (doesn't
really change the sentiment at all)

~~~
greglindahl
Stealth edit?

~~~
markovbot
Oh, yes, sorry, I didn't mean to be "stealthy"

~~~
greglindahl
Thanks!

------
mc32
Synology + 3rd party SW allow you to set up your own CCTV. My main concern is
most of the mfgs (outside Arecont, etc., who are pricey) are unknown entities
like Hikvision; however, being CC, on a private net makes it less a concern..

Are any of you Ring/Dropcam/Nest users thinking of switching?

------
cobbzilla
I’d love it if IoT devices could store data in my own encrypted storage (S3,
sftp, whatever); then give me apps to see my usage reports and stuff. Why must
everything be controlled by whoever I buy the hardware from?

~~~
TeMPOraL
> _Why must everything be controlled by whoever I buy the hardware from?_

Because they can, and they don't give a fuck whether you like it or not.
Compare yesterday's article, "I Pay for News; Why Do I Still See Intrusive
Ads?"[0].

There is some merit to argument that "non-techies can't manage their
infrastructure", but I question its general validity. For one, an IoT device
or a companion box can serve as a local endpoint, things don't have to go into
the cloud. For two, a configurable device using open APIs could enable
community-level support. I.e. my mother won't be able to set up a server for
her smart thermostat data, but _I can do that for her_ , and for her
neighbours.

Alas, most IoT equipment is sold as loss leader, meant to lock you into
whatever bullshit "platform" the vendor is pushing, and to hold your data
hostage. Personally, I avoid IoT because of that - companies are just
disrespectful. The design of their products is one big middle finger in the
face of the potential customers.

\--

[0] -
[https://news.ycombinator.com/item?id=18214339](https://news.ycombinator.com/item?id=18214339)

~~~
automoton1
This is my experience with IoT devices. Often it feels like a grab for
customer data provided by the device and a way to get the customer locked into
the device ecosystems.

I wish there were more IoT style systems that cared about privacy and
portability.

