New Bill Would Force Hardware Makers To Disclose Hidden Mics, Cameras

from the watching-you-watching-me dept

Back in February, you might recall that Google took some heat from owners of their Nest home security platform, after they suddenly discovered that the Nest Secure home security base station contained a hidden microphone the company had never publicly disclosed. The reveal came via a Google announcement sent to Nest customers informing them the hidden mic would soon be turned on, allowing the integration of Google Assistant on the platform. Given tech's shaky history on privacy, some folks were understandably not amused:

While Google ultimately admitted the "error" and updated its hardware spec sheet, the episode did a nice job illustrating the fact that whether we're talking about products getting better or worse, you don't really own the products you buy, and your agreement with the manufacturer in the firmware-update era can pivot on a dime, often with far less disclosure than we saw here, or none whatsoever. When it comes to privacy (especially given the flimsy security in many IOT devices), that's kind of an important conversation to be having.

Likely responding to the resulting fracas, Senator Cory Gardner has introduced the Protecting Privacy in our Homes Act, which would require tech companies to include a label on products disclosing the presence of recording devices. Gardner's been trying to shore up the internet of broken things for a few years now, though the efforts usually stall in process and his IOT Cybersecurity Act, introduced last Spring, has struggled to gain much traction in a distracted and well lobbied Congress. Says Gardner of this latest effort:

"Consumers face a number of challenges when it comes to their privacy, but they shouldn’t have a challenge figuring out if a device they buy has a camera or microphone embedded into it. This legislation is about consumer information, consumer empowerment, and making sure we’re doing everything we can to protect consumer privacy."

Outside of legislation, there's not a whole lot being done to ensure the millions of devices we've connected to the internet annually have reasonable security and privacy safeguards in general. Like so many issues, the IOT industry doesn't much care -- they're on to selling the next greatest thing and have little interest in retroactive security and privacy updates. Consumers often don't care -- in part because they're completely clueless to the scope of the problem (especially if functionality is hidden). And lobbying ensures government usually doesn't much care either.

That has left much of the problem in the laps of consumer groups, researchers, and activists, though many of these efforts (like Consumer Reports quest to shame companies for bad security and privacy practices in product reviews) can only accomplish so much without industry and government's help. Ultimately this just means we're going to see a lot more hacking, privacy violations, and related scandals (and even potentially tragedies) before we start taking the problem of IOT privacy, security, and transparency seriously.

Filed Under: assistant, cameras, cory gardner, hidden microphones, iot, microphones, privacy
Companies: google


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • This comment has been flagged by the community. Click here to show it
    identicon
    Stoopnocracy is Peachy (film: International House), 16 Oct 2019 @ 2:01pm

    This time you DO mention GOOGLE because can't avoid it.

    Just gives you opportunity to NOT mention others, such as AMAZON, which should be unavoidable on this topic. -- And of course the key aspect is corporatism and surveillance capitalism, which you're for.

    Ultimately this just means we're going to see a lot more hacking, privacy violations, and related scandals (and even potentially tragedies) before we start taking the problem of IOT privacy, security, and transparency seriously.

    So, passive whimpering is YOUR "ultimate". Just wait for DOOM to be delivered by corporate actors. No action, not even protest. -- And I think I'm a pessimist!

    This is just another story you run long after everyone else, and not at all excited, just state "resign yourself to more of same".

    Don't ever dare call yourselves "activists", Techdirt!

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Oct 2019 @ 2:06pm

      Re: This time you DO mention GOOGLE because can't avoid it.

      I'm curious if there was anything Techdirt could possibly write that you wouldn't attack and pretend supports your strawman version of what Techdirt believes? You complain for years that they don't ever attack Google (despite them constantly doing so) and then you mock them for getting to the story and not mentioning Amazon (a company techdirt regularly complains about). You insist that they support coparatism, despite them regularly calling out bad behavior by big companies (and ignoring that you regularly support "corporatism" in the form of abusive copyright laws that allow big companies to censor free speech by abusing the law).

      So, honestly, what would Techdirt write that would have you agree with them?

      reply to this | link to this | view in chronology ]

      • icon
        Wyrm (profile), 16 Oct 2019 @ 2:43pm

        Re: Re: This time you DO mention GOOGLE because can't avoid it.

        So, honestly, what would Techdirt write that would have you agree with them?

        "We apologize for our stance as Big Tech shills all those years and are closing down this partisan website today."

        :D

        Then again, he might be able to rant about this too.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Oct 2019 @ 2:30pm

      Re: This time the truth will set you free

      Why can’t you just admit you lied when you said oud never darken our doorstep again bro?

      reply to this | link to this | view in chronology ]

    • icon
      Gary (profile), 16 Oct 2019 @ 4:14pm

      Re: This time you invoke Common Law

      Don't ever dare call yourselves "activists"

      Please go back to your "Common Law Court" where you can enjoy your "Midwest" values Blue Balls. All you care about is your racist adgenda.

      https://www.splcenter.org/fighting-hate/intelligence-report/1998/hate-group-expert-daniel-l evitas-discusses-posse-comitatus-christian-identity-movement-and

      reply to this | link to this | view in chronology ]

  • icon
    radix (profile), 16 Oct 2019 @ 2:07pm

    They aren't perfect, but I think food nutrition labeling requirements are a good model to start with on this front.

