Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Google

Google's Nest Will Provide Data to Police Without a Warrant (petapixel.com) 81

As reported by CNET, Google will allow law enforcement to access data from its Nest products -- or theoretically any other data you store with Google -- without a warrant. PetaPixel reports: "If we reasonably believe that we can prevent someone from dying or from suffering serious physical harm, we may provide information to a government agency -- for example, in the case of bomb threats, school shootings, kidnappings, suicide prevention, and missing person cases," reads Google's TOS page on government requests for user information. "We still consider these requests in light of applicable laws and our policies."

An unnamed Nest spokesperson did tell CNET that the company tries to give its users notice when it provides their data under these circumstances. Google "reserves the right" to make emergency disclosures to law enforcement even when there is no legal requirement to do so. "A provider like Google may disclose information to law enforcement without a subpoena or a warrant 'if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency,'" a Nest spokesperson tells CNET.

While Amazon and Google have both said they would hand over a user's data to law enforcement without a warrant, Arlo, Apple, Wyze, and Anker, owner of Eufy, all confirmed to CNET that they won't give authorities access to a user's smart home camera's footage unless they're shown a warrant or court order. These companies would be legally bound to provide data to the authorities if they were shown a legal document. But, unlike Google and Amazon, they will not otherwise share camera footage with law enforcement, even if they had an emergency request for data. Apple's default setting for video cameras connected via Homekit is end-to-end encryption which means the company is unable to share user video at all.
In an updated statement, a Google spokesperson clarified that they have never sent Nest data to authorities, "but it's important that we reserve the right to do so."

They added: "To reiterate, and as we've specified in our privacy commitments, we will only share video footage and audio recordings with third-party apps and services that work with our devices if you or a member of your home explicitly gives us permission, and we'll only ask for this permission in order to provide a helpful experience from an approved partner (such as a home security service provider)."
This discussion has been archived. No new comments can be posted.

Google's Nest Will Provide Data to Police Without a Warrant

Comments Filter:
  • While they mention all the right reasons for doing this, I can't say I have much trust that it won't be used against you in evil ways as well. Personally, I store my video on a local NAS, with some encrypted backup to an AWS instance.
    • by suss ( 158993 )

      Yeah, your data is safe with Amazon [slashdot.org]...

      • Re:Cloud is bad (Score:4, Insightful)

        by slazzy ( 864185 ) on Wednesday July 27, 2022 @06:13PM (#62739708) Homepage Journal
        You missed the part where I said encrypted.
        • This is why I have an IoT network in my home, which stores all the contents on a NAS. I have a second NAS at the office, and they sync over SSH and ZFS Send/Receives. All of my home automation is done via Siri, with which only the HomeKit hubs have network access. All my cameras, thermostats, smart gizmos, etc, can not talk to the internet without my say so. The VLAN isolates it, and the router blocks that VLANs network. Frankly, IoT networks that are isolated from the internet should be as standard on cons
          • Re:Cloud is bad (Score:4, Insightful)

            by dbialac ( 320955 ) on Thursday July 28, 2022 @08:00AM (#62741042)
            Those represent a lot of things to get broken into if not immediately patched. I just don't use IoT things in the first place, minimizing my footprint. I've never needed to see what's in my refrigerator remotely. I don't need a thermostat that figures out my usage; a "dumb" programmable one works just fine. I refused the app/network connectivity which lets you set when things turn on during solar usage as I don't need it and a timer would work just as well.
            • Those represent a lot of things to get broken into if not immediately patched. I just don't use IoT things in the first place, minimizing my footprint. I've never needed to see what's in my refrigerator remotely. I don't need a thermostat that figures out my usage; a "dumb" programmable one works just fine. I refused the app/network connectivity which lets you set when things turn on during solar usage as I don't need it and a timer would work just as well.

              It is nice being able to access some smart appliances while not home. I can view through my camera and remote unlock my front door. Likewise, I can verify that I locked the door while away. I don't think interior lights need internet access. I would like my fridge or freezer notify me if the door's been open for too long or its temperature goes outside a safe range.

        • You missed the part where I said encrypted.

          I didn't. When the warrants start to fly you'll still be f**ked.

