When Amazon announced its internet-connected Amazon Key camera last year, it declined to answer questions regarding how it would respond to law enforcement requests ordering it to remotely turn on units so that they could be used as government surveillance devices. When Facebook announced its Portal camera yesterday, it raised similar questions about how government could misuse the system, which the company confirmed this morning, noting that it would cooperate with a court order to use the device for surveillance. As we increasingly stuff our homes full of state-of-the-art internet-connected surveillance equipment, should Silicon Valley build protections into the devices against government misuse?
In George Orwell’s 1984, the telescreen was omnipresent, allowing government to surveil the middle and upper classes at will through its camera and microphone. In Orwell’s world, the government bore the cost of installing and maintaining these devices and it required an army of humans watching them intermittently. Today, we ourselves purchase and pay all costs associated with blanketing our homes with them. Instead of hiding from the devices, we ensure they have the best possible vantage point from which to observe our every move and hear our every word. AI can now unceasingly monitor their microphones and cameras 24/7 or stream them live anywhere in the world. Most importantly, the devices today are operated by private global companies that can do as they please with our data, commercializing it for profit or making it available to governments upon request.
Much of the conversation around smart devices' impact on privacy has focused on how the companies that make them can mine the data they capture for commercial profit or to better sell us ads. The devices have become so integrated into our lives that we often forget just how much information they are collecting about us. For example, Portal’s privacy statement notes that the device offers an optional feature that uses the location of your mobile phone to know when you are home.
The biggest threat, however, lies not in how companies can sell us ads, but rather how their data could be misused by governments, especially repressive regimes that could use them as backdoors to conduct mass surveillance on a planetary scale.
Facebook’s recent security breach offers little confidence that it is investing sufficiently in security to ensure that its new Portal device does not have unintended vulnerabilities that could be exploited by remote attackers. This goes doubly for the myriad camera and microphone-equipped internet-connected devices we let into our homes each day from obscure third-party companies that may have little interest or experience with security. Some companies may even use their devices as loss leaders, with their real profitability coming from selling user data.
Of course, this presumes that the smart devices are not subject to supply chain attacks where the electronic sensor and circuit board assemblers might secretly install hardware spying devices that enable remote access without a trace.
The biggest threat to privacy from smart devices, however, comes from how governments will eventually wake up to their immense potential. Whether nation state actors like NSA find remote vulnerabilities that allow them to turn on vulnerable devices’ microphones and cameras at will or whether governments simply go through their legal systems, using court orders to force companies to hand over the controls to law enforcement and intelligence services, we can rest assured that it is only a matter of time before government agents are on the other end listening to and watching us.
Government court orders are perhaps the most dangerous of all threats, since even the most secure and hardened device can do nothing to stop an intelligence agency armed with a court order from forcing its manufacturer from turning it into a remote microphone or using its metadata to understand a target’s contacts.
Indeed, Facebook clarified as much earlier this morning when it confirmed that it would cooperate with legal court orders to “access, preserve and share information” from a Portal device.
What is a tech company to do?
The centralized cloud nature of many smart device companies means that law enforcement doesn’t actually ever need access to the device itself. Instead, they can get nearly everything they need from the company’s servers. For example, Portal uses Facebook Messenger and as such records a complete call history that is stored on Facebook’s central servers, recording exactly the kind of call metadata at the heart of the Snowden disclosures. Requesting a complete call history of everyone a person has talked to on their Portal doesn't require any access to the Portal itself - the police can request it directly from Facebook's central servers.
However, as the Snowden disclosures demonstrated, sometimes government needs more than metadata. It needs to turn on those microphones and cameras and either hand the results over to AI to flag the interesting parts or simply have good old-fashioned humans watch it all.
Facebook’s Portal offers both a camera cover and a button that allegedly physically disconnects the camera and microphone, but users must take it on blind faith that the disconnection is actually working and that some software override has not reconnected the sensors in the meantime.
What if smart device companies built privacy into their devices at their very core? Specifically, imagine that instead of integrating cameras and microphones directly into the body of a device, they placed them into a separate sensor pod? Using a transparent case and absolutely minimal hardware (minimizing the possibility of embedded batteries, inductance charging antenna or other power sources) and a cable that can be physically unplugged, this would make it easier for users to disconnect their devices when they wish to have private conversations. While one can always simply yank the power plug, not all smart devices handle regular power outages well. Companies could also subject their smart devices to the same absolute monitoring and hardware verification processes they use for their own data centers, helping to reassure customers that no stray “spy chips” are able to remotely enable their microphone at will. After all, if Facebook’s founder doesn’t trust the security of his laptop camera, why should we trust the security of his company’s camera in our living room?
Putting this together, we are blindly stuffing our homes to the brink with internet-connected cameras and microphones and blindly trusting that the companies that make them aren’t spying on us and didn’t make a security mistake that will let others spy on us. Most importantly, we are trusting that governments will resist the temptation to turn this massive army of telescreens into the world’s greatest in-home surveillance network. More likely, they already have.
