New Bill Would Force Hardware Makers To Disclose Hidden Mics, Cameras
from the watching-you-watching-me dept
Back in February, you might recall that Google took some heat from owners of their Nest home security platform, after they suddenly discovered that the Nest Secure home security base station contained a hidden microphone the company had never publicly disclosed. The reveal came via a Google announcement sent to Nest customers informing them the hidden mic would soon be turned on, allowing the integration of Google Assistant on the platform. Given tech’s shaky history on privacy, some folks were understandably not amused:
This is not ?messing up.? This is deliberately misleading and lying to your customers about your product. https://t.co/FZcf55L1bU
— Eva (@evacide) February 21, 2019
While Google ultimately admitted the “error” and updated its hardware spec sheet, the episode did a nice job illustrating the fact that whether we’re talking about products getting better or worse, you don’t really own the products you buy, and your agreement with the manufacturer in the firmware-update era can pivot on a dime, often with far less disclosure than we saw here, or none whatsoever. When it comes to privacy (especially given the flimsy security in many IOT devices), that’s kind of an important conversation to be having.
Likely responding to the resulting fracas, Senator Cory Gardner has introduced the Protecting Privacy in our Homes Act, which would require tech companies to include a label on products disclosing the presence of recording devices. Gardner’s been trying to shore up the internet of broken things for a few years now, though the efforts usually stall in process and his IOT Cybersecurity Act, introduced last Spring, has struggled to gain much traction in a distracted and well lobbied Congress. Says Gardner of this latest effort:
“Consumers face a number of challenges when it comes to their privacy, but they shouldn?t have a challenge figuring out if a device they buy has a camera or microphone embedded into it. This legislation is about consumer information, consumer empowerment, and making sure we?re doing everything we can to protect consumer privacy.”
Outside of legislation, there’s not a whole lot being done to ensure the millions of devices we’ve connected to the internet annually have reasonable security and privacy safeguards in general. Like so many issues, the IOT industry doesn’t much care — they’re on to selling the next greatest thing and have little interest in retroactive security and privacy updates. Consumers often don’t care — in part because they’re completely clueless to the scope of the problem (especially if functionality is hidden). And lobbying ensures government usually doesn’t much care either.
That has left much of the problem in the laps of consumer groups, researchers, and activists, though many of these efforts (like Consumer Reports quest to shame companies for bad security and privacy practices in product reviews) can only accomplish so much without industry and government’s help. Ultimately this just means we’re going to see a lot more hacking, privacy violations, and related scandals (and even potentially tragedies) before we start taking the problem of IOT privacy, security, and transparency seriously.