Google Fesses Up To Hidden Microphone In Nest Home Security Platform
from the oh and by the way dept
Google this week found itself in luke warm water after Nest Secure users discovered that their home security system contained a “hidden” microphone the company had never publicly disclosed. The reveal came via a Google announcement sent to Nest customers earlier this month, informing them that their Nest Secure base stations (the motion detector and keypad at the heart of the system) would soon be updated to include Google Assistant functionality, essentially converting the hardware into another way to issue voice commands around the home:
“Starting today, we’re adding a feature to Nest Secure to do just that: the Google Assistant will be available on your Nest Guard, so you can ask it questions like, “Hey Google, do I need an umbrella today?” before you set your alarm and leave the house. Nest Guard is the brains of your Nest Secure; it contains a keypad and all the smarts that power the system. It’s usually placed in a spot with lots of traffic (like the front doorway) making it useful as you come and go.”
On its face, this is certainly a welcome upgrade. Especially given the fact that we live in an era where the opposite often occurs, and companies have a habit of removing basic product functionality post sale, leaving you with less of a product, or in a few select instances no product at all. As such, that the Nest keypad for a home alarm system actually was upgraded to do more than users original thought is a good thing, at least superficially.
The problem: more privacy-conscious Nest owners weren’t aware that the Nest home security base stations had a microphone in the first place, raising questions about whether Google was using the microphone for data collection and monetization in some capacity. Given the fact that we can’t go more than twenty minutes before another major privacy scandal breaks, and the general regulatory and government response to most of these scandals has been a collective ¯(ツ)/¯, the concerns are understandable.
If @Google's @Nest Secure devices really had secret microphones that they hid from consumers, those consumers should probably be forgiven if they don't trust the company's after-the-fact promises that it never spied on them. #DontBeEvil https://t.co/sZsFC31zdV via @csoonline
— Tom Zeller Jr. (@tomzellerjr) February 20, 2019
Unlike some of its modern contemporaries, Google at least acknowledged that the company should have done a better job disclosing the microphone’s existence simply by including it in the product hardware specs:
“On Tuesday, a Google representative told Business Insider the company had made an “error.” “The on-device microphone was never intended to be a secret and should have been listed in the tech specs,” the person said. “That was an error on our part.”
And it does look like the company was also quick to update its product specs to make it clear the microphone exists moving forward. Still, Google should have been clearer from the start, and many went so far as to insist Google was lying to its customers:
This is not “messing up.” This is deliberately misleading and lying to your customers about your product. https://t.co/FZcf55L1bU
— Eva (@evacide) February 21, 2019
I would probably note that if privacy is your top concern, a company like Google with a long history of hoovering up personal information probably shouldn’t be your top home security choice in the first place. And there’s a litany of other products in the home that deserve the same level of scrutiny. Americans are connecting poorly secured crap to their home networks at an alarming rate, from televisions (with microphones) that have paper mache grade security, to Barbie dolls that can be easily hacked and converted into covert listening devices.
While Google did the right thing here by coming clear, this episode also does a nice job illustrating the fact that whether we’re talking about products getting better or worse, you don’t really own the products you buy, and your agreement with the manufacturer in the firmware-update era can pivot on a dime, often with far less disclosure than we saw here, or none whatsoever.