Yesterday, Google announced its acquisition of Nest Labs — the company behind those “smart” Internet-connected thermostats. And it took only a few hours for the press to start buzzing with articles and blog posts warning us about the danger to privacy posed by Google’s entry into the “Internet of Things.”
From the Wall Street Journal to AdWeek to GigOm, the headlines all pretty much hit the same notes: “Google raises some privacy issues with Nest buy” … “When Google closes the Nest deal, privacy issues for the internet of things will hit the big time” … “Google’s Purchase of Nest Likely to Raise Privacy Questions in D.C.” … “Google’s Nest-Building May Alarm Privacy Hawks” …
Even the American Civil Liberties Union pitched in.
PrivacySOS, a blog run by ACLU’s Massachusetts chapter, reminded readers of Google’s Street View car WiFi wiretapping scandal and asked:
“Now do you want to let this company inside your home?”
Uhm… I hate to break this to the ACLU — given they’re supposed to be on the cutting edge of the privacy debate — but the thing is, Google’s already in our homes. It has been in our homes for a long, long time. And not just in our homes, but at work, in our cars and even when we’re walking down the street.
The ACLU makes it seem like Nest represents a whole new level of Google intrusiveness, when the truth is that Google’s been running a massive surveillance operation for more than a decade, intercepting terabytes of global Internet traffic every day to construct sophisticated psychological profiles on hundreds of millions of people all over the world. Google does this around the clock, surveilling us through our computers and our smartphones — whenever and wherever we are.
These days, Google’s for-profit surveillance encompasses the full spectrum of its apps and services: Google Search, YouTube, Google Drive, Google Maps and Android. But the company’s surveillance op started in earnest when Google launched Gmail in 2004.
Back then, Gmail was seen as nothing short of a miracle. It offered users one gigabyte of email storage space for free, which was hundreds of times more than offered by Yahoo or Microsoft at the time. No one knew how or why Google was able to be so generous. Many thought the company was acting out of pure self-sacrifice — to make the world a better place. Others assumed they were just out to loss-lead the competition to deal. Whatever the motivation, people rushed to sign up for Gmail.
The service seemed too good to be true, and it was.
Put simply: Gmail was a honeytrap. Gmail required people to login, which allowed Google to fix users’ identity while they searched, browsed the web and used other Google services. Equally important: Google reserved the right to scan, record and analyze its users email correspondence — and to combine that intel with other user activity.
The company claimed that it was harmless, and was only intended to serve targeted ads. But patents filed just before Google launched its Gmail revealed that the service was designed to do much more than simply match keywords to ads: Gmail’s user-facing email interface sat on top of a sophisticated surveillance tool that scanned people’s personal correspondence and built detailed profiles on everyone who came through its servers.
It’s all there in the patents: Google scans all your emails and document attachments, parsing the text for meaning, tone and concepts discussed. Email addresses are matched to real identities using information stored in your Gmail address book. Browsing and search activity — including the content of websites you visit while logged in to your Google account — is scrutinized and recorded. That information is combined and enriched with data bought from third-party intel sources to compile as full of a profile of who you are and what you do as possible.
Google wants to know your basic demographic information — your age, income, sex, race and marital status. It also tries to determine your personality type: your values, attitudes, interests and lifestyle interests.
And the scary thing is: Google doesn’t restrict the surveillance to its registered Gmail user base. The company intercepts and analyzes the private communication of anyone who emails with a Gmail user, meaning that it maintains profiles on a significant percentage of the world’s Internet population.
Google’s profiling of non-users is serious issue — and an almost certain violation of several state and federal wiretapping laws in the United States. The company is currently battling a mega class action wiretapping lawsuit related to its Gmail service.
And of course, Gmail is only the beginning.
We search through Google, browse through Google, write in Google, watch TV through Google, call through Google, use Google to drive and to plot our subway and bus routes. Many of our daily activities are funneled through Google’s surveillance servers, giving Google the capacity to know our most intimate and personal details about our lives: who we are, what we like, what we do, where we go, who we talk to, what we think about, what we’re interested in. The company knows about our sex lives, our political beliefs, our medical history, our fears and hopes and hatreds…
As far as we know, Google uses that intel mostly to provide targeted pinpointed marketing services: matching the right ad to the right pair of eyeballs at the right time. It’s a lucrative business, netting the company nearly $20 billion in profits a year.
But will Google use this data in the future? Is it using the data in other unethical ways now? We don’t know. And that’s what truly scary.
A massive database containing psychological profiles on hundreds of millions of people is an extremely valuable asset that could be used for almost anything. What happens if Google is hacked and that intel becomes public? What if it already had been hacked — by some foreign government that’s smarter than we think? How do we know that information won’t be sold down the line and end up in some private background check database that’ll be available to employers, insurance companies and anyone else willing to pay for it? What if the data falls into the hands of identity thieves and repressive dictators?
Put simply: it shouldn’t take smart thermostats to freak us out about the dangers to privacy posed by Google and other Surveillance Valley giants like Facebook and Apple. It’s been happening for years and has already reached a truly terrifying scale.
We can all agree that the Google-Nest deal is disturbing. Sure, it gives Google even more access to our data, and allows the company to expand its surveillance capabilities in another dimension. As Carmel DeAmicis and Michael Carney pointed out yesterday, “Nest products track detailed information about their users’ movements, in addition to things like a user’s WiFi IP address, and whether the specific address is a home or a business.” And that means: Nest will let Google know when you’re home, when you go to sleep, when you wake up, in what kind of home you live. We might not know what other kind of sensors will be embedded into the next generation of Google-Nest thermostats, but it’s safe to say that whatever intel Google collects will at some point be integrated into its existing profile database, and will be used to enrich the company’s understanding of who we are and what we do.
The ACLU and other news outlets make it seem like Google purchase of Nest and entry into the “Internet of Things” represents some particularly egregious risk to our privacy. In fact, freaking out about Google thermostats is like freaking out about police state repression just because your local police department installed blinking hubcaps on its patrol cars. Nest is a just one minor addition to Google’s existing intel-gathering capabilities — which have been in place for a decade without eliciting very much mainstream concern.
Want to know more? Read Yasha Levine’s “Google’s for-profit surveillance problem.”
[Illustration by Hallie Bateman for Pandodaily]