    • While they mention all the right reasons for doing this, I can't say I have much trust that it won't be used against you in evil ways as well. Personally, I store my video on a local NAS, with some encrypted backup to an AWS instance.

      So does this apply to all Google products?

      Gmail?
      Photos?
      Google Drive?
      Google Voice?
      Google Meet?
      Google Duo?
      Google ???? ....

      If it does, then it is PAST time to be reflashing phones and building your own IoT devices that only talk to your own data storage.

      Then you can copy stored data to encrypted files in any of the cloud services or those 6 drives that you bury in the backyard with every week and rotate out LIFO style.

      • Re:Cloud is bad (Score:4, Insightful)

        by Anonymous Coward on Wednesday July 27, 2022 @07:11PM (#62739828)

        Most people read that article and thought "so they can see my doorbell video" but Nest has other items in its lineup including indoor cameras, thermostats, and door locks.

        Does this mean Google will also unlock your front door for the police if they determine it is helpful for their investigation?

        Police: "We didn't need a warrant to enter because the front door was unlocked when we got there."

        • Re:Cloud is bad (Score:4, Insightful)

          by Anonymous Coward on Wednesday July 27, 2022 @08:32PM (#62739974)

          Don't forget all the parallel construction that can be done with the indoor cameras and such. "The door was open, stuff was in plain view, so a warrant wasn't needed."

        • Police: "We didn't need a warrant to enter because the front door was unlocked when we got there."

          That's not how that works.

          • The police are allowed to enter a home of invited in. Google will gladly invite them in if they request it. Google's customer likely gives Google permission to do this when they agree to their terms of service
            • Google's customer likely gives Google permission to do this when they agree to their terms of service

              Yeah, that's also not how that works.

      • Re:Cloud is bad (Score:4, Informative)

        by dbialac ( 320955 ) on Thursday July 28, 2022 @08:02AM (#62741050)
        Better solution: don't introduce a problem in the first place. Don't use IoT.
        • Better solution: don't introduce a problem in the first place. Don't use IoT.

          This is akin to saying because of the risk of ransomware, don't use computers.
          Because paper records never got burned, flooded, lost, or stolen.

          • by dbialac ( 320955 )
            No, absolutely not. This is about not increasing your footprint as far as what hackers can penetrate in the first place. I can't get rid of the computer; it's too much of a necessity. I don't need the rest.
            • I suppose the need for various IoT depends on your use case and where you live. For example, almost all cameras are IoT and cloud based now. While there's options to store locally, this creates a huge vulnerability, for example: The burglar can destroy the disks, or in the case of a home invasion use "rubber hose" cryptanalysis until you tell them where the disks are.

              Other example: I store my handguns in a safe with WiFi (IoT). If someone tries to pull an "evil maid" attack and steal my guns or guess

              • by dbialac ( 320955 )
                The difference is this: using conventional methods, somebody can break into your gun safe or sabotage your video camera. Using IoT, especially zero-day vulnerabilities, somebody can break into everyone's gun safe or sabotage everyone's camera all at once while leaving a minimal fingerprint.
                • I hear this argument and similar versions frequently but strongly disagree. First, in the event of a catastrophic hack (sabotaging everyone's camera), this would be well known and responded to by the vendor. It's hard to leave a minimal fingerprint when hacking at scale.
                  As for those zero day vulnerabilities -- they'd still require physical access to exploit...during the window they are unpatched. Also, how much is that vulnerability worth for sale on the darkweb or to brokers..or for legit bug bounties
                  • I don't really buy what you say at all. Use a large list of IoTs at small scale and you can work together and rob far more houses in a single night. Sophistication is involved, but for over a decade tools have existed and exploited to steal cars with wireless dongles. Once the difficult part is made easy through easy front ends, break ins are easy. Patches only come out when they are found, which can take years.
                    • We might have to agree to disagree -- but I don't see the risk here. There's a number of layers of organized crime going on here, with cybercriminals making lists of IoT, determining what addresses are vulnerable, and arranging exploits to be used in the field. THEN, they need on the ground criminals to execute the robbery and get away undetected.

