Home invasion? 3 fears about Google Home

Always-listening devices accelerate our transformation into a constantly surveilled society. That's a problem not only for us but for our kids, too

I live in a Google household. Think Android tablets, Chromebooks, and Chromecast. We even stayed loyal to Google TV to the bitter end, when the Netflix app stopped loading because the OS was out of date.

Then I learned that my husband plans to add Google Home to the mix. I was not happy. 

The way I see it, we already have enough devices listening to us. In our house, that would be Android devices waiting for "OK, Google." But of course Apple's Siri started it all, Microsoft's Cortana followed suit, and Amazon has sold millions of its virtual assistant, Echo, which Google will compete directly against when it ships Home.

We don't really have a clear idea of where these voice recordings are stored, how they're protected, how long they're kept, or even who has access to them. Will they be subject to government snooping? Will advertisers mine random conversations to target me with spam?

I'm already making the necessary mental adjustments to live with a new electronic eavesdropper. But there are a few things I'd like to know first.

1. Who is Home listening to?

There's a lot we don't know about Google Home -- such as exactly how Home will be listening. If Home falls in line with previous virtual assistant efforts, it will ignore everything it hears until someone wakes it up with the "OK, Google" or a similar command.

Will it work like Android phones, which are trained to recognize a specific voice? Or maybe like Android Watch, where anyone can simply say a command? It makes sense that a device designed to be used in the living room and intended to be family-friendly would respond to multiple voices, though that free-for-all can become problematic.

Google Home will work with some home automation devices. The final list is yet to come, but it will include thermostats and lights. Personally, I don't like the idea of a visitor talking to Google Home and getting answers, streaming programs onto my TV, or controlling my thermostat. At least Chromecast requires visitors to first know the Wi-Fi network password, so I have some control over what guests can do on my network.

The Amazon Echo lights up when listening, and it can be turned on by pressing a button or using the remote. If Google Home has that option, I'll simply turn off voice recognition, so I can at least control who gets to talk to it. I wonder: Do Echo owners ever worry about friends pranking them and buying stuff off Amazon using Echo?

Also, what sort of controls will I have? On a computer or mobile device, I can implement parental controls and restrict what my kids do and see. I can use incognito mode or private browsing on the Web browser to minimize online tracking. It's going to be much harder to restrict what kind of responses my kids receive from Google Home. I somehow doubt Google will curate responses to ensure Home's answers are G-rated.

2. Does Home comply with the law?

Promotions for both Amazon Echo and Google Home show kids speaking to the devices. Am I the only one who thinks machines collecting data on my kids is creepy?

Actually, I'm not alone -- the law agrees. The Children's Online Privacy Protection Act (COPPA) of 1998 regulates online services' collection and use of personal information from kids younger than 13. But virtual assistants currently fall in a gray area: Amazon, Google, and Apple lack specific rules regarding minors. To Microsoft's credit, the company prevents users under the age of 13 (as determined by the Microsoft profile) from accessing Cortana on Windows computers, smartphones, and tablets.

COPPA forbids companies from storing children's personal information -- including voice recordings -- without the explicit, verifiable consent of parents. Amazon, Google, and Apple store audio files of voice requests in the cloud, but they don't collect consent via COPPA-approved methods, such as a signed letter, video chat, phone call, or purchase with a credit card. Google cannot assume that purchasing Home automatically means consent; COPPA doesn't allow that.

One option might be that Google opts not to store recordings in the cloud at all and simply generates transcripts of requests. That would comply with COPPA. But Amazon Echo doesn't work that way, because you can hear the recordings from your account. Google currently keeps history of voice commands from its smartphones.

That's another headache. Even if I give consent for my kids, I won't be able to consent for their friends. I will have to remember to turn off Home whenever the kids have friends over.

3. Who is listening to me?

It's an open question of how much of this random recorded information law enforcement can tap into, but the precedents are not encouraging. Do you want an NSA listening post in your living room?

We don't know how much information law enforcement can tap into already, but we do know that the FBI is interested in getting access to more. Police can already access a suspect's iPhone and ask Siri (even if it is locked) for information about most recent calls, contacts, and calendar entries without a warrant. The Senate Intelligence Committee approved the 2017 Intelligence Authorization Act, which would allow the FBI to use National Security Letters (NSLs) to obtain "electronic communication transactional records," which could include email subject lines, metadata, and Web browsing history. Anyone care to venture a guess whether Home's recordings could be subject to NSLs? These letters come with a gag order, so Google won't even be able to tell me that the FBI was interested in the voice recordings.

Then there's the massive Next Generation Identification database, which contains biometric data like fingerprints, facial recognition, iris scans, and palm prints from 52 million Americans. The Next Generation Identification database doesn't include only criminal records, but information from noncriminal background checks. In addition, the FBI wants to make personal data collection exempt from the federal Privacy Act. I fear a world where my voice recordings can wind up in this system.

Yes, a wake-up command triggers the device, but listening is continuous. The only way a device knows that it "heard" the command is by taking everything it hears and comparing it against a copy of what it expects to hear. Echo's recordings supposedly stores a few seconds before and after the wake-up command, so there's clearly some recording happening. We have no information about how virtual assistants handle recordings that don't match the magic command.

When Google Home arrives, I'm hoping we'll keep it off most of the time or restrict it to one room -- no multiroom speakers for us. Who knows? Maybe privacy will prevail and we'll stick with the Android tablet/Chromecast combo to handle most of what Home offers to do. The kids can still use their very-locked-down computer under very close supervision.

Convenience is great and gadgets are fun. But the home should be safe from prying ears.

Copyright © 2016 IDG Communications, Inc.

How to choose a low-code development platform