OK Google, Stop Eavesdropping on Me!

Google gives contractors access to your voice, it has emerged. And now, recordings made secretly by Google devices and apps have leaked to the press.

About 15% of the recordings weren’t even meant for Google. And several contain sensitive, personal data, violating the promises in Google’s privacy policy.

Naturally, Google’s response is yet another tone-deaf whatabout-ism: blaming the contractor, rather than admitting its mistakes. In today’s SB Blogwatch, we don’t miss the point (even though Google did).

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: T-race.


Say, What?

What’s the craic? Lente van Hee, Ruben van den Heuvel, Tim Verheyden, and Denny Baert report, “Google employees are eavesdropping, even in your living room”:

 Google employees are systematically listening to audio files recorded by Google Home smart speakers and the Google Assistant. … People at Google listen to … conversations that should never have been recorded, some of which contain sensitive information.

Everything you say … is being recorded and stored. … Google employees can listen to excerpts. [But] Google has continually claimed that it doesn’t eavesdrop.

Knowing that people who work for Google indirectly are listening to such recordings raises questions about privacy. … It doesn’t take a rocket scientist to recover someone’s identity; you simply have to listen.

A lot of conversations are recorded unintentionally: bedroom conversations, conversations between parents and their children, but also blazing rows and professional phone calls containing lots of private information.

Google admits that it works with language experts worldwide to improve speech technology. “This happens by making transcripts of of a small number of audio files”, [says a] Google’s spokesman. … “This work is of crucial importance to develop … products such as the Google Assistant.”

Yikes. Tom Simonite asks, “Who’s listening?”:

 Last month, a couple … got an unexpected lesson in how these supposedly automated helpers really work. Tim Verheyden, a journalist … contacted the couple bearing a mysterious audio file. To their surprise, they clearly heard the voices of their son and baby grandchild.

Verheyden says he gained access to the file and more than 1,000 others from a Google contractor. [Another] recording contained the couple’s address.

The Google contractor said that he transcribed around 1,000 clips per week … and that he was concerned by the sensitivity of some of the recordings. … Google’s privacy policy and privacy pages for its home devices do not describe how the company uses workers to review audio [and] those pages say that no information leaves the device until its wake word is detected—obscuring the fact that the system can mistakenly detect it.

Google’s practices may breach the European Union privacy rules known as GDPR. … Those disclosures don’t appear to meet GDPR requirements—even for data not considered sensitive.

Not OK, Google. Sarah Perez adds, “Google is investigating the source of voice data leak”:

 As voice assistant devices are becoming a more common part of consumers’ everyday lives, there’s increased scrutiny on how tech companies are handling the voice recordings, who’s listening on the other end, what records are being stored, and for how long. … This is not an issue that only Google is facing.

The issues around the lack of disclosure and transparency could be yet another signal to U.S. regulators that tech companies aren’t able to make responsible decisions on their own. … one would think Google would be going over its privacy policies with a fine-toothed comb … to ensure that consumers understand how their data is being stored, shared and used.

But is Google investigating the wrong thing? Google’s David Monsees offers what he blandly calls, “More information”:

 We invest significant resources to ensure that our speech technology works for a wide variety of languages, accents and dialects. … We partner with language experts around the world who … review and transcribe … around 0.2 percent … of queries to help us better understand those languages.

One of these language reviewers has violated our data security policies by leaking [recordings]. We are conducting a full review … to prevent misconduct like this from happening again.

Wait. Pause. Did you get that? This Anonymous Coward certainly did:

 [They] are only discussing the fact that this data got leaked. Not that it was very poorly anonymised, nor that none of these people were aware their data had been used in such a way, nor that the Google Assistant has made long recordings without any “OK Google” command.

Google/Alphabet is trying to throw the contractor under the bus, and hopes to get away with all the rest. In a couple of days it will just be business as usual.

So Tomato42 audits Google’s implied contract:

 The page you can listen to your own recording says, “Only you can listen to these recordings.”

They brazenly lied. I hope that we will see the first real GDPR fine from that.

And this Anonymous Coward wants a square deal:

 Time for a Teddy Roosevelt to come along and Trust Bust – break these monopolies up – Apple, Amazon, Facebook and Microsoft should be 40 companies, not 4.

Facebook should lose Messenger, Instagram and Whatsapp to separate companies. Also it would be worthwhile the entity that runs Facebook itself be setup as a non-profit like Wikipedia, and the advertising sales be run a separate company that pays for the advertising space, but can’t control the data or influence privacy decisions.

But why are we surprised? Patrick Hogan isn’t:

 Well you have to train the system somehow when it’s expected to work across a wide range of accents and speech patterns. At some point people need to recognize that these devices are always listening (that’s the only way they can respond to their name being called) and sending that info back to the cloud.

I wouldn’t be surprise if Siri and Cortana do the same thing. I’ll never buy one and I don’t use Siri on my iPhone cause I figure that is what has to happen to make them work as well as they do.

Meanwhile, Gareth Corfield quips, “Just because you’re paranoid doesn’t mean Google isn’t listening to everything you say”:

 The answer to creepy always-on audio surveillance devices is simple: Turn them off, unplug them, run their batteries down to empty. And then start living your life in a cave.

And Finally:

Emerald Downs in Auburn, Washington: Could this be the greatest race in history?

Hat tip: Popbitch


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Petras Gagilas (cc:by-sa)

Featured eBook
7 Reasons Why CISOs Should Care About DevSecOps

7 Reasons Why CISOs Should Care About DevSecOps

DevOps is no longer an experimental phenomenon or bleeding edge way of delivering software. It’s now accepted as a gold standard for delivering software. It’s time for CISOs to stop fearing DevOps and start recognizing that by embedding security into the process they’re setting themselves up for huge potential upsides. Download this eBook to learn ... Read More
Security Boulevard

Richi Jennings

Richi is a foolish independent industry analyst, editor, writer, and fan of the Oxford comma. He’s previously written or edited for Computerworld, Petri, Microsoft, HP, Cyren, Webroot, Micro Focus, Osterman Research, Ferris Research, NetApp on Forbes and CIO.com. His work has won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 43 posts and counting.See all posts by richi