                      These skill sets often don't overlap (as seen by how most hackers sell credit card dumps rather than try to monetize the data themselves), and require a heck

          • It's having a realistic understanding of how these things work. Which you clearly do not have yourself or you wouldbt be making poorly conceived arguments about the even more poorly conceived security controls.
            • It's un clear due to your poorly conceived comment who and exactly what you're replying to. Looking at your post history, you seem to have a habit of harshly insulting other commenters but never actually providing more information as to what is wrong, and what you would do better. By your argument, that means you "clearly don't have yourself."
    • While they mention all the right reasons for doing this, I can't say I have much trust that it won't be used against you in evil ways as well.

      Especially since law enforcement officials are allowed to lie during the course of their investigation. Now, there is nothing preventing them from manufacturing a lie. At least before, a warrant needed a judge to sign off on it.

    • I store my video on OnlyFans. I'm pretty sure no-one has ever bothered looking at it given what else is on there to watch. Hiding in plain sight is an effective strategy too.
  • You need to change how you vote. We need to start voting for candidates for not pro authoritarian and pro corporate. This means we have to vote for candidates who don't always have the best advertisements or the most fun rallies. It means voting for candidates who can at best be described as dull.
    • by Powercntrl ( 458442 ) on Wednesday July 27, 2022 @05:56PM (#62739662) Homepage

      I know you seem to look for the political angle in everything, but in this case you can simply vote with your wallet. Don't buy Google's smart home shit. Problem solved.

      • That's all well and good for you, but that doesn't stop your neighbor across the street from installing such a camera and having it pointed right at you all day every day recording everything possibly to be used against you.

        The point of a law would be to prevent everyone's camera, regardless of manufacturer, from allowing law enforcement access without a warrant for people who buy such cameras either ignorant of or indifferent to privacy abuses.

        • Re: (Score:2, Informative)

          by Anonymous Coward

          That's all well and good for you, but that doesn't stop your neighbor across the street from installing such a camera and having it pointed right at you all day every day recording everything possibly to be used against you.

          Move to the EU, where doing the above is very, very illegal.

          Or start fixing the broken legislation of the US, so that it becomes illegal.

          Neither of which will happen anytime soon. So deal with it, I guess...

    • by Osgeld ( 1900440 )

      no whatever username you are using this time, you need to quit signing your rights away with every shiny new bullshit gadget. You seriously think your vote matters at the federal level? Guess what fuckwit, IT DOESNT, and nothing will change, nor will it ever, want proof, look at every body of congress dating back to the industrial revolution.

      Grow up little slave, its time to be an adult and take personal responsibility and not hope one day that silver tongued used car salesman sociopath gives a single passi

    • Re: (Score:3, Insightful)

      by SvnLyrBrto ( 62138 )

      Dull is fine. Hell, dull is good. I never realized how much I liked dull when it came to politics until these last six years or so. Biden is dull... probably the dullest, most milquetoast and unremarkable centrist in all of politics. He could very well have made his campaign slogan âoeMPBAâ for Make Politics Boring Again. And yeah, itâ(TM)s very nice to wake up in the morning and be able to turn on the TV without getting that daily dose of existential horror.

      But Dull isn't good enough.

    • Voters are the least important people in the American system. [represent.us]
      Here's a link to the actual study. [cambridge.org]

      TL:DR: They don't care who you vote for.

    • That's nice an fine for a country where such candidates exist, but what can a US citizen do?

    • by Sloppy ( 14984 )

      I certainly won't disagree with your main advice (vote against authoritarians, and also candidates who think corporations should have more rights and fewer responsibility than real people) but I don't see how it's relevant here.

      Imagine it's 1795. You were around when those fucking redcoated limeys committed their atrocities against men who wanted to be free and without government oppression. You helped write the Bill of Rights, and when it was time to ratify, you proudly voted with a grin, knowing what was

  • YMMV (Score:5, Interesting)

    by Boolean algebra ( 9706102 ) on Wednesday July 27, 2022 @06:00PM (#62739670)
    Tried to give cops video from my Avertx system of some house robbers in my area, not interested. Victim did get some of the others photos, vids to give them but still "no detective assigned to the case" If they aren't going to bother whats the point? I gave her the liscense plate #'s btw.
    • by Tablizer ( 95088 )

      Detectives are often too swamped to deal with rank and file burglaries. Whether it "should" be that way or not, I can't say, but that's the way it usually ends up in most precincts. But they should at least file away such evidence in case they need it later.

