Tag Archives: privacy

Not OK Google

Views on privacy vary. Most people either do not think about it, or trust that big tech companies will do no harm with knowledge of your location, who your friends are, what you like to view on the internet and so on.

That truest may be shaken by disturbing revelations last week from Belgian broadcaster VRT. The report states that:

  • Google records speech heard by its Google Assistant or Google Home devices
  • Google passes on a proportion of these recordings to third parties, to assist with transcription. This is done to improve the speech recognition
  • Many of these recordings – it is not known exactly how many – are recorded unintentionally, rather being started with the “OK Google” trigger words. This could be because of some sound that the device incorrectly interprets as “OK Google”, or because of a mis-tap on a smartphone.
  • The recording are not effectively anonymised. They include addresses, names, business names and so on. Identity is often easy to work out.
  • The recordings are personal. They include medical queries, domestic arguments, even on one occasion “a woman who was in definite distress.”

Google’s response? Its main concern is to prevent future leaks of audio files, rather than with the fact that these recordings should not have been in the hands of third parties in the first place. “We are conducting a full review of our safeguards in this space to prevent misconduct like this from happening again,” says Google’s David Monsees.

Did users consent, somewhere in the miasma and dark UI patterns of “Accept” buttons that now bombard us on the web? Maybe, but I do not think this is what was expected by those users whose identifiable private moments were first recorded and then passed around by Google. They have been let down.

Google Assistant was all over IFA in Berlin. What are the implications?

Last week I attended IFA in Berlin, perhaps Europe’s biggest consumer electronics event, and was struck by the ubiquity of Google Assistant. The company spent big on promoting its digital assistant both outside and inside the venue.

image
Mach mal, Google; or in English, Go Google.

image

On the stands and in press briefings I soon lost count of who was supporting Google’s voice assistant. A few examples:

image

JBL/Harman in its earbuds

image

Lenovo with its Home Control Solutions – Lenovo also uses its own cloud and will support Amazon Alexa

image

LG with audio, TV, kitchen, home automation and more

image 

Bang & Olufsen with its smart speakers. No logo, but it is using Google Assistant both as a feature in itself (voice search and so on) and to control other audio devices.

And Sony with its TVs and more. For example, then new AF9 and ZF9 series: “Using the Google Assistant with both the AF9 and ZF9 will be even easier. Both models have built-in microphones that will free the hands; now you simply talk to the TV to find what you quickly want, or to ask the Google Assistant to play TV shows, movies, and more.*

I was only at IFA for the pre-conference press days so this is just a snapshot of what I saw; there were many more Google Assistant integrations on display, and quite a few (though not as many) for Amazon Alexa.

It is fair to say then that Google is treating this as a high priority and having considerable success in getting vendors to sign up.

What is Google Assistant?

Google Assistant really only needs three things in order to work. A microphone, to hear you. An internet connection, to send your voice input to its internet service for voice to text transcription, and then to its AI/Search service to find a suitable response. And a speaker, to output the result. You can get it as a product called Google Home but it is the software and internet service that counts.

image

Vendors of smart devices – anything that has an internet connection – can develop integrations so that Google Assistant can control them. So you can say, “Hey Google, turn on the living room light” and it will be so. Cool.

Amazon Alexa has similar features and this is Google’s main competition. Alexa was first and ties in well with Amazon services such as shopping and media. However Google has the advantage of its search services, its control of Android, and its extensive personal data derived from search, Android, Google Maps and location services, GMail and more. This means Google can do better AI and richer personalisation.

Natural language UI

Back in March I attended an AI Assistant Summit in London organised by Re-Work. One of the speakers was Yariv Adan, a Product Lead at Google Assistant.

image

I attend lots of presentations but this one made a particular impact on me. Adan believes that natural language UI is the next big technological shift. The preceding ones he identified were the Internet in the nineties and smartphones in the early years of this century. Adan envisages an era in which we no longer constantly pull out devices.

