This article is more than 1 year old
Just because you're paranoid doesn't mean Google isn't listening to everything you say
Belgian journos find hundreds of recordings from so-called smart speakers triggered without command
A bunch of Belgian investigative journalists have discovered that Google workers really are listening in on people who use its voice-activated Google Assistant product.
The team at Flemish broadcaster VRT was tipped off that commands and snippets of conversations and noise picked up by devices powered by Google Assistant are retained in backend systems and can be played back by Google recruits for further analysis.
The journos even managed to obtain copies of this audio. "This is undeniably my own voice," a Flemish man told the reporters when they played him one such clip of himself talking to his Google Assistant.
The Belgian journos revealed on Wednesday: "In these recordings we could clearly hear addresses and other sensitive information. This made it easy for us to find the people involved and confront them with the audio recordings."
Damningly, they added: "VRT NWS listened to more than a thousand excerpts, 153 of which were conversations that should never have been recorded and during which the command 'Okay Google' was clearly not given."
Voice assistants are always listening. So why won't they call police if they hear a crime?
READ MOREA Google subcontractor told VRT that thousands of employees worldwide listen to conversations with the aim of improving the Google voice-recognition algorithms. Around a dozen people are employed to listen to Flemish-language conversations, with speakers of the language being mostly concentrated across parts of Belgium and Holland.
Although the recordings are anonymised, many of the search terms involve addresses, names and other clearly identifying information. Employees are tasked with precisely transcribing voice commands given, meaning they need to double-check spellings and the like – in turn, forcing them to look up the people and locations they are listening to.
Amazingly, the journo team said this week it also found that some people actually used smart speakers to look for porn. That'll solve the search history problem... or actually... wait a minute.
Google insisted to VRT that all was well because it worked with "language experts worldwide" to transcribe hard-to-understand snippets of recorded conversations. It also added that its contractors only judge "about 0.2 per cent of all audio fragments", which are "not linked to any personal or identifiable information".
In a followup blog post today, Googler David Monsees, product manager of search, said the ad giant is probing the situation, and accused its language reviewers of leaking the recordings, presumably to the VRT journalists:
As part of our work to develop speech technology for more languages, we partner with language experts around the world who understand the nuances and accents of a specific language.
We just learned that one of these language reviewers has violated our data security policies by leaking confidential Dutch audio data. Our Security and Privacy Response teams have been activated on this issue, are investigating, and we will take action. We are conducting a full review of our safeguards in this space to prevent misconduct like this from happening again.
The Google Assistant only sends audio to Google after your device detects that you’re interacting with the Assistant — for example, by saying “Hey Google” or by physically triggering the Google Assistant. A clear indicator (such as the flashing dots on top of a Google Home or an on-screen indicator on your Android device) will activate any time the device is communicating with Google in order to fulfill your request.
Crucially, Monsees admitted:
Rarely, devices that have the Google Assistant built in may experience what we call a “false accept.” This means that there was some noise or words in the background that our software interpreted to be the hotword (like “Ok Google”). We have a number of protections in place to prevent false accepts from occurring in your home.
The Register has asked the Belgian privacy watchdogs for comment, and we will update when we hear more.
The answer to creepy always-on audio surveillance devices is simple: turn them off, unplug them, run their batteries down to empty. And then start living your life in a cave. ®