    • Just rest assured that if you ever cross a member of your government, they'll be very interested in accessing your home and cameras.
  • Then it is up to you to READ it carefully. Why I won't have any nest, amazon or other cameras. You never know who is watching.
  • by Ed Tice ( 3732157 ) on Wednesday July 27, 2022 @07:46PM (#62739904)
    This seems to be saying that they will help in the case of exigent circumstances, i.e. potential for very near-term loss of life and such. In those cases, the police don't need warrants to enter your house and it seems reasonable that they shouldn't need a warrant to access your camera in order to do something like rescue you from a hostage situation. If somebody takes me hostage in my home in front of a nest camera, I would hope that the police are given access to the feed. There is, of course, potential for abuse, like there is with anything. Usually that's handled with very good access logs.
    • In many countries, witnesses are required to report crimes if/when they are able, i.e. withholding evidence of a crime is in itself a crime. This statement may be saying no more than Google are complying with existing laws & legal responsibilities.
    • Leaving aside the actual meaning of the concept "exigent circumstances", the very, very big problem here is that Google here is effectively placing itself in the role of a judge to grant warrants for whatever information it holds, based on their own determinations about the "good faith" representations about someone contacting them and their own verification process as to whether or not they are even legitimately law enforcement. Even when they get that last part right, they are, in fact, handing over infor
      • You make a very valid public policy argument. And you might be correct in terms of how things *should* be. I am merely pointing out that Google's policies around access are consistent and analogous with current US law regarding exigent circumstances. That term shouldn't be in quotes because it isn't one that I made up. It has actual legal meaning. Police can enter private property if they are chasing a fleeing suspect who enters private property, the police can enter that property to apprehend. They c
        • I'm a lawyer. I'm well aware of the concept. It's in quotes because that's what you do when you are referring to something someone else said. It's what quotes are for. That's why they're called quotes.

          Anyway, this isn't it. Rather than retype what I just said:

          Google here is effectively placing itself in the role of a judge to grant warrants for whatever information it holds, based on their own determinations about the "good faith" representations about someone contacting them and their own verification process as to whether or not they are even legitimately law enforcement.

          If you have time to call up Google and go through whatever process they have for at least having you explain yourself to someone and gain access to the necessary information, you've got a tough row to hoe claiming that whatever is going on constit

      • by Sloppy ( 14984 )

        the very, very big problem here is that Google here is effectively placing itself in the role of a judge to grant warrants for whatever information it holds, based on their own determinations about the "good faith" representations

        I agree.

        How did Google get into that position? My take is that Google asked the user if they would like this situation, and the user said yes.

    • The real problem is that Google thinks they have the right to make this decision, and courts have mostly agreed. Their position is that it's their data, not yours. The moment the data leaves your house and enters their servers, they can do whatever they want with it. Use it for their own benefit. Sell it. Give it to the government. No warrant needed.

      Since almost all data passes through a company's computers at some point, constitutional protections have become meaningless. Anyone can grab anything th

  • People forget that if your data is not on your premises, Law enforcement can force providers to hand over data w/o a warrant via a security letter that prohibits the cloud provider from telling the customer about it.

    Been ruled to be totally legal: Cloud != user premises. As soon as you use an offsite, 3rd party provider, it is considered "not private" and not covered by constitutional protections because of cloud employees seeing it as well as ease of data-breaches.

    Seriously -- look it up. You lose your n

    • Then why do police need a warrant to search your safety deposit box (which is off your premises)?
      • by lpq ( 583377 )

        Presumably because it isn't connected to the internet.

      • Locked deposit boxes aren't already accessible to bank employees. E-mail boxes are completely accessible to hosting companies. You should have no expectation of privacy in that situation.

        Or maybe it's because the laws around bank deposit boxes were written when American lawmakers weren't in hock to various corporate/media lobbyists to the same degree.

