Anyone pumped for this week’s launch of Google’s Home Hub might want to temper their excitement. A smart home is a surveilled home. That’s been the concern of privacy activists since citizens started lighting up their abodes with so-called “smart” tech in recent years.
Take Google’s current smart home division, Nest Labs. It’s been told to hand over data on 300 separate occasions since 2015. That’s according to a little-documented transparency report from Nest, launched a year after the $3.2 billion Google acquisition. The report shows around 60 requests for data were received by Google’s unit in the first half of this year alone. In all those cases recorded from 2015 onwards, governments have sought data on as many as 525 different Nest account holders.
On Friday Forbes revealed the first known case in the U.S. where Nest handed over surveillance feeds and customer data from its cameras. Indeed, it appears to be the first documented case of Nest assisting law enforcement in such a manner anywhere in the world. The information was provided to investigators looking into a $1.2 million fraud, perpetrated by a rap crew that had taken control of surveillance technology tracking 95% of Americans.
The Nest transparency report isn’t as detailed as its parent company’s, or those of other tech giants like Facebook, Microsoft and Twitter. It doesn’t give specific numbers on data requests, for instance, only a bar chart where the user is left to guess at precise figures. It also doesn’t drill down what countries made what requests. Nest didn’t respond to requests for more specific data.
It’s clear Nest does hand over information in many cases where it’s asked, but in most it doesn’t. In the first half of 2018, less than 20% of requests received data in return. That’s the lowest proportion of any half year since the Google subsidiary started recording information. Back in the second half of 2015, the proportion was up at nearly 60%.
“If a US government agency presented us with a search warrant to investigate a crime they think was captured on a Nest Cam, we wouldn’t just hand over user data,” Nest says on its transparency report page. “We’d analyze the request to be sure the warrant wasn’t overly broad, then we’d make sure the information they requested was within the scope of the warrant.”
The company also noted it has never received a National Security Letter. Such NSLs are typically filed by intelligence agencies looking for company data. They also normally come with a gag order preventing businesses from revealing their very existence. That means that if Nest ever removes its disclaimer that it hasn’t received an NSL, it likely has been sent one.
With a lack of specificity within Nest’s own reporting on government data grabs, users could be forgiven for asking for more. They may not even know that Nest is handing over customer information in the first place.
Greg Nojeim, senior counsel for the Center for Democracy and Technology, said that whilst it was positive the feds required a warrant in the case uncovered by Forbes, customers could be better informed on what’s happening with their privacy.
“Because Nest data includes sensitive content about happened in a home, Google was right to require that the government obtain a warrant in order to gain access to it,” Nojeim said.
“People who use Nest must be told that very private information about what is happening in their homes is being recorded and could be shared, without prior notice, with law-enforcement when it obtains proper legal process.
“Google should also inform users of its data retention policies and, in the case of sensitive Nest data, dispose of it in a short time frame that is noticed to users.”
Other smart home tech has been of use to cops, though there remain few examples. In 2016, Amazon was served with a search warrant demanding recordings from an Echo device in the trial of James Andrew Bates, who was accused of murder. Amazon fought the order, but gave up the ghost in early 2017, handing over what recordings it had. The case against Bates was later dismissed.