    Standardized fonts, colors, and sizes in a conspicuous place on the exterior packaging that state clearly whether there are cameras, microphones, and wifi or other antennas. You could even add in some (audited) power consumption stats for operating and standby modes while we're there.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Oct 2019 @ 2:27pm

      Re:

      It would also be nice to disclose if a piece of hardware requires the ability to connect to an online server to function as advertised on the box. This goes for things like computers as much as for doorbells and thermostats.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Oct 2019 @ 2:53pm

      Re:

      I think food nutrition labeling requirements are a good model to start with on this front.

      WARNING: This product was produced in a facility that contains terrible software.

      reply to this | link to this | view in chronology ]

  • identicon
    A Guy, 16 Oct 2019 @ 2:29pm

    I'm not saying it's a bad idea but I would bet that consumers could just class-action, or if there's an arbitration clause, petition to get a fraud prosecution launched against the retailer/manufacturer that did it already.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 16 Oct 2019 @ 2:34pm

    Another on the list of 'Solutions that shouldn't be needed.'

    The fact that a law like this is actually needed is just all sorts of messed up, and I would hope that it will sail clean through as a result. People should not have to wonder if a particular device has a mic and/or camera on it, that should be presented up-front and told to them well before purchase so they can make an informed decision on whether or not they want it in their house/on their body.

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    icon
    Zof (profile), 16 Oct 2019 @ 2:42pm

    All I'm going to say about this,

    is the technology to discover hidden microphones and cameras is stupidly simple. Simple to the point that you'll never be able to design a camera or microphone that can't be detected. Easily. It's a few second to 10 second affair with some very common and cheap (comparatively) scientific/industrial devices/instruments. Things most builder/maker type folks probably already have.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Oct 2019 @ 2:46pm

      Re: All I'm going to say about this,

      do continue

      reply to this | link to this | view in chronology ]

    • icon
      Wyrm (profile), 16 Oct 2019 @ 2:47pm

      Re: All I'm going to say about this,

      That might not work as long as the microphone or camera is left inactive.
      Like for a few years, until they sold enough of their spy devices and decide it's finally time to turn them on.

      reply to this | link to this | view in chronology ]

      • icon
        Zof (profile), 16 Oct 2019 @ 2:55pm

        Re: Re: All I'm going to say about this,

        Most of them employ motion detection. So... you set up a simple emissions detection circuit in... anything. Then leave, and come back, and check the logs. Boom, you'll know if you are bugged immediately. You'll detect the emission from the bug.

        reply to this | link to this | view in chronology ]

        • icon
          Wyrm (profile), 16 Oct 2019 @ 3:04pm

          Re: Re: Re: All I'm going to say about this,

          The example in the article is different. The microphone was left inactive. Not waiting for a trigger (motion, schedule) but for a full firmware update. The microphone was not recording nor transmitting anything for years.
          So you buy your product, test it, nothing is found short of actually opening the device to physically look for microphone.
          Then, a year later, firmware update and "Boom", you're spied on unknowingly... unless you regularly test all your devices just for this kind of case.

          reply to this | link to this | view in chronology ]

          • icon
            Zof (profile), 16 Oct 2019 @ 3:08pm

            Re: Re: Re: Re: All I'm going to say about this,

            So, you can always win. You always have the upper hand. All you have to do is suspect a bug, and it's over for them if you really think about it. The only option a would-be bugger has is trying to hide your signal in other loud noise. But even then, a dedicated person is going to be able to weed you out.

            reply to this | link to this | view in chronology ]

      • icon
        Zof (profile), 16 Oct 2019 @ 3:04pm

        Re: Re: All I'm going to say about this,

        It's a null logic thing. Finding something talkative, that talks with conditions that it can not avoid, is ridiculously easy to find. The kind of technology necessary to avoid detection simply does not exist with our science. It would have to be able to draw energy without being detected, use energy without being detected, transmit data with sufficient strength to penetrate walls, meaning it's going to be on very defined frequencies out of sheer necessity. Even if ALIENS with superior technology were bugging you, they'd not be able to get around the fact that only certain very defined frequencies would need to be used to transmit, and they'd have NO WAY AT ALL to stop you from looking for those transmissions.

