Reaction to Hidden Microphone in Nest IoT Security Hub Creates New Risk for Google as Senate Committee Wants Answers
The Senate Commerce Committee last week sent a letter to Google CEO Sundar Pichai about the news reports that its Nest Guard IoT security hub included an onboard microphone but didn’t inform customers of its presence. The letter includes the following statement which sums up why Google must always be concerned about these types of potential risks:
“In recent years, consumers have become increasingly concerned about the ability of large technology companies to collect and use personal data about them without their knowledge. Therefore, it is critically important that companies like Google be completely transparent with consumers, and provide full disclosure of all technical specifications of their products at the point of sale. Last September, Google’s chief privacy officer testified at a hearing before the U.S. Senate Committee on Commerce, Science, and Transportation (Senate Commerce Committee) that ‘transparency is a core value of our approach to serving users.’ That is why Google’s failure to disclose a microphone within its Nest Secure product raises serious questions about its commitment to consumer transparency and disclosure.”
The first sentence says “consumers have become increasingly concerned” and elected officials are highly attuned to citizen concerns and recognize that follow up on these issues in a very public way may be good policy, but it’s definitely good politics. This sentence was followed by a statement implying Google’s special responsibility and concluded with an implication that the company is not living up to its public professions before Congress last fall. Requests for more information from government bodies are often followed by requests for more regulation.
What the Government Wants
After the preamble, the letter from the Senate Commerce Committee asks six questions related to Google’s knowledge of the microphone’s presence, how it intends to inform consumers that purchased the devices, what policies the company has in place surrounding disclosure of features, and if there are any known security breaches of the product. A Google spokesperson said shortly after the microphone’s presence was first questioned that:
The Google Assistant on Nest Guard is an opt-in feature, and as the feature becomes available to our users, they’ll receive an email with instructions on how to enable the feature and turn on the microphone in the Nest app. Nest Guard does have one on-device microphone that is not enabled by default.
About two weeks later Google told Business Insider that not listing the microphone as a component was a mistake.
The on-device microphone was never intended to be a secret and should have been listed in the tech specs. That was an error on our part.
Future Proofing Devices
This situation could easily have been avoided. Many devices ship to consumers with features that are not enabled when the customer opens the package. That is because so much of what devices do today is governed by software and sometimes the updates aren’t ready for the features when the devices ship. If those features require specific hardware, then sometimes that hardware is included even if initially dormant in the device. That is often viewed as good for the consumer because they don’t have to upgrade their device when the new feature becomes available. In this case, Google could have said Nest Guard also ships with a microphone so in the future you will be able to use it to access Google Assistant much like a smart speaker. That would have positioned the microphone as a value-added feature from the start and not something people now believe was being concealed for unknown reasons.
Was Privacy Compromised? It Doesn’t Matter. Trust Was Undermined.
The issue here isn’t really whether privacy of consumers was compromised. It comes down in part to a key word used in the Senate Commerce Committee letter: transparency. Technology companies were once seen as allies of consumers, but the ad-driven model built on user behavioral data has undermined that sentiment because motivation is always in question. Companies in the consumer data mining industry have a motivation to maximize revenue which sometimes means having a slightly naive user base is in their interest. The rise of cybersecurity threats has only heightened the sensitivity to these issues because even a trusted actor can have its data compromised and that can directly impact consumers.
Ultimately, trust is what this all comes down to for Google and the entire voice industry. The decision not to list the microphone in the product specification was probably a benign error, but the fallout is fueling sentiment of an already suspicious consumer audience and an even more suspicious political class that is poised to use this as pretext for granting less trust in the future and eventually more intervention.
What Google Should Do
It is surprising to many that smartphones essentially get a free pass on privacy. That likely is the result of the fact that smartphones are so ubiquitous and many privacy scares emerged after they were so embedded in everyday lives. Regulating them could lead to feature constriction and raise consumer ire. No government body wants to be implicated in that scenario. So, for voice assistants to be able to evolve without heavy restrictions, the industry needs to avoid errors like Nest Guard and ensure adoption grows to include an influential majority of consumers.
Google can also help mitigate the current situation by offering to refund the purchase of all Nest Guard buyers who bought a device with a microphone. It may be costly, but likely less so than the political fallout if this controversy simmers without a clear resolution. And, if it does simmer, issues like Google’s latest bug with Google Photos inadvertently being shown to strangers through Android TV screen savers will be even harder to resolve in the face of public concern.