This article is more than 1 year old
EPIC demand: It's time for Google to fly the Nest after 'forgetting' to mention home alarm hub has built-in mic
Ad giant must divorce IoT subsidiary, privacy warriors tell sleepy watchdog
Following Google's acknowledgement that it made a mistake by failing to mention that its Nest Guard alarm hub includes a microphone, the Electronic Privacy Information Center (EPIC) has asked the US Federal Trade Commission (FTC) to force the ad biz to sell its Nest division and surrender data snarfed from Nest customers.
The advocacy group, in a statement, observes, "It is a federal crime to intercept private communications or to plant a listening device in a private residence."
In a letter addressed to FTC chairman Joe Simons and the other commissioners, EPIC president Marc Rotenberg and EPIC consumer protection counsel Christine Bannan recall that their advocacy group in 2014 chided the federal watchdog agency for failing to address privacy concerns arising from Google's Nest acquisition.
The two privacy advocates argue the FTC should have conducted a more rigorous review before allowing Google to acquire Nest and suggest the proper course is to break the two apart.
"The FTC should now commence an enforcement action against Google with the aim of divesting the company of Nest and requiring also that Google disgorge the data it wrongfully obtained from Nest customers," the letter says.
Recalling Google's most infamous privacy misstep – failing to notice and nix an engineer's plan to run Wi-Fi data harvesting code in its Street View cars between May 2007 and May 2010 – Rotenberg and Bannan muse that it's unclear whether Google, hackers, or others may have activated the undisclosed mics to listen in on consumers.
No one has made such a claim, and it wouldn't be easy to active the mic since there's no public API for it. The same possibility exists for all the known mics in consumer environments, on phones and network-connected speakers, but perhaps a Nest Guard eavesdropping scenario is worth worrying about.
Secret mic in Nest gear wasn't supposed to be a secret, says Google, we just forgot to tell anyoneREAD MORE
The Register asked Google whether it knew if any Nest microphones had been activated prior to the company's announcement of their existence and whether the company could confirm that no audio data was collected during that dormant period.
Google claims that the mics were never used prior to disclosure, which would preclude the possibility of covert data collection.
"The on-device microphone was never intended to be a secret and should have been listed in the tech specs," a company spokesperson said in an email. "That was an error on our part. The microphone has never been on and is only activated when users specifically enable the option."
Google's spokesperson added, "Security systems often use microphones to provide features that rely on sound sensing. We included the mic on the device so that we can potentially offer additional features to our users in the future, such as the ability to detect broken glass."
The FTC has a long history of inconsequential privacy punishments for tech companies. Scott Cleland, a consultant with telecom clients who has lobbied against Google for years, makes that claim in a public comment filed with the agency last year.
Pointing to 17 questionable Google business practices over the past 15 years, he observes, "the FTC has not deterred Google from serial unfair and deceptive practices via multiple services, involving multiple technologies, in multiple ways, repeatedly, over a fifteen-year period."
What's more, it's surprising EPIC would pin its hopes on the agency after Rotenberg last year lamented that the FTC appeared to be unwilling to bring legal action against either Facebook or Google to enforce privacy settlements.
Nonetheless, the FTC, perhaps emboldened by the persistent regulatory friction felt by Facebook and Google in the US and EU throughout 2018, in November called attention to its "unwavering commitment to protecting consumers’ privacy while promoting competition and innovation" and urged Congress to clarify its authority. With a longer leash, perhaps the FTC could herd errant tech firms more effectively.
The problem the agency faces with regard to that mission statement is that among the internet's ad giants, innovation has come to mean novel ways to bypass privacy. ®