“I believe the next revolution is happening now, powered by AI. I call it the paradigm switch to natural UI. Instead of humans adapting to machines, machines adapt to humans. What we’re trying to create is we interact with machines the same way we interact with each other, in a natural way. Meaning using natural language, showing things, pointing at things, assuming context, assuming a human-like memory, expecting personality, humour, opinion, some kind of an emotional connection, empathy.

[In future] it is not the device changing, it is the device disappearing. We are not going to interact with devices any more. We are starting to interact with this AI entity, an ambient entity that exists everywhere.”

Note: If you ever read Isaac Asimov’s science fiction novels, you will recognise this as very like his Multivac computer, which hears and responds to your questions wherever you are.

“Imagine now that everything is connected, that the entity follows you. That there is no more device that you need to take out, turn on, speak to it. It’s around you, it’s on the TV, it’s in the speakers, it’s in your headphones, it’s in the watch, it’s in the auto, it’s there. Internet of things, any connected device that only has a speaker you can actually start interacting with that thing,”

said Adan.

Adan gave a number of demonstrations. Incidentally, he never uttered the words “Hey Google”. Simply, he spoke into his phone, where I presume some special version of Google Assistant was running. In particular, he was keen to show how the AI is learning about context and memory. So he asked what is the largest castle in the UK where people live. Answer: Windsor Castle. Then, Who built it? When? Is it open now? How can I get there by public transport? What about food? In each case, the Assistant answered as a human would, understanding that the topic was Windsor Castle. “I found some restaurants within 0.4 miles,” said the Assistant, betraying a touch of computer-style logic.

“Thank you you’re awesome,” says Adan. “Not a problem”, responds the Assistant. This is an example of personality or emotion, key factors, said Adan, in making interaction natural.

Adan also talked about personalisation. “Show me my flight”. The Assistant knows he is away from home and also has access to his mailbox, from where it has parse flight details. So it answers this generic question with specific details about tomorrow’s flight to Zurich.

“Where did I park my car?” In this case, Adan had taken a picture of his car after parking. The Assistant knew the location of the picture and was able to show both the image and its place on a map.

“I want to show how we use some of that power for the ecosystem that we have built … we’re trying to make that revolution to a place where you don’t need to think about the machine any more, where you just interact in a way that is natural. I am optimistic, I think the revolution is happening now.”

Implications and unintended consequences

An earlier speaker at the Re-Work event (sorry I forget who it was) noted that voice systems give simplified results compared to text-based searches. Often you only get one result. Back in the nineties, we used to talk about “10 blue links” as the typical result of a search. This meant that you had some sort of choice about where you clicked, and an easy way to get several different perspectives. Getting just one result is great if the answer is purely factual and is correct, but reinforces the winner-takes-all tendency. Instead of being on the first page of results, you have to be top. Or possibly pay for advertising; that aspect has not yet emerged in the voice assistant world.

If we get into the habit of shopping via voice assistants, it will be disruptive for brands. Maybe Amazon Basics will do well, if users simply say “get me some A4 paper” rather than specifying a brand. Maybe more and more decisions will be taken for you. “Get me a takeaway dinner”, perhaps, with the assistant knowing both what you like, and what you ate yesterday and the day before.

All this is speculation, but it is obvious that a shift from screens to voice for both transactions and information will have consequences for vendors and information providers; and that probably it will tend to reduce rather than increase diversity.

What about your personal data? This is a big question and one that the industry hates to talk about. I heard nothing about it at IFA. The assumption was that if you could turn on a light, or play some music, without leaving your chair, that must be a good thing. Yet, having a device or devices in your home listening to your every word (in case you might say “Hey Google”) is something that makes me uncomfortable. I do not want Google reading my emails or tracking my location, but it is becoming hard to avoid.

For most people, Google Assistant will just be a feature of their TV, or audio system, or a way to call up recipes in the kitchen.

