Widespread Wiretapping is “How Google Works”

Published June 29, 2015

Google’s wiretapping is back in the news. The Guardian reports “Google [Chrome] eavesdropping tool installed on computers without permission.”

This is not an isolated incident. It is a part of a broader Google pattern of behavior.

What should be big news and scandalous here is that the company that has gathered the most Internet users in the world based upon public representations of being pro-privacy and open — is secretly engaged in widespread wiretapping.  

Wiretapping is illegally intercepting and recording people’s communications without their knowledge or consent. In the U.S., wiretapping is a criminal offense punishable by a fine and up to five years in prison.

A.   Consider the evidence of Google’s widespread wiretapping.

1.   Google Street View WiFi Data Collection 2008-2011: A few thousand Google Street View vehicles were caught collecting unauthorized WiFi communications from tens of millions of homes in over thirty countries.

In fighting a Google Street View class action suit in the U.S., Google appealed to the U.S. Supreme Court that its unauthorized interception of home WiFi signals was not wiretapping, but Google lost it appeal. Thus Google illegally wiretapped millions of American’s WiFi communications.   

2.   Gmail “Content One Box” 2011-present: Legal discovery in a Gmail privacy class action suit, Fread v. Google, uncovered a secret Google network device called “Content One Box” that enables Google to secretly intercept and wiretap, literally hundreds of millions of peoples’ emails over the last four years and counting.  

The presiding Federal judge in this case, Judge Lucy Koh, ruled that Google’s scanning of Gmail exchanges to create personal advertising profiles constituted wiretapping. Specifically, Judge Koh ruled that Google’s reading of people’s email is not an “ordinary course of business” and that “accepting Google’s theory of implied consent… would eviscerate the[wiretap] rule against interception.”

This Google wiretapping was also a secret as Bloomberg’s Joel Rosenblatt reported in this courtroom exchange: There is “…a device Google has used to intercept e-mails called the “content one box.” Google determined that the device couldn’t extract information from e-mails that weren’t opened or deleted, or when they were accessed by phones or through Outlook, Rommel said. In 2010, Google moved the device from the storage end of e-mail services to the “delivery pipeline” to extract data before users receive the messages, Rommel said. “That’s the secret,” Rommel said. “It is factually inaccurate to say that the location and the timing of that interception is in the public record,” he said, referring to Google’s disclosures about its scanning. “There is not a single disclosure in the record that identifies, alerts, tells anybody that there is an interception occurring. It’s not there, it doesn’t exist.”

3.  Google Chrome Secret Wiretapping 2015: A Guardian article, “Google eavesdropping tool installed on computers without permission,” reported: “Privacy campaigners and open source developers are up in arms over the secret installing of Google software which is capable of listening in on conversations held in front of a computer.” See this Rick Falkvinge post for more detail.

Tellingly, this is not the first time Google Chrome’s wiretapping ability by design was uncovered. In 2014, Gizmodo reported that Google’s Chrome browser had a way for any website to listen to a website-visitor’s computer microphone, even after the user closed the website link.   

4.   Google “Nest Aware” Wiretapping 2015: A separate Guardian article entitled, “Google’snew Nest Cam is always watchingif you let it into your home,” reportedWith Nest Aware, Google is also offering to record up to 30 days of video, with audio, to the cloud and do constant analysis of it.” The purchaser of the Nestcam service may approve of the Google audio recordings, but recorded visitors have not.

5.  Google Glass Wiretapping 2013-14: Since Google Glass was enabled with an always-on audio receiver to listen for the audio command “OK Google,” and since Glass could video and audio record one’s surroundings with a finger tap or a voice command, Google Glass could record people’s private conversations without their knowledge or consent.

Tellingly, CIO.com advised that Google Glass’ “Secret Video and Audio Recordings [are] a Legal Minefield for Employers.”

B.   What does this Google widespread wiretapping pattern tell us?

Now we know of five different Google services that have been, or are, all engaged in some form of audio interception/recording  without peoples’ knowledge or consent – e.g. Street View WiFi communications; Gmail communications; Chrome browser audio transmissions; Nestcam/Internet-of-Things-sensor communications; and Glass wearable communications – all of which upload the wiretapped communications to Google’s servers in the Google’s data centers for storage, analysis, and in the case of Gmail Content One Box, for advertising monetization.

C.   What questions need answering by law enforcement?

1.   Is Google Hangouts wiretapping?

If Google was willing to wiretap over a billion Gmail users and their email senders without their knowledge or meaningful consent, why wouldn’t Google have a Content One Boxcapability for Hangouts communications, i.e. messaging, voice and video calling and conferencing that are all integrated into Gmail?

Why wouldn’t those Hangouts audio communications bits transmit over the same fiber to which the Gmail Content One Box is connected — given how committed Google is to hyper-efficiency in everything computing, communications and storage.

Wouldn’t it would be out of character and contrary to Google’s best engineering practices for Google’s infrastructure to treat Gmail text bits differently from Hangouts audio or video bits – when they commingle everything else for maximal technical and economic efficiencies?

2.   Are Google’s free WiFi services, wireless broadband service “Fi,” and Google Fiber wiretapping?

If Google Street View systematically vacuumed up users’ WiFi communications for three years in over thirty countries without their knowledge or consent, and Google did the same for all email communications of roughly a billion Gmail users, why wouldn’t Google follow its established practice of pushing  the envelope on privacy, and feeding its ad-based business model by intercepting, recording and analyzing all Google WiFi, Fi and Fiber traffic — whether it be text, audio or video – in order subsidize the provision of these costly Google communications services?          

3.  Are Google Nest devices, Google Wearables, and Google’s Internet-of-Things-sensors – wiretapping?

Why wouldn’t Google design its dominant Android mobile operating system to enable Google to listen to the sounds around an Android Internet-of-Things sensor, like Google’s Chrome browser/operating system was designed to enable Google to listen into people’s computers?

Simply, there is no technological limit to Google wiretapping more broadly than it currently does, and there are great commercial advertising incentives for them to do it secretly as well.         

In short, widespread wiretapping is “How Google Works.”

Is anyone but Google listening?

[Originally published at Precursor Blog]

[More “How Google Works” series]