In a startling revelation, Google was accused last week of spying on its users. The source code that allows the invasive surveillance was designed to enable Chrome users to conduct Google searches by voice, activating computers’ built-in microphones to facilitate the process. However, privacy advocates noticed that the code enabled perpetual recording of users’ private conversations using the access granted from “OK Google,” the name of the hotword voice detection tool.
The stealth code was first recognized by Rick Falkvinge, the founder of the Pirate party. In a blog post, he wrote, “Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room.
“[This] means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by … an unknown and unverifiable set of conditions,” he continued.
Though the code originated in Chromium, the open source version of Chrome, Google takes source code from Chromium and adds to it to develop its own browser. As Falkvinge explained, “They silently put this new module in Chrome (or Chromium to be precise, doesn’t matter much from an end-user perspective).” This code installs the “black box” by default. “We don’t know and can’t know what this black box does,” he said.
In response to complaints on its message board, Google disputed these claims. It stated: “While we do download the hotword module on startup, we do not activate it unless you opt in to hotwording.”
Developer Ofer Zelig questioned this notion, saying “While I was working I thought ‘I’m noticing that an LED goes on and off, on the corner of my eyesight [webcam]’. And after a few times when it just seemed weird, I sat to watch for it and saw it happening. Every few seconds or so.”
Chromium’s black box tool is not subject to typical open source audits. Further, Falkvinge alleges that a hardware switch is required to disable Chrome’s surveillance capabilities.
Google was quick to categorically deny its role in spying on users. On Wednesday, a Google spokeswoman said, “We’re sure you’ll be relieved to learn we’re not listening to your conversations – nor do we want to. We’re simply giving Chrome users the ability to search hands free at their computers by saying ‘OK Google’ while on the Google homepage – and only if they choose to opt in to the feature.”
Nevertheless, Falkvinge insists that “The default install will still wiretap your room without your consent, unless you opt out, and more importantly, know that you need to opt out, which is nowhere a reasonable requirement.”
A spokesperson for mgiuca, a Google developer that builds on Chromium, said “The key here is that Chromium is not a Google product. We do not directly distribute it, or make any guarantees with respect to compliance with various open source policies.”
While it is correct that Google does not directly distribute Chromium, the open source browser is still the basis for Chrome, meaning Google incorporated Chromium’s black box code into its own platform.
Google has been a vocal opponent of NSA spying—in spite of its willingness to share swaths of private user information with the federal government. Though it has openly supported internet freedom, the implications of its apparent black box method call its principles into question. Disconnect, a U.S.-based firm that develops privacy technology, is currently suing Google over a “pattern of abusive behavior” and violating user privacy on a “massive scale.”
Such practices mirror those of the NSA, as well as those of other tech companies. Samsung’s smart TV recording device was recently accused of violating privacy laws by recording private conversations of users.
While intrusive government surveillance is a chronic national problem, it is vital to apply to private companies the same standard of scrutiny now applied to the NSA and Congress. It is a practice proving evidently effective by the measurable outrage triggered by news of Google’s black box policy.