      • Because the poster you are responding to is ill informed.
    • Law enforcement can force providers to hand over data w/o a warrant via a security letter that prohibits the cloud provider from telling the customer about it.

      You lose your normal constitutional protections as soon as you store your stuff off-of your own premises.

      No.

      Certain Federal law enforcement agencies can issue national security letters that act in this way, and are theoretically limited to investigations touching on terrorism or intelligence operation. They can be challenged in court, and have been done so successfully on at least one very notable occasion. [zdnet.com]

      The rest of the law enforcement world needs a warrant for this just like everything else. National Security Letters have been upheld based on the (highly questionable) justification of national secu

      • by lpq ( 583377 )

        The case you cited didn't go to court. The FBI withdrew the request for information when it was challenged by MS. If you think that is representative of all cases, Feel free to beleive that. If you believe your Cloud-defense is as secure as Microsoft's, feel free to believe that. Considering you are prohibited from even informing an attorney, how could you "shop" for an attorney? Unless you already have an attorney on staff, how would you have a chance? Any Cloud provider smaller than MS or Google w

        • The case you cited didn't go to court. The FBI withdrew the request for information when it was challenged by MS.

          Yes, that's what happens when one side realizes it's going to lose. They didn't withdraw it for shits and giggles. The government doesn't settle when it knows it's going to win.

          If you believe your Cloud-defense is as secure as Microsoft's, feel free to believe that.

          It's not "my defense", it's the definition of the thing you are talking about. Absent catching the attention of the FBI in some national security investigation, I don't really have to concern myself with it one way or the other. It wasn't really the thrust of the post.

          Considering you are prohibited from even informing an attorney, how could you "shop" for an attorney? Unless you already have an attorney on staff, how would you have a chance? Any Cloud provider smaller than MS or Google would have little chance of prevailing in your defense -- presuming they were so inclined.

          You are not prohibited from consulting an attorney, but I'm

  • by khchung ( 462899 ) on Wednesday July 27, 2022 @08:21PM (#62739956) Journal

    This kind of thing made no sense to non-Americans. The US Constitution limits what the govt can do, so the US govt goes around it by outsourcing to private companies, which then proceed to do what was forbidden for the govt, and the American public accepted it?!?! Giving state power to private companies that is beholden to no one, only to money, is absurd beyond imagination.

    When a private company act on the behalf of the govt, or provide a service to the govt, that company should be subjected to the same restrictions as the govt. It is just common sense. Unfortunately, America is ruled by lawyers, for lawyers, and hence common sense no longer apply.

    If Google did this in Europe, this would be another astronomical fine time.

    • If Google did this in Europe, this would be another astronomical fine time.

      I sure wish I knew why you guys think your countries don't have the equivalent of national security letters. Especially in countries which have recently had or still have a high level of acceptance for fascism, which is at least a handful of 'em.

    • Nope, if an European security organisation wanted to look at their citizens data they would just outsource it to another country.

      If a European security organisation wanted to look at one of their citizen's Google mailboxes they would just ask the Americans to do it. Foreign citizens have pretty much zero protection under the American bill of rights. So the CIA can pass data to their European counterparts without breaking any American laws, and the Europeans don't have to worry about breaking their own priva

    • When a private company act on the behalf of the govt, or provide a service to the govt, that company should be subjected to the same restrictions as the govt.

      They are. Evidence acquired this way gets thrown out for this reason all the time. Google is almost certainly going to put this in their ToS now, however, which means you will be agreeing to it in advance.

    • by Sloppy ( 14984 )

      The US Constitution limits what the govt can do, so the US govt goes around it by outsourcing to private companies, which then proceed to do what was forbidden for the govt, and the American public accepted it?!?!

      No need to ask the public, because the person who decided to upload the data accepted it. They consented for the data to not be treated securely. And if the user had chosen to upload their data directly to law enforcement's computers, the government would also be able to use the data without violat

  • If you don't want your cloud data shared, then don't create cloud data. I'm not saying what they're doing is right, but people are making it POSSIBLE for them to do it.

    There are plenty of non-cloud devices that can achieve the same functions as the Amazon/Google crapware. Sure, it might be a little more cumbersome in some cases, but I have my network locked down as well as I can. I keep my untrusted devices (e.