- Google Home enabled without the use of the "wake word"
- Conversations recorded without users knowing - and then "reviewed" by Google employees
- Evident and continued breach of Europe's GDPR privacy law
- Google's reaction? To get the whistleblower for "breach of Google's data protection policies"
Staff at the Belgian public broadcast organisation, VRT NWS (Vlaamse Radio en Televisieomroeporganisatie News) have discovered that Google employees and contractors all over the world routinely eavesdrop on audio recorded by Google Home speakers, Google's voice-activated, AI-enabled, 'virtual assistant".
The audio is recorded without the user having said the magic words, "OK Google" which is supposed to turn on Google Home in the first place and thus illicit recordings are made without either the knowledge or permission of the private individuals using Google Home or other Android devices, something that must surely be a complete breach of Europe's GDPR regulations.
It's a classic story of applied journalism. VRT reporter Tim Verheyden received over a thousand audio files from an anonymous, whistle-blowing Google contractor, whose job is to "review" audio recorded via smart speakers, handsets, security camera and domestic "smart" IoT devices. One of the recordings, captured by Google Home on a smartphone, carried the names and address of a couple from the Waasmunster area of eastern Flanders as well as the voices of their son and baby grandchild.
Tim Verheyden followed up with some investigative reporting and this resulted in the publication on Wednesday of a report showing that some 150 of the recordings he was sent were made when Google Home "incorrectly activated" them. Considerable public outrage ensued and Google found it necessary to confirm and defend the recordings on the grounds that staff and contractors listen to and transcribe and retail "just" 0.2 per cent of all Google Home interactions to "improve our automated voice-processing technology."
Can anyone believe a word of what this company says? Consumer and privacy organisations are demanding a full-blown EU investigation into Google's unadvertised attempt to circumvent GDPR law which is designed to protect private data from exploitation and which requires complete transparency on the collection, processing and use of personal information.
Only this week BA, most certainly NOT the world's favourite airline, found out that hard way that GDPR has sharp teeth. The airline was fined £183 million over a data breach that saw at least half a million BA customers having their data stolen. Hackers got into the BA's BS system and abstracted log-in, credit and debit card, flight booking details and names and addresses.
In a statement, the UK Office of the Information Commissioner (ICO) commented, "People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights." Google and its under-taxed, overweening ilk would do well to pay a bit more attention.
Time to wrap Google et al in layers of "Gafa" tape
In a statement, Google says it is setting up an investigation - into the whistle-blower. Par for the course, of course. Don't accept any responsibility, obscure anything that can be obscured and bring to bear on a small-time contractor all the legal and financial clout of a mighty global corporation because, as the statement says, the self-employed man or woman " breached Google's data protection policies."
You couldn't make it up. An arrogant company that attempts to drive a coach and horses through data protection and privacy and tax laws wants to destroy an individual who has exhibited unease about Google's dodgy practices and whose whistle-blowing has embarrassment not because Google has been secretly recording consumer's conversations but because it has been caught-out.
There is some hope though. Yesterday France became the first EU member state to pass a new law that will impose a three per cent additional tax on the total annual revenues of social media sites and technology companies "providing services" to French consumers. It won't yield much, a mere €500 million a year, which is chump change to the companies being targeted, but it is a straw in the wind and it's putting the wind up the Trump administration.
The new levy is called the "Gafa Tax" (as in Google. Apple, Facebook and Amazon) and is causing yet another rift in the lute where Europe and the US is concerned. Donald Trump has already ordered an investigation into the proposed French tax and has threatened to retaliate by imposing additional taxes on French imports to the US.
The French finance minister, Bruno Le Maire, told parliament yesterday that during a "long conversation" with the US Treasury Secretary Steven Mnuchin (why is it I always think of some creature in the Wizard of Oz whenever I hear that name?) he had been leaned on to accommodate US objections to the new tax. Le Maire told the French National Assembly., "I believe allies must resolve differences without resorting to threats. France is a sovereign country: It's decisions on tax matters are sovereign and will continue to be."
Ah, mon pauvre ami, where have you been since 2016? Attitudes to alliances and international relationships are now determined by spates of intemperate middle-of-the-night tweets that have more to do with dyspepsia than political forethought and intellectual rigour.
Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.