From Google’s perspective though, it is safe to assume that the ability to collect data is a key reason for its strong promotion and drive behind Google Assistant. That data has enormous value. Targeted advertising is the start, but it also provides deep insight into how we live, trends in human behaviour, changing patterns of consumption, and much more. When things are going wrong with our health, our finances or our relationships, it is not implausible that Google may know before we do.

This is a lot of power to give a giant US corporation; and we should also note that in some scenarios, if the US government were to demand that data be handed over, a company like Google has no choice but to comply.

Personalisation can make our lives better, but also has the potential to harm us. An area of concern is that of shared risk, such as health insurance. Insurers may be reluctant to give policies to those people most likely to make a claim. Could Google’s data store somehow end up impacting our ability to insure, or its cost?

Personalisation is always a trade-off. Organisation gets my data; I get a benefit. I shop at a supermarket and this is fairly transparent. I use a loyalty card so the shop knows what I buy; in return I get discount points and special offers.

In the case of Google Assistant it is not so transparent. The EU’s GDPR legislation has helped, giving citizens the right to access their data and the right to be forgotten. However, we are still in the era of one-sided privacy policies and in many cases the binary choice of agree, or do not use our services. This becomes a problem if the service provider has anything close to a monopoly, which is true in Google’s case. Regulation, it seems to me, is exactly the right answer to the risks inherent in putting too much power in the hands of a business entity.

For myself, I am happy to cross the room and turn on the light, and to find my flight in my calendar. The trade-off is not worth it. But if Adan’s “ambient entity” comes to pass (which is actually most likely Google) I am not sure of the extent to which I will have a choice.

Adan’s work is terrific and the ability for machines to converse with humans in something close to a natural way is a huge technical achievement. I have nothing but respect for him and his team. It is part of a wider picture though, about data gathering, personalisation, and control of information and transactions, and it seems to me that this deserves more attention.

Manage your privacy online through cookie settings? You must be joking.

Since the deadline passed for the enforcement of the EU’s GDPR (General Data Protection Register) most major web sites have revamped their privacy settings with new privacy policies and more options for controlling how your personal data is used. Unfortunately, the options offered are in many cases too obscure, too complex and too time-consuming to be of any practical value.

Recital 32 of the GDPR says:

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data … this could include ticking a box when visiting an internet website … silence, pre-ticked boxes or inactivity should not indicate consent.

I am sure the controls on offer via major web properties are the outcome of legal advice; at the same time, as a non-legal person I struggle on occasion to see how they meet the requirements or the spirit of the legislation. For example, another part of Recital 32 says:

… the request must be clear, concise, and not unnecessarily disruptive to the use of the service for which it is provided.

This post describes what I get if I go to technology news site zdnet.com and it detects that I have not agreed to its cookie management.

Note: before I continue, let me emphasize that there is lots of great content on zdnet, some written by people I know; the site as far as I know is doing its best to make business sense of providing such content, in what has become a hostile environment for professional journalism. I would like to see fundamental change in this environment but that is just wishful thinking.

That said, this is one of the worst experiences I have found for privacy-seeking users. Here is the initial banner:

image

Naturally I click Manage Settings.

Now I get a scrolling dialog from CBS Interactive, with a scroll gadget that indicates that this is a loooong document:

image

There is also some puzzling news. There are a bunch of third-parties whose cookies are apparently necessary for “our sites, products and services to function correctly.” These include cookies for analytics and also for Google ad-serving. I am not clear why these third-parties perform functions which are necessary to read a technical news site, but there we are.

I scroll down and reach a button that lets me opt out of being tracked by the third party advertisers using zdnet.com, or so it seems:

image

I want to opt out, so I click. Some of the options below are unchecked, but not many. Most of the options say “Opt out through company”.

It also seems pretty technical to me. Am I meant to understand what a “Demand Side Platform” is?

image

I counted the number of links that say “opt out through company”. There are 63 of them.

