OPINION: An Eavesdropping Google Home Mini Shows That Not Everyone Who Opposes Such Devices Wears a Tinfoil Hat

(Bloomberg View) —
Google Home Mini
Rishi Chandra, a product management executive at Google, speaks about the Google Home Mini during a launch event in San Francisco on October 4. (Reuters/Stephen Lam)

The rapidly growing market for voice-controlled speakers probably needed something like the Google Home Mini disaster to happen. Now even those customers who were oblivious to the risks of placing such a device in their homes will want to consider the security implications, and manufacturers won’t be able to get away with being so dismissive.

Earlier this month, Artem Russakovskii, who runs the Android Police blog, picked up a pre-market version of the Google Home Mini to review. This is the compact version of the Google Home speaker that you can ask to play music, do a web search or adjust your smart thermostat. But instead of waiting for commands, Russakovskii’s machine started reacting to a TV program he was watching by repeatedly saying it didn’t understand. Those digital assistants do that a lot, but usually when woken up by a command like “OK Google” or “Alexa” – or by something they have “misheard” as such a command.

Russakovskii was alarmed because neither he nor the TV was saying anything similar, and the Home Mini kept reacting. He went to his Google account and discovered thousands of activity records: The device had been recording everything that went on in its vicinity.

Russakovskii is one of the tech boosters who have sold the product category to the world so successfully that this year; 35.6 million Americans are expected to use a device like the Amazon Echo or the Google Home at least once a month. To him, people who warned of the dangers of placing such a gadget in the home were “tinfoil-hat wearers.”

“I didn’t give too much thought to these privacy concerns because they all sounded theoretical and unlikely,” Russakovski wrote in a post describing his alarming experience.

After he contacted Google, the company reacted quickly, sending an employee to pick up the device and soon rolling out a software update that shut off the touch panel at the top of the spheroid device. The panel provided an additional way of waking up the device – with a finger rather than with voice – but it also served as the pause button and volume control for music and the off button for the alarm function. Google Home Minis will now ship without the touch functionality because it’s too late to fix the panels, which, on some devices, react to “phantom events.”

“We take user privacy and product quality concerns very seriously,” Google said in a statement. “Although we only received a few reports of this issue, we want people to have complete peace of mind while using Google Home Mini.”

Peace of mind, however, is exactly the wrong outcome here. Defective hardware is not the only potential problem. These devices are listening all the time, and the recording function can be triggered by a hack, an accidental noise, a software glitch. What happened to Russakovskii merely confirms Murphy’s law: anything that can go wrong will go wrong.

The U.S. National Institute of Standards and Technology’s Hyunji Chung, Michaela Iorga and Jeffrey Voas and Korea University’s Sangjin Lee, no “tinfoil-hat wearers,” discussed the product category’s dangers in a recent paper. They explained how communication between an “intelligent digital assistant” and the producer’s cloud, where requests are processed, could be intercepted to hack into the devices. “The potential for accidental recording means that users do not necessarily have complete control over what audio gets transmitted,” they wrote. Apart from spying on a household, the voice recordings could be used to impersonate the speakers and wreak havoc with their lives, they pointed out.

For years, we have routinely ignored these kinds of warnings, preferring to listen to tech companies’ assurances that the devices are safe. People like being innovative and hate looking paranoid. Increasingly, people must ask: Are we willing to trade the privacy of everything that goes on in our homes for a product that completely duplicates what our smartphones can already do? At least we can turn off the phone’s voice assistant function so it doesn’t listen all the time (I have), and, for example, enable it only when we’re driving. The point of a voice-activated speaker at home is that it’s always ready to spring into action. Consumers must decide whether having a recipe read out-loud is worth that risk.

It’s true that the voice recognition and natural-language-processing technology used in the voice-controlled speakers can be a lifeline to some – for example for people with poor vision, those who don’t have the use of their hands or those who need to minimize distractions while performing attention-demanding work. Just as Google Glass turned out to be a useful niche product for manufacturing environments, there are legitimate use cases for the speakers.

But instead of targeting these use cases, tech companies routinely take new capabilities to the mass market to see if a product takes off. It didn’t work with Google Glass, but it did with the Amazon Echo, so Google, too, is in the game, and more companies, including Apple, Samsung and Alibaba, are getting into it. The market’s growth is hampered only by the limited language ability of the devices, but new languages will be added relatively quickly.

Amazon wants to push merchandise through the intelligent assistants; Google is eyeing a wealth of new data about consumers and the advertising potential. Consumers will decide for themselves whether helping these companies will make their life sufficiently better to justify the associated risks neatly highlighted by the rogue Google Home Mini that Russakovskii tried out.

To Read The Full Story

Are you already a subscriber?
Click to log in!