If you’ve been reading headlines today, you’ve probably noticed that there’s a guy out there releasing documents saying the CIA can hack your Samsung Smart TV. First of all that’s not a huge surprise — I talked about it four years ago in an article that has, sadly, been lost.. Back then, Samsung was using a very insecure method to get voice data from its TVs back to servers. Supposedly, the problem was fixed and Samsung doesn’t even include voice command in most of its TVs sold in the US. According to their site,
Voice Interaction function is only available for the KS9800, KS9500, KS9000, KS8000, KU7500, and KU7000 series models.
These are all very high-end models, so the chances are you don’t even have the hardware needed for spying on the TV you bought at a big-box or warehouse store.
Or that’s what they want you to think, anyway.
In the meantime, since 2013, you’ve started using Siri, Google Now, Alexa, and probably other voice-activated devices. Most of them are always listening in some way or other, otherwise they wouldn’t answer when you said “Hey Siri,” “OK Google,” or “Alexa.” The real question is the extent to which they are listening, and the extent to which they are passing that information onto other servers over potentially unprotected internet connections. The way it is supposed to work is, your phone or device isn’t supposed to send anything over a server until you (1) say the magic word (OK Google) and then (2) it detects that you’ve finished asking your question. It then (3) sends that information as an audio file to a server somewhere for processing and recognition, and the answer comes back. Once you’re done talking, there isn’t supposed to be anymore audio data sent back from your phone to those servers.
But the truth is that without using network management tools that most people don’t have, it’s pretty hard to know what’s being sent and when. As we all know from The Dark Knight, it’s probably possible to turn on a microphone or camera on a device without the owner knowing it. That movie was fictional, obviously, but the latest leaked documents suggest it’s not only possible but common — our government and other governments may be spying on people using their own mobile devices. That’s something that anyone who uses a mobile phone for Twitter or anything else ought to think about.
So what are the odds it’s happening to you? Pretty slim, unless you’re reading this blog from a cave in Mogadishu or something. The truth is that government intelligence agencies are probably not interested in what level you’ve gotten to in Candy Crush. But there’s no ruling out the idea that you could be physically close to a person of interest. For example, if you look at all the acts of violence on US soil in the last 18 months, including the terrible events in San Bernardino, California, would the government have benefited from using hacking tools like this for people who interacted regularly with the terrorists involved? Could that have saved lives? Would it have been legal?
I can’t answer the really thorny questions there but I can give you a nickel’s worth of free advice. Folks, this is 2017. We have amazing tools at our disposal, but you ought to have figured out by now that we have absolutely no privacy. Our downtowns are riddled with cameras, our computers track our every move, and the majority of our interactions with the outside world take place on a wireless device pumping radio waves out there that can be intercepted by anyone in a 1.5 mile radius. The tools required to spy on us are expensive and complex, but they’re getting cheaper all the time and easier to use, I’d bet. So don’t be stupid. I know you should feel like you can have private conversations whenever you want, but … ya can’t. I wish you could but … ya can’t.
So just be careful. Don’t say stuff out loud or online that you wouldn’t want someone else to see and know. Obviously some of that is going to be inevitable because if you’re truly going to exist in this world you’ll need a credit card, an ATM card, and accounts at dozens of online stores (hopefully including Solid Signal.) But with some care you can make a fair effort at being confidential.
In the meantime there are a web of complex laws governing wiretapping that already cover the surveillance of private individuals using electronic means, whether authorized or unauthorized by a court. At the center of all of them is the irrevocable fourth amendment to the US Constitution which reads,
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
This boils down to, if someone wants to know something about you, they either ask or they get a warrant. Period. There are exceptions for national security, but they’re rare. Or at least they should be.
What can you do? Well consumer protections haven’t kept pace with this sort of thing. We don’t even have robot insurance yet. At some point there will probably be some sort of independent watchdog agency for this sort of thing and we’ll sleep a little better, until the hackers figure out how to circumvent the next level of protection.
Meantime, next time you’re in front of pretty much anything with a voice control system, and that’s pretty much all the time… think before you talk. They might be listening.