I click the first one, called Adform. Naturally, the first thing I see is a request to agree (or at least click OK to) their Cookie Policy.

image

I click to read the policy (remember this is only the first of 63 sites I have to visit). I am not offered any sort of settings, but invited to visit youronlinechoices or aboutads.info.

image

Well, I don’t want anything to do with Adform and don’t intend to return to the site. Maybe I can ignore the Adform Cookie Policy and just focus on the opt-out button above it.

image

Currently I am “Opted-in”. This is a lie, I have never opted in. Rather, I have failed to opt out, until I click the button. Opting out will in fact set a cookie, so that Adform knows I have opted out. I am also reminded that this opt out only applies to this particular browser on this particular device. On all other browsers and/or devices, I will still be “opted in”.

OK, one down, 62 to go. However scrolling further down the list I get some bad news:

image

In some cases, it seems, “this partner does not provide a cookie opt-out”. The best I can do is to “visit their privacy policy for more information”. This will require a search, since the link is not clickable.

How to control your privacy

What should you do if you do not want to be tracked? Attempting to follow the industry-provided opt-outs is just hopeless. It is mostly PR and attempting to tick legal boxes.

If you do not want to be tracked, use a VPN, use ad blockers, and delete all cookies at the end of each browsing session. This will be tedious for you though, since your browsing experience will be one of constant “I agree” dialogs, some of which you may be able to ignore, or others for which you have to click I Agree or endure a myriad of semi-functional links and settings,

Maybe the EU GDPR legislation is unreasonable. Maybe we have been backed into this corner by allowing the internet to be dominated by a few giant companies. All we can state for sure is that the current situation is hopelessly broken, from a privacy and usability perspective.

The price of free Wi-Fi, and is it a fair deal?

Here we are in a pub trying to get on the Wi-Fi. The good news: it is free:

image

But the provider wants my mobile number. I am a little wary. I hate being called on my mobile, other than by people I want to hear from. Let’s have a look at the T&C. Luckily, this really is free:

image

But everything has a cost, right? Let’s have a look at that “privacy” policy. I put privacy in quotes because in reality such policies are often bad news for your privacy:

Screenshot_20180211-141004

Now we get to the heart of it. And I don’t like it. Here we go:

“You also agree to information about you and your use of the Service including, but not limited to, how you conduct your account being used, analysed and assessed by us and the other parties identified in the paragraph above and selected third parties for marketing purposes”

[You give permission to us and to everyone else in the world that we choose to use your data for marketing]

“…including, amongst other things, to identify and offer you by phone, post, our mobile network, your mobile phone, email, text (SMS), media messaging, automated dialling equipment or other means, any further products, services and offers which we think might interest you.”

[You give permission for us to spam you with phone calls, texts, emails, automated dialling and any other means we can think of]

“…If you do not wish your details to be used for marketing purposes, please write to The Data Controller, Telefönica UK Limited, 260 Bath Road, Slough, SLI 4DX stating your full name, address, account number and mobile phone number.”

[You can only escape by writing to us with old-fashioned pen and paper and a stamp and note you have to include your account number for the account that you likely have no clue you even have; and even then, who is to say whether those selected third parties will treat your personal details with equal care and concern?]

A fair deal?

You get free Wi-Fi, O2 gets the right to spam you forever. A fair deal? It could be OK. Maybe there won’t in fact be much spam. And since you only give your mobile number, you probably won’t get email spam (unless some heartless organisation has a database linking the two, or you are persuaded to divulge it).

In the end it is not the deal itself I object to; that is my (and your) decision to make. What I dislike is that the terms are hidden. Note that the thing you are likely to care about is clause 26 and you have to not only view the terms but scroll right down in order to find it.

Any why the opt-out by post only? There is only one reason I can think of. To make it difficult.

Privacy and online data sharing is a journey into the unknown: report from QCon London

I’m at QCon London, an annual developer conference which is among my favourites thanks to its vendor-neutral content.

