Pando

Norman Bates 2.0: Starwood and Wynn are excited to hide a camera and microphone in your hotel room

By Paul Bradley Carr , written on December 21, 2016

From The Surveillance Valley Desk

Hello from London! I’m back in my homeland for the first time in two years, visiting family and renewing my European passport before the end of the world.

I’m pleased to report that little has changed since my last visit, Brexit notwithstanding. There seems to be a slightly uptick in the tech industry. Everyone is very excited about AI, and there has been a mushrooming of tech incubators, funded apparently by Russian and other City of London cash that needs a home and a tax break. Also, Amazon now offers same and next day delivery over here, and is apparently building drones in the countryside.

These are the positive tech changes.

For a less positive one, I had to look no further than the hotel room (a Starwood, it doesn’t matter which) in which I spent my first couple of nights in town. There I found something that would make George Orwell spin in his grave.

After spending twenty minutes or more hunting for the TV remote I finally spotted what seemed to be a cellphone charging in a cradle next to the bed. In fact it turned out to be a “mini tablet” offering various in-room services, and also a handy map of local London attractions. The idea is I’d take it with me around the city and then return with it to the hotel room every night where it would sit charging next to the bed.

All very cute and pointless.

Except. Closer examination revealed that, like most phones, this in-room remote thing had a tiny camera on the outer rim. A rim, which you’ll recall, was supposed to sit pointing at my bed. There was no indication of what the camera was for. No easy way to figure out what software was installed on the door. Just a blithe assumption by hotel management that thousands of guests every year would be cool having a camera pointed at their bed 24 hours a day, and that they’d trust the device and software makers not to, yunno, switch the thing on like some kind of post-Millennial Norman Bates.

After safely shutting the thing in a drawer, and setting myself a reminder to replace it on check out so they didn’t charge me for stealing it, I spent a few minutes trying to find out more about the weird bedside spy devices. They seemed to be made by a company called “Handy” and, according to the company’s website, “Top hotel brands on every continent around the world are already using Handy to drive revenues and customer loyalty.”

Sure enough, the company boasts an impressive client list including: Sofitel, St Regis, Hyatt, Ritz-Carlton, Sheraton, W, Intercontinental, Marriott, Holiday Inn, and Le Meridien. What you won’t find anywhere on the site, though, is anything resembling a privacy policy.

According to Crunchbase, Handy is produced by a Hong Kong based company called Tink Labs, which earlier this year raised $128m from ex-Google China head Kaifu Lee. The custom devices are produced by Taiwan-based Foxconn which, of course, is most famous for driving its employees to suicide, so nothing to worry about there.

Tink aims to have one million Handy devices operational in hotel rooms - one million cameras pointing at one million beds - by the end of 2017. But they’ll have to move fast: They have some serious competition in the fast-growing  “creepily spying on hotel guests” category.

Just last week, Wynn excitedly announced that it was putting Amazon Echos in each of its Las Vegas hotel rooms. As you likely know, the Echo is a personal assistant device which listens for certain commands which it then sends to Amazon’s cloud for processing. The device is supposed to lie dormant the rest of the time, but has been known to accidentally activate and send snippets of private conversations, and other background noise, to Amazon. Also, as the Verge points out: “The hotel doesn’t mention any security precautions it plans to take for the Echo, like automatically wiping the device’s history between guests.”

The announcement of an Amazon microphone in every hotel room comes just as Amazon boss Jeff Bezos met with Donald Trump and promised to help set tech policy for his administration. The appearance of a Handy video camera in my London hotel comes just weeks after a new “snooper”  law was passed which gives the intelligence services unprecedented new powers to monitor British citizens and their data, all in the name of combatting terrorism.

There are so many questions raised by Handy and Echos in our hotel rooms. But here are just a few:

Even assuming that no one at Handy goes rogue and switches on all those million cameras for his or her own amusement or profit (a big assumption given what we now know about misuse of Uber data by that company’s employees) how can the company possible be sure that hackers won’t be able to do the same? Or a state actor? Or law enforcement with a warrant? How do we know Jeff Bezos’ new BFFship with Donald Trump, not to mention Amazon’s multi-million dollar contract with the CIA, won’t one day expand to include keeping a watchful ear on Echo owners?

I only paid any attention to the “Handy” because I was looking for the remote control and because I have something of a professional interest in this kind of thing. How many guests don’t even notice the existence of a tiny camera or microphone in their room?

When did it become ok to expose millions of people to that kind of privacy risk?

Moreover, when did it become a selling point?