
Smart Home Surveillance: Governments Tell Google's Nest Hand Over Data - edejong
https://www.forbes.com/sites/thomasbrewster/2018/10/13/smart-home-surveillance-governments-tell-googles-nest-to-hand-over-data-300-times/
======
ChuckMcM
My hope is that this is another push toward on-prem data management.

One of the things that the "computer revolution" spawned in the 90's was that
there were a lot of "extra" computers around because everyone upgraded every
18 - 24 months. After a couple of rounds of upgrades, if you had kept the old
parts, you had enough parts around to make another computer. In my house this
typically became the "kids" computer and we would build it, them image it, and
then use the image to restore it back to what ever it had been built to
originally when the kids did something to make it non-functional.

Of course after a still longer period you had upgraded that "previous" gen
computer and now you had a left over previous previous gen computer. And
typically what I did was put Linux on it and have it for running this that and
the other thing. These days a RasPi 3 is about as powerful as that generation
-2 computer was.

Like a lot of people as my Internet speeds increased I started leaving
computers on all the time as servers that I could access from anywhere. This
was made easier (and without paying extra for a fixed IP) with dyndns,
although these days it is easier still with IPV6 (no dyndns required if your
ISP will give you an IPV6 prefix (so far this has been pretty easy).

So I think a number of services you use "in the cloud" might be implementable
as local services where it is harder for the Government to get its hands on
your data, (or at least it would have to serve _you_ with a warrant and so you
would know they were looking at you, an NSL doesn't work if the person being
served is the person being observed :-)

~~~
oulipo
This is exactly why we are building on-device private AI at Snips
([https://snips.ai](https://snips.ai), disclaimer: I'm a co-founder)

We believe that the only way to have people trust AI is when we will make it
possible to have privacy-respecting AI, we believe it is not only feasible,
but it is our duty to build AI which respects people and is able to scale
without presenting a danger to our societies

~~~
brian_herman__
Sorry man your site lost me at the token based app store...

~~~
JumpCrisscross
> _lost me at the token based app store_

Same. Got excited, then saw it's shilling a coin [1]. From a branding
perspective, this undoes the goodwill won by the privacy message.

[1] [https://token.snips.ai](https://token.snips.ai)

~~~
oh_sigh
Did you take a moment to understand why they are doing this with a coin, or
are you just anti-crypto-coins altogether?

~~~
QuercusMax
Care to explain it to us? There's nothing obvious I can see as to why they're
using coins, and based on the recent stories about the SEC investigating ICOs,
skepticism seems warranted.

~~~
oh_sigh
Oh, I don't know, I have just heard of these coins myself. But based on OPs
response it is hard to tell if they just dislike cryptocoins altogether, or if
they read about the specifics and disliked the specifics of this one
cryptocoin.

~~~
quickben
You are missing the fact they are taking about privacy.

~~~
oh_sigh
I don't see how privacy and cryptocoins are related. Some cryptocoins can
enable privacy, whereas some can make privacy more difficult. My question is
if OP has a problem with the specifics of this cryptocoin or if they just
dislike all cryptocoins.

------
neumann
Reading the article, wtf is a rap crew?

And why do half of these sentences not make sense?

Back in my day, journalism in forbes was still shitty but at least with
coherent sentences.

edit: A link in the article does inform me of 'rap crew' "O

n a June day last year, a skinny, dreadlocked 29-year-old rapper known as Tony
Da Boss lay in bed in a redbrick apartment on a tree-lined street in
Charlotte, North Carolina. It was not the kind of place you’d associate with a
million-dollar criminal conspiracy. But Da Boss (real name Damonte Withers)
was a leader of the FreeBandz Gang, an amateur hip-hop crew of
twentysomethings who were into much more nefarious activities than laying down
tracks."

jesus christ. get out of journalism and go write that pulp novel kicking
around in your head.

~~~
stephengillie
I didn't see any mention of the rap crew in the article... That blurb
mentioning the rap crew was really an advertising blurb for another article.
It just happens to be strategically placed between paragraphs of this article.

~~~
TeMPOraL
Between this and sites where scrolling past the end of an article loads the
next one, media companies are really fucking with people's ability to
understand what they're reading.

------
lloydde
The weekend submission of this article had a comment with a marketing to law
enforcement video linked
[https://www.dropbox.com/s/x83gyclt497fi8t/Ring%20Neighborhoo...](https://www.dropbox.com/s/x83gyclt497fi8t/Ring%20Neighborhoods%20Portal_1.mp4?dl=0)

[https://news.ycombinator.com/item?id=18215293](https://news.ycombinator.com/item?id=18215293)

~~~
IshKebab
Seems like a well designed system. Note if you don't watch the video - the
police can only send _requests_ to users for video. The users can say no.

~~~
boxfire
That is some "think of the children" legislation away from a rubber stamp
subpoena system. Oh well, I don't assume privacy outside my bedroom anyway.
Maybe not even in it soon enough.

------
yardie
If your data is not end to end private key encrypted, then you are inviting
the government in to look at all your shit; photos, documents, logs,
everything.

~~~
wstrange
We tend to view this as a technology problem.

The real question: Why do we let governments get away with this kind of
behavior?

Fighting a technology arms race with the government is a losing battle. They
can ask for private keys to be handed over - on threat of jail time if you
don't comply.

We need to start at the ballot box.

~~~
jliptzin
I'm curious at what point people decide that the government spying on them
begins to be ok? How does the average person feel about the following:

1\. A spouse going through your cell phone without your knowledge 2\. A
landlord requiring cameras in all rooms of your house to catch potential
property destruction 3\. A boss logging all computer activity at all times

I'd imagine the average person would be pretty pissed about all of the above.
At some point though, when it gets scaled up to the federal government
effectively having the power to go through anybody's phone records, cloud
data, email, search history, and now surveillance cameras, a lot of people
seem to be okay with that, because terrorism.

Terrorism is bad, but police states are worse, because at that point the
government becomes the terrorist. If you're that afraid of terrorists that
you're willing to give the government the power to spy on you (which is not
even guaranteed to prevent terror attacks), maybe you should move to a rural
location far away from any population center. Otherwise, it should be treated
like any other crime. Perhaps we should think about why people become
terrorists in the first place, and maybe get at the root of the problem,
instead of increasing police power endlessly to try to solve the symptom and
not the cure.

~~~
pjmlp
As someone from the first generation to live in democracy after 41 years of
dictatorship, I would say people ignore the signs and when they finally decide
to start taking action is too late.

------
zby
I am surprised that it is only 300 times - but this is probably because these
devices are now bought by wealthy people who don't commit too many crimes or
felonies.

~~~
spaceribs
I'd wager white-collar crime happens more than street crime.

It's known that it costs us between 250 billion to 1 trillion dollars yearly,
but pursuing the crimes isn't prioritized by the FBI/IRS because of the costs
of litigation, the possibility of destabilizing the markets, and the war on
drugs/terror.

~~~
zby
Interesting point - maybe they don't need home surveillance in these
investigations that often?

The case mentioned in the article as the first one was a white collar crime:
[https://www.forbes.com/sites/thomasbrewster/2018/10/12/how-a...](https://www.forbes.com/sites/thomasbrewster/2018/10/12/how-
an-amateur-rap-crew-stole-surveillance-tech-that-tracks-almost-every-
american/)

~~~
tedunangst
That doesn't really say much about what the prosecution learned from nest.

------
collias
I was recently looking for some security cameras for my house. I was
considering Nest, but the fact that they are owned by Google makes me a bit
weary, privacy-wise.

Does anyone have experience with other brands that you might recommend?

~~~
Forge36
I have a Synology NAS (I wanted an always on network backup for 3 PCs) it came
with 2 free security camera licenses. The standard I found is ONVIF, my first
camera arrives tomorrow (the software looks good, online support looks
promising). Depending on features cameras are ~$25-$50 with the heavier duty
hardware being ~$100 (there is also commerical grear you could easily spend
$500 a camera)

Here are the questions I'd ask in making your choice. 1) device storage vs
onsite storage vs hosted remote (my dad wants to setup a system, I'm hoping we
can share an off-site backup solution)

2) internet required vs CCTV (local lan only)

3) WiFi vs wired vs Power Over Ethernet (I'd prefer wired PoE, but I don't
want to run cable at this time, I went wireless, this requires a phone app to
setup in my case)

4) fixed camera vs pan/tilt (I'm planning a mixed system, pan/tilt for living
room with fixed cameras looking at doors)

Obviously this is putting most of the setup/maintenance onto you. If you're
comfortable with that and setting up a network I believe this is the most
privacy-wise solution as the data should never leave your house

~~~
imglorp
Synology has been getting wierd, also, with privacy. A few updates ago, my
private fileserver asked me to agree to a privacy terms of service. I'm
considering airgapping it and ending updates.

~~~
imglorp
I'm providing a source to above claim since it appears someone is skeptical.
Reddit thought to take a screenshot.

[https://www.reddit.com/r/synology/comments/8mdioc/device_ana...](https://www.reddit.com/r/synology/comments/8mdioc/device_analytics_whats_this_and_how_can_i_disable/)

------
Sharlin
I think the time has come for a _The Wire_ reboot. Anyone else?

Edit: Downvotes, why? _The Wire_ was a critically acclaimed series whose major
themes included abuse of power, the use of technology to both surveil and
evade surveillance, perverse incentives, and failure of institutions, among
other things that are as relevant as ever in the post-Snowden era. But instead
of pagers and burners we'd get tech circa 2018.

~~~
rdl
A series where people used technical surveillance using devices like these
(IOTINT? IDK what the term of art is yet), OSINT from online things like FB,
various forms of legal process (civil, LE, NS, and extralegal), etc. to go
after "terrorists" down to criminals of various crimes down to "enemies of the
Party" down to "people who slightly antagonize employees of the Agency" to
"for the lulz" would be interesting.

More like Homeland than The Wire, though. Or, uh, Black Mirror.

~~~
Shorel
If you want a total surveillance show, there's Person of Interest.

------
yters
It's interesting how many hardware and software services are "in the cloud"
now. For example Slack monitors the conversations of thousands of businesses,
and there's no telling what they do with the data behind the scenes.

~~~
SquareWheel
People who are concerned about privacy should read the policies which are
designed specifically for them.

[https://slack.com/privacy-policy](https://slack.com/privacy-policy)

~~~
janvidar
Without being too cynical: There is what they say they do, and what they
actually do.

I'm not picking on Slack specifically here, but this is just healthy
skepticism when dealing with cloud services all in all.

All bets are off with governments involved. There are lots of compelling
reasons for secretly disregarding the already set privacy policy. Including
but not limited to patriotism, anti-terrorism, child abuse, human rights,
crime or flat out regime criticism, political reasons such as opposition.

Pick your providers carefully. You trust them more than you think.

------
StavrosK
I love the Sonoff series of smart switches/plugs. They're super cheap, well-
made and flashable with open source firmware (ESPurna, for example) that's
secure and very featureful.

------
onetimemanytime
Home..where you pick your nose, scratch your crotch, walk naked, have sex with
the lady next door, get angry at your kids and so on. Why would I want all
this stuff backed up at Google.com? No thanks, unless it has end-to-end
encryption and only I have the key. Also I'd delete all items older than x
days (unless on vacation, I'd know that I was robbed, no need to store months
of "tape")

------
KaranRaut
does google have a choice when authorities come knocking down? Maybe they
should encrypt the data in such a way that only the user can decrypt it. We
need to think about privacy as a design requirement and not something that is
optional. Companies wouldn't do it because that is the only way they can
monetize thier profit seeking craze.

~~~
azadal
Reading the above comments, it seems that companies don't have much say when
the government comes knocking.. Which is precisely why I think privacy should
be a requirement and not an option in the design stage. The company heading
towards that right now with the most advancements in technology is Snips. Data
is stored on the device primarily. To help with AI(As an option), your data
will be encrypted and sent to the developer along with all the data from other
users as a whole big data(Data generating).

------
randyrand
I'm a little surprised google does not use the user's password for encryption.
Seems like they are inviting a very bad data breach in the future.

~~~
tyingq
I imagine it's encrypted over the wire, but since the model is "processed in
the cloud", it has to be decrypted to do anything useful with it.

I suppose they could not log anything that could allow correlation to a
user/ip, but that creates a different security problem.

I don't see a real technical solution here other than doing all the processing
locally.

------
EdSharkey
> The company also noted it has never received a National Security Letter.
> Such NSLs are typically filed by intelligence agencies looking for company
> data. They also normally come with a gag order preventing businesses from
> revealing their very existence. That means that if Nest ever removes its
> disclaimer that it hasn’t received an NSL, it likely has been sent one.

Whenever I read copy like this, I read it as "no dragnet this time, nothing to
see here! Keep buying Nest and other great products from Alphabet, Inc!" But
is it possible that no NSL was ever sent and Google simply provides a data
feed of all relevant info and video to their national security partners? (A
generously paid-for feed, of course.)

I guess what I'm asking is, is an NSL required for Google to legally surveil
its customers on behalf of the host government? Beyond sheer EULA license
legal weasel-wording, I'm wondering if the fourth amendment restricts the US
government from arranging for a dragnet-style data feed from some willing
corporate partner.

~~~
cryoshon
> I'm wondering if the fourth amendment restricts the US government from
> arranging for a dragnet-style data feed from some willing corporate partner.

it doesn't. NSA has had room 631 at AT&T for over a decade now. and, of
course, everywhere else. there's almost certainly an API for government
agencies that they can query without any new warrants -- think facebook,
google, amazon, etc.

i remember back in the day people used to say that these things were just
conspiracy theories.