One session which stood out for me was from Robin Wilton, Director for Identity and Privacy at the Internet Society, who spoke on “Understanding and managing your Digital Footprint”. I should report dissatisfaction, in that we only skated the surface of “understanding” and got nowhere close to “managing”. I will give him a pass though, for his eloquent refutation of the common assumption that privacy is unimportant if you are doing nothing wrong. If you have nothing to hide you are not a social being, countered Wilton, explaining that humans interact by choosing what to reveal about themselves. Loss of privacy leads to loss of other rights.

image

In what struck me as a bleak talk, Wilton described the bargain we make in using online services (our data in exchange for utility) and explained our difficulty in assessing the risks of what we share online and even offline (such as via cameras, loyalty cards and so on). Since the risks are remote in time and place, we cannot evaluate them. We have no control over what we share beyond “first disclosure”. The recipients of our data do not necessarily serve our interests, but rather their own. Paying for a service is no guarantee of data protection. We lack the means to separate work and personal data; you set up a LinkedIn account for business, but then your personal friends find it and ask to be contacts.

Lest we underestimate the amount of data held on us by entities such as Facebook and Google, Wilton reminded us of Max Schrems, who made a Subject Access Request to Facebook and received 1200 pages of data.

When it came to managing our digital footprint though, Wilton had little to offer beyond vague encouragement to increase awareness and take care out there.

Speaking to Wilton after the talk, I suggested an analogy with climate change or pollution, on the basis that we know we are not doing it right, but are incapable of correcting it and can only work towards mitigation of whatever known and unknown problems we are creating for ourselves.

Another issue is that our data is held by large commercial entities with strong lobbying teams and there is little chance of effective legislation to control them; instead we get futility like the EU cookie legislation.

There is another side to this, which Wilton did not bring out, concerning the benefit to us of sharing our data both on a micro level (we get Google Now) or aggregated (we may cure diseases). This is arguably the next revolution in personal computing; or put another way, maybe the bargain is to our advantage after all.

That said, I do not believe we have enough evidence to make this judgment and much depends on how trustworthy those big commercial entities prove to be in the long term.

Good to see this discussed at Qcon, despite a relatively small attendance at Wilton’s talk.

Privacy, Google Now, Scroogled, and the connected world

2013 saw the launch of Google Now, a service which aspires to alert you to information you care about at just the right time. Rather than mechanical reminders of events 15 minutes before start time, Google Now promises to take into account location, when you are likely to have to leave to arrive where you want to be, and personal preferences. Much of its intelligence is inferred from what Google knows about you through your browsing patterns, searches, location, social media connections and interactions, and (following Google’s acquisition of Nest, which makes home monitoring kit) who knows what other data that might be gathered.

It is obvious that users are being invited to make a deal. Broadly, the offer is that if you hand over as much of your personal data to Google as you can bear, then in return you will get services that will make your life easier. The price you pay, loss of privacy aside, is more targeted advertising.

There could be other hidden costs. Insurance is one that intrigues me. If insurance companies know everything about you, they may be able to predict more accurately what bad things are likely to happen to you and make insuring against them prohibitively expensive.

Another issue is that the more you use Google Now, the more benefit there is in using Google services versus their competitors. This is another example of the winner-takes-all effect which is commonplace in computing, though it is a different mechanism. It is similar to the competitive advantage Google has already won in search: it has more data, therefore it can more easily refine and personalise search results, therefore it gets more data. However this advantage is now extended to calendar, smartphone, social media, online shopping and other functions. I would expect more future debate on whether it is fair for one company to hold all these data. I have argued before about Google and the case for regulation.

This is all relatively new, and there may be – probably are – other downsides that we have not thought of.

Microsoft in 2013 chose to highlight the privacy risks (among other claimed deficiencies) of engaging with Google through its Scroogled campaign.

image

Some of the concerns raised are valid; but Microsoft is the wrong entity to do this, and the campaign betrays its concern over more mundane risks like losing business: Windows to Android or Chrome OS, Office to Google Docs, and so on. Negative advertising rarely impresses, and I doubt that Scroogled will do much either to promote Microsoft’s services or to disrupt Google. It is also rather an embarrassment.

