A gun to your head is a threat of violence - that’s the criminal act. Threatening murder is a crime in itself.
The crime of wiretapping would be secretly listening/recording (and willfully so, not by accident as e.g. when baby monitors cross-talk). Having an inactive piece of hardware present, with no intention of using it for spying, is not a crime.
Having the hardware present is extremely unlikely to be nefarious. It could have been (a probably was) future-proofing. It could be a bundled package (unlikely I think for a mic, but you e.g. pretty much can’t buy cheap motion sensors without temp and luminosity bundled, so things like Philips Hue motion sensors measure temperature too).
Yes gun to the head is the extreme example, that's the point. Not switching it on does not absolve you of guilt. Same thing here.
That is an entirely reasonable point of view and argument. If you really do find it stupid and/or dishonest reflect on that.
If there is no law against putting secret wire taps in people's houses "by mistake" and claiming it wasn't switched on there should be because ethically its a crime worthy of the Stasi. I would prefer if we didn't have a turnkey solution to creation of a facist state of the kind the soviets could only dream of. Perhaps you like the idea? Ah but "google wouldn't" So there's no need for law surrounding google because they just wouldn't. I know some of the engineers and no way would they allow that.
Democracy deserves better defence. Even if the gun to your head is never fired and you don't know about it. Criminal. If the law says otherwise, change it.
Now I wonder if there is something you would like to disclose about your vested interests? Perhaps not. I'm old enough to remember smart and kind people being Soviet apologists then finding out later something approximating the truth to their revulsion. You don't have to be on the take to be an apologist. But there is a lot of defence of big silicon valley companies behaving badly around here and very little "Disclosure, I work for.." going on.
It also comes down to much you trust them that the microphone was disabled. If you don't, then you probably also shouldn't be carrying a smartphone with you either.
Part of my reason for blocking video is I can never figure out when videoconferencing tools will default to transmitting video, which I never want, before I have a way to turn it off.
Also, I don't think I'm a high profile enough target that somebody would bother sifting through everything I say in front of my laptop for something interesting.
Capturing images every minute or so and looking for something embarrassing (someone showing lots of skin) seems much easier for malware to automate.
The threat model is closer to automated transcription, global history search, and parallel construction.
They think the FBI is gonna sit and watch or listen to a recording. They have no idea this is gonna sit as text in a database forever to be searched against later.
But certainly no harm done in muffling or ripping out a mic if you're concerned!
It's easy and quick to put some tape over the webcam, so unless you use it all the time, there's very little reason not to to so.
Disabling the microphone is harder and maybe not worth the effort.
And get to question why they even need a camera to start with, before buying the product.
I might be an asshole for it and rightly so get down voted, but I really feel schadenfreude from this story. And maybe now some more people will learn their lesson. You can tell a toddler a dozen times that the stove is hot. They really only learn after they touched it once.
1. The fact that things are already bleak doesn't justify a more bleaker tomorrow. The fact that a large section of humanity is oblivious to privacy breaches doesn't mean the select few who do care about it should stop protesting against it, regardless of behaviour of the masses .
2. The law makers (governments) and the king makers (tech conglomerates) shouldn't be given a free-pass to do as they please at the expense of security, privacy, free-speech, and other ethos that make internet such a powerful medium. Policies needs to be continually renewed in response to emerging threats at pace  and so it is important to keep naming/shaming said entities to drive the dialogue.
 Bruce Schneier on Censorship, Surveillance, Propaganda, and User Control https://www.youtube.com/watch?v=m3NJ-Ow2Lvg
 Bruce Schneier, again, on Security of Everything https://www.youtube.com/watch?v=GkJCI3_jbtg
Added those vids to my queue, thanks.
The difference is that we know our phones have microphones and cameras and internet.
The reason people are upset is because there was no way anyone would know they added an internet-connected microphone to their home with this device unless they opened it up and reverse engineered the firmware.
If anyone can prove that these microphones were turned on without the owner’s consent — even just for “telemetry” or “quality assurance” — then criminal charges will follow.
The question is, does that really matter? Isn't that just something you tell yourself to feel like you're still in control, ahead of the game? I have two colleagues who in general are pretty concerned with privacy, data protection etc. but still bought an echo. Then countered my surprise with the same argument: at least I know it's listening and how it works! Like somehow, that knowledge makes you immune to the Problem. In reality, you don't suddenly behave differently at home. You won't think twice before saying something. You just managed to fool yourself enough to deal with that cognitive dissonance.
And I'm all for charges against google here, I mean I dislike them more every day because of something they did, including this story. It's just funny that some people still think you can trust them in any way.
I absolutely think it does.
I have also bought an Amazon Echo, but I unplug it when it's out of use for extended periods of time.
I wouldn't purchase a similar product from Facebook, because I trust Amazon with my personal data more than Facebook.
I've never purchased a Smart TV that contains a microphone.
Just because I make some decisions you disagree with in balancing my privacy and convenience trade-offs doesn't mean I should be prevented from making those decisions at all.
I was given a Google Home for Christmas, and won't even take it out of the box. I'd give it away, but that not really solving the problem.