        When you really think about the situation, logically, it's crazy easy to detect bugs if you suspect them. It's all exploiting the necessary design features they need in order to function at all.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Oct 2019 @ 2:50pm

      Re: All I'm going to say about this,

      the technology to discover hidden microphones and cameras is stupidly simple

      Not so much now that we know all kinds of things that aren't cameras and microphones per se can be used as them. An accelerometer has been used as a microphone, a wifi chip as a camera, in recent research papers. Speakers worked as microphones decades ago.

      reply to this | link to this | view in chronology ]

      • identicon
        bobob, 17 Oct 2019 @ 7:12am

        Re: Re: All I'm going to say about this,

        I'd like to see the reference to the wifi chip as a camera. The accelerometer as a microphone is not hard to imagine, though.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 17 Oct 2019 @ 9:10am

          Re: Re: Re: All I'm going to say about this,

          Wi-Vi: See Through Walls with Wi-Fi Signals (Adib; Katabi — 2013)

          Why is Seeing Through Walls Possible?
          The concept underlying seeing through opaque obstacles is similar to radar and sonar imaging. Specifically, when faced with a non-metallic wall, a fraction of the RF signal would penetrate the wall, reflect off objects and humans, and come back imprinted with a signature of what is inside a closed room. By capturing these reflections, we can image objects behind a wall.

          (Presumably, more recent wifi chips with more directional antennae will make this easier.)

          reply to this | link to this | view in chronology ]

          • identicon
            bobob, 17 Oct 2019 @ 11:35am

            Re: Re: Re: Re: All I'm going to say about this,

            Thanks for the link. However, I think calling that a camera is stretching it quite a bit. If you look at the "Evaluations" section, there are screenshots of the type of signals one sees. "Motion Sensor" might be a better description even if it can do a little better than just detect motion.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 17 Oct 2019 @ 12:44pm

              Re: Re: Re: Re: Re: All I'm going to say about this,

              On the other hand, it can see through walls—unlike an actual camera—and that's from 6 years ago. It's a stretch much as the accelerometer as microphone (its audio quality was not good), but these attacks do tend to get stronger over time. The first cameras were bad too.

              reply to this | link to this | view in chronology ]

    • icon
      Zof (profile), 16 Oct 2019 @ 2:53pm

      Re: All I'm going to say about this,

      My favorite cheap bug detector: a spark gap emitter along with a channel hopping fm receiver circuit. You can build something yourself crazy cheap with a TDA7000, or just get a cheap multi frequency scanner. You'll hear an echo after your sparkgap. Even if it's (common now) encrypted radio from the bug to the endpoint, you'll see/hear the "hop". More importantly, you can set any modern chip to stop on signal in the noise. Typically modern hidden transmitters have channel hopping, and you can find it hopping channels if you are looking for that pop. It's not going to hop channels so fast that you can't hear a few before it does. The fun thing is, once you've found the 3 or 4 channels it hops between, you can identify the type of bug. It's like a fingerprint.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Oct 2019 @ 3:58pm

      Re: All I'm going to say about this,

      Those techniques are not so useful for Internet connected devices, which you will expect to be sending packets over your WiFi.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Oct 2019 @ 2:47pm

    So how about someone introducing a bill that gives people back the right that the stupid courts took away, that when you buy something, paying out godd, honest, hard earned cadh, you actually DO own whatever the 'it' is? The judge(s) who took that right away must have been pain one hell of a lot!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Oct 2019 @ 3:13pm

    Great, but will it come with a government spying label?

    What about the massive amount of data mining and spying from government entities like the ones revealed by Wikileaks? I don't think the government will pass any laws that will stop their own activities.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Oct 2019 @ 3:53pm

    Whatever happened to the criminal code regarding the clandestine recording of sound and/or video on private property and without the private party's knowledge or consent?
    I suppose the EULA/TOS that you unknowingly "agree" to at purchase covers this thoroughly. As always, buyer beware.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Oct 2019 @ 4:47pm

    Cops are head crackers not thinkers.

    Why would anyone believe that cops have any intelligence is beyond me.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Oct 2019 @ 5:51pm

    I just refuse to buy any hardware from Google. They're going to spy on me any and all ways. So if I get a NEST, they know what Temp I like. It senses movement so they know when someone is walking by it and are home. The same goes with their Alarm. The Mic, Not a fan at all, but now they know when you are coming and going. Add this stuff to your Android phone and Google services that you use, and now they know you better than you know yourself. No thanks!!!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Oct 2019 @ 3:21am

    PP in our Homes Act That's taking it from spying to flashing, isn't it?

    reply to this | link to this | view in chronology ]

  • identicon
    bobob, 17 Oct 2019 @ 6:59am

    Here is a technologically lowbrow solution here. It's known as wire cutters (or a soldering iron). A barely more advanced solution involves a really old device called a "switch." Get acquainted with technology or technology will get acquainted with you.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Oct 2019 @ 9:37am

    Can someone please help me understand this situation better, because I'm a bit lost.

    Nest was independent before they were bought by Google, correct? Were the microphones in the thermostats then?

    I'm not defending Google for not knowing, but I sure would like to know when the microphones were introduced.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.