The red box above suits my theme though. What comes to mind is what in hindsight is one of the most amusing examples of wrong-headed legislation in history. In 1865 the British Parliament passed the first of three Locomotive Acts regulating “road locomotives” or horseless carriages. It limited speed to 4 mph in the country and 2 mph in the town, and required a man carrying a red flag to walk in front of certain types of vehicles.

red-flag

The reason this is so amusing is that having someone walk in front of a motorised vehicle limits the speed of the vehicle to that of the pedestrian, negating its chief benefit.

How could legislators be so stupid? The answer is that they were not stupid and they correctly identified real risks. Motor vehicles can and do cause death and mayhem. They have changed our landscape, in many ways for the worse, and caused untold pollution.

At the same time, the motor vehicle has been a huge advance in civilisation, enabling social interaction, trade and leisure opportunities that we could not now bear to lose. The legislators saw the risks, but had insufficient vision to see the benefits – except that over time, and inevitably, speed limits and other restrictions were relaxed so that motor vehicles were able to deliver the benefits of which they were capable.

My reflection is whether the fears into which the Scroogled campaign attempts to tap are similar to those of the Red Flag legislators. The debate around privacy and data sharing should not be driven by fear, but rather about how to enable the benefits while figuring out what is necessary in terms of regulation. And there is undoubtedly a need for some regulation, just as there is today for motor vehicles – speed limits, safety belts, parking restrictions and all the rest.

Returning for a moment to Microsoft: it seems to me that another risk of its Scroogling efforts is that it positions itself as the red flag rather than the horseless carriage. How is that going to look ten years from now?

Google’s privacy campaign, and three ways in which Google gets your data

Google is campaigning to reassure us that its Chrome browser is, well, no worse at recording your every move on the web than any other browser.

Using Chrome doesn’t mean sharing more information with Google than using any other browser

says a spokesman in this video, part of a series on Google Chrome & Privacy.

image

What then follows is links to four other videos describing the various ways in which Google Chrome records your web activity.

If you subtract the spin, the conclusion is that Google retrieves a large amount of data from you, especially if you stick with the default settings. Further, it is not possible as far as I know to use the browser without sending any data to your default search provider, most likely Google. The reason is the Omnibox, the combined address and search box. Here’s what Google’s Brian Rakowski says in the video on Google Chrome & Privacy – Browsers search and suggestions

For combined search and web address to work, input in the Omnibox will need to be sent to your search provider to return suggestions. If you have chosen Google as your search provider, only around 2% of the search input is logged and used to improve Google’s suggestion service. Rest assured that this data is anonymised as soon as possible within 24 hours, and you always have the option of disabling the suggest feature at any time.

However, even if you disable suggestions, what you type in the box still gets sent to your search provider if it is not a valid web address, in other words anything that is not a complete URL (though Chrome will infer the http:// prefix).

It is also worth noting that Google does not only get your data via browser features. Most web pages today are not served from a single source. They include scripts that serve data from other locations, which means that your browser requests it, which means that these other locations know your IP number, browser version and so on. Two of the most common sources for such scripts are Google AdSense (for advertising) and Google Analytics (for analysing web traffic).

Even if you contrive not to tell Google in advance where you are going, it will probably find out when you get there.

It is important to distinguish what Google can do from what it does do. Note the language in Rakowski’s explanation above. When he says input is sent to your search provider, he is describing the technology. When he says that data is anonymized as soon as possible, he is asking us to trust Google.

Note also that if you ask to send in auditors to verify that Google is successfully anonymising your data, it is likely that your request will be refused.

There are ways round all these things, but most of us have to accept that Google is getting more than enough data from us to create a detailed profile. Therefore the secondary question, of how trustworthy the company is, matters more than the first one, about how it gets the data.