Kelly Fitzsimmons

What Exactly is OK (for) Google? - Shared Assessments

Every day, voice recognition gets better. And every day, more of us start talking to our devices instead of typing. Although voice recognition technology is still in its infancy, voice is proving itself to be faster and easier than typing on our increasingly tiny devices.

And with this change, a new world of privacy concerns emerges.

Whether we recognize it or not, we have the ability to be recorded – without our knowledge or consent — during our most intimate conversations and times. We are, after all, carrying around high quality recording devices with us 24/7.

We live in a world in which our private lives can be turned inside out with the click (or misclick) of a button…

And that’s the best-case scenario.

The Blinking Light Heard Around the Privacy World

In late June, Ofer Zelig, a software developer, noticed something odd. An LED light was blinking on and off while he worked. What was disconcerting was that this light indicated that his computer’s camera and/or mic had been activated. Curious, a lengthy hunt ensued until he identified the offending program: Google’s Chrome browser.

What Zelig came to discover is that Google had a downloaded a hidden browser module that enables the audio controls for “OK Google” – its voice command interface or hotwording – to work. Following Zelig’s blog post and a tsunami of resulting concern, Google disabled the listening extension by default and noted that the system that listens for “OK Google” will no longer be download automatically in Chromium 45 and onwards.

Chromium? Yes, Chromium — the open source version of Google’s browser. This kerfuffle had to do with open source developers having proprietary (i.e., non-auditable) code downloaded to their computers, which appeared to turn on their microphones. Although the Chromium team was able to demonstrate that the code did not result in active recording, they still pulled the module as, they admitted later:

“In light of this issue, we have decided to remove the hotwording component entirely from Chromium. As it is not open source, it does not belong in the open source browser.”1

But the question remains, what about the average Chrome users?

The “OK Google” module and its automatic download will continue to be part of the standard Chrome browser. So, what stands in the way of our browsers listening to us unawares? According to Google, we must opt-in.

The real trouble here is: What does it mean to opt-in? It is easy to opt-in without understanding the full impact of that decision. Given how new the magic of voice recognition is, most of us fail to understand fully how it works – even in the vaguest of terms. We want the convenience of voice recognition, but don’t clearly understand the privacy trades that we are making.

Furthermore, “OK Google” and other voice command services provide a new vector for malware and attackers. To help protect users from these types of threats, the open source developer community is continuously auditing and refining the code base. In the truly disquieting plot twist here, Google bypassed the community’s input by packaging the “OK Google” functionality as closed or proprietary code. Instead of relying on the open source community to figure out how to best protect this feature from tapering, Google’s Chromium team chose to hide it from them.

Now, that’s a flag worth noting.

So as we assess our new risks and exposures, it’s worth spending time learning about how voice command works and how different companies handle and use recorded voice. In lieu of specific regulations and privacy laws, companies are determining their approach independently. Some tilt towards the user’s privacy while others are unquestionably tilted towards the corporations’ benefit.

Given the opportunity for overstepping, many privacy experts are calling for the use of hard (opposed to software) switches on all recording devices (e.g., webcams, microphones). A physical on/off switch and a lens cover for the webcam may be all that stands between our private lives and the outside world.

But these recommendations really miss the point. Our world is moving away from the desktops where physical switches make sense towards a wearables universe where “always listening” is an essential part of the core design.

The lines between outside and inside, fair game and overreaching will continue to blur. If we want better voice recognition, the companies that build and support it are going to be hungry for our voice data, as it’s what helps make their products superior. And without appropriate safeguards and truly informed consent, our last bastion of privacy – our spoken conversations – will be sucked up into the super slushy machine that’s feeding Silicon Valley’s data obesity problem.

So did Google overstep in this particular incident? It’s not 100% clear. Although it appears no one accidentally had put “OK Google” into listening mode and effectively wiretapped their homes as first reported, the proprietary code issue is worrying. Why hide that kind of sensitive functionality from developers? Was it a mistake or misstep? Many in the community believe it was the latter, which would certainly not be OK, Google.

If you are curious whether Google has captured any audio from you or your family, you can check out your recorded voice history here: https://history.google.com/history/audio.


This post appeared originally on August 27, 2015 on Shared Assessments' Authorities on Risk Assurance blog.  To read more on the trends, issues and challenges in the world of third party risk assurance, visit www.sharedassessments.org/blog