My LG has one in the remote control. But I disallowed the TV from my home wifi about a year ago. I don't trust LG, and looking through the 53 screens of Terms of Service LG thinks need to agree to just to watch TV, I probably did the right thing.
This implies that your moral judgement must apply to whoever you gave it to. Why?
I'd buy an Echo if it had a physical switch to enable the microphone, along with a light that says its on. Software switches are worthless.
Legally speaking, it really does matter (18 U.S.C. 2511(2)(d) ) [my emphasis]:
> It shall not be unlawful under this chapter for a person [...] to intercept a wire, oral, or electronic communication where such person is a party to the communication or where one of the parties to the communication has given prior consent to such interception [...].
They learned to pay off DC around when Microsoft was taken to the anti-trust woodshed.
Now they are beyond accountability. Especially once it's clear to everyone that they control election results to a wide degree.
I mean laughing and experiencing schadenfreude over someone planting a hidden and previously unknown microphone in ones home, is just weird man.
People know the Amazon echo contains a microphone.
> have been carrying little computers with microphones and an internet connection around all day for even longer
People know that their phones contains a microphone.
Surely the difference of being able to make an informed choice is still significant?
> I might be an asshole for it and rightly so get down voted, but I really feel schadenfreude from this story
I don't understand the schadenfreude here. Because some people make privacy choices that you disagree with, then we should take pleasure when companies stop presenting a choice at all?
I guess I just fundamentally don't understand how you can equate the two categories of products together.
In one category people make a knowing choice. In the other category they do not, and the company has outright lied to them to prevent them from making a knowing choice.
Considering half of the other Nest products contain microphones already, I don't think anyone who truly is worried about this stuff would've gotten a Nest ecosystem to start with.
I agree, it's important to have all the facts so you can make informed decision, but this specific case has been way overblown, mostly by people who don't use Nest nor ever will. Almost anyone who's outraged probably would've never bought the product anyway.
Consent. The difference is consent. You may get laid ten times a day for a week, but the time it happens without your permission is still a problem.
I have trouble believing folks that “don’t get this” aren’t being purposely obtuse. Consent isn’t that complicated an idea.
Interesting choice of analogy.
Lets assume that you actually consented to your smartphone recording you at any time without telling you, and then google use that recording for whatever they like. That is most probably not true: you only want the mic to record you in very specific moments, and you also probably want to know exactly where any data that leaves your device is stored and how it's being used.
You have to trust google (or any other company who's app you gave permission to access the mic) to comply with this.
If you do, then the nest case shouldn't be an issue to you at all. You never consented to this mic being used for anything, so legally they can't use it for anything, and since you trust them in the smartphone case, you do here too. End of story.
If however you wouldn't even trust google with the mic in your smartphone, then why would you buy anything from them at all? "Oh it doesn't have a mic so they'd only abuse all the other data they can collect from it."
> I have trouble believing folks that “don’t get this” aren’t being purposely obtuse. Consent isn’t that complicated an idea.
Common sense isn't either. Google is evil, and not just since yesterday. I wouldn't even buy a Chromecast.
The part that is news for me: Google is (inadvertently?) moving the bar of acceptable behavior to “we’ll plant microphones (and other surveillance hardware capabilities) in devices now, wait until you start relying on unrelated functionality, then totally issue a press release before we turn them on and start slurping your data.”
Google "accidentally" forgot to tell people that they included a mic in those devices. That's still illegal.
>Hawley pointed out on Tuesday that a user's location is sent to Google hundreds of times a day, even when the phone is not in use. In fact, Hawley said, a user's location is tracked "every four minutes, or 14 times an hour, roughly 340 times during a 24-hour period," even when the phone is not in use.
>DeVries confessed that "location information is absolutely core to making a mobile phone work the way that you want it to work." He said that Google has an "optional service" called Location History that is opt-in and "can collect location over time when people turn that on."
>"But Google collects geolocation data even if Location History is turned off, correct?" Hawley pressed.
>"Yes, senator, it can in order to operate other services—"
This should be illegal and was admitted to congress -- justifying it with BS excuses -- but virtually no major media outlet is covering this.
https://pjmedia.com/trending/google-tracks-you-even-when-loc... (one of 3 articles I found about this)
(The fact that congress called them in to testify is news, since it means maybe some politicians are going to make noises about how unacceptable this is, or perhaps even introduce a bill.)
Unfortunately most of these news publications rely on things like Google's YT + Adsense for content distribution and revenue, so they may not want to anger their overlords. I also doubt anything will come out of this hearing -- people don't seem to care about privacy and they want convenience. Although this senator understands the privacy concerns, most of his peers are clueless.
I'd say that the number is relatively small to non-existent but that might have more to do with the fact that cell phones are more a requirement for day-to-day life than anything else.
For example, try to sign-up for paging services, as a means to replace your cellphone with a passive-only device, and see how far you can actually get with that idea.
Or try to buy a CRT-TV.
At some point you have to concede that means to go against society's trends are no longer there, unless you make them yourself - and most people either don't have the resources nor the time or a combinations of either to do that.
 - https://www.amazon.co.uk/s/ref=lp_560864_nr_p_n_feature_thre...
Pagers are still used in some industries, like healthcare, where people can die if a message doesn’t get through. Pagers are still more reliable than text messages and cell phones in many locations and especially inside large buildings like hospitals. Though the industry is switching.
I never said that they weren't, yeah?
I suggested it being a difficult alternative because of the wide-spread use of cell phones. For example, in my country, the national paging system was taken down in August of 2011; so, there's no consumer paging services. B2B (which hospitals would be inclusive of) still exist, to be sure, but that means nothing in the overall scheme of a consumer trying to not buy a cell phone.
"Why one of cybersecurity’s thought leaders [Dan Geer] uses a pager instead of a smart phone"
People are aware an Echo contains a microphone though.
For consent to be valid, it must be informed consent.
Keep in mind pretty much any sensor can be leveraged via court order, so it's valid for people to be upset they were unable to properly threat model due to a lack of information.
If you had a peanut allergy, wouldn't you want to know if the candy bar has peanuts?
No it's not. What Google did here was illegal. There are also people who value their privacy and don't have an Amazon echo or other listening device.
You're trying to argue that SOME people don't value their privacy so NO ONE should ever have an expectation that a device they buy isn't secretly listening in on them illegally. I fundamentally disagree with that take.
A smart-home speaker shouldn’t be secretly hiding a video camera. A secure messaging platform shouldn’t have a government-operated backdoor. And a home security hub that controls an alarm, keypad, and motion detector shouldn’t include a clandestine microphone feature—especially one that was never announced to customers.
This sounds too much like trying to move the overton window for me. If the next generation of smart devices is advertised as "no hidden cameras and microphones! (we'll just spy on you with the visible cameras and microphones)", I don't think this would be a win.
The fact that they need to lay out why this might be wrong is mildly depressing.
Agreed but we have to consider that it's entirely plausible that we're in the minority in this line of thinking.
The degree of "you should be panicking" around this is annoying to me.
My own position has for long been that all that IoTness needs to be "invisible," or otherwise it turns the thing into an annoying toy:
I've seen people throwing away their smart assistants already. A lot of people get quite surprised that the famed speaker is far more than just a speaker and tries to insert itself into your breakfast conversation. And those annoying, repeated "Internet connection failure," I think a few people threw them out just because of that.
The moral here is that microphone access should be treated differently than access to the rest of the audio system. You can get more protection through software than we normally get.
Edited to add: A bold move by Google would be a public announcement that you may return the device for a full refund.
I don't know, it sounds believable. Maybe they put it there "just in case", but didn't want to put it in the list of specifications because it had no software support, and having it there would've mislead customers who could've thought the microphone was functional software-wise.
Let me throw this at you. They shipped hardware with an incomplete spec sheet. Probably by accident. What's the probability that they ship software with incorrect behavior? Like, say, the software on the device? Software which could engage the microphone and send it to a remote server? At their scale, this is possible to mess up, with all of the abstraction layers and number of customers they're dealing with.
Google is the most careless company to ever reach the level of success that they have, possibly tied with Facebook. They need to be slapped, HARD, by some government, or else we'll never see the true institutional change necessary for a company of their power.
To be clear, I don't know exactly what chips modern electronics contain that we will worry about in a couple years, but all of the above seem like plausible things.
I don’t think Google deserves the benefit of the doubt anymore: these untruths happen with every product, and they’re always in Google’s favor. There’s a consistent pattern of Google specifications, documentation, etc being knowingly untrue.
The only “error” is Google got caught deceiving people, again.
YouTube, GMail, Google search, Google Docs, Google Drive, Google ads (both selling and buying), and GCP.
To me, that seems like every core product they offer, and so a little hyperbole is appropriate when calling out the misconduct of a gigacrime syndicate.
It is, however, very HN to say I was too hyperbolic and mean to the gigacrime supyndicate.
 I mean this in the technical sense — I believe YouTube has committed over 1 billion acts of copyright infringement for profit, given that Google’s editorializing removes their safe harbor coverage. I believe other parts of Alphabet have similarly engaged in “scaled petty crime”.
Edit to footnote: I do want to say, I don’t think Google is unique in this category — and it should be taken partly as a criticism of corporate governance (particularly American), rather than Google in particular, that any business is allowed to operate that way.
It’s easy enough to Google literally any of them and read substantial numbers of articles on their practices:
For example, AdWords misrepresents clicks by slow rolling fraud mitigation and Google is quite deceptive about what various statistical measures and advertising practices actually deliver.
As another, YouTube has a quasi-DMCA process while feigning that it’s a safe harbor purveyor of information, while in fact maintaining an editorialized anthology. This quasi-DMCA process is frequently used to steal ad revenue from creators through acts of fraud which Google’s automated systems and lack of human support (intentionally) don’t mitigate.
It’s just not worth my morning to document all of it, because it’s literally a story a week for years. And a dozen stories a week for the past few years.
What I think is nefarious is not informing customers about that latent capability, because denying customers that information increased sales (eg, by not informing people who would be concerned by the mic).
A lie of omission for “good intentions” often is actually just denying the other person the information that they need to make an informed decision, for your own benefit.
That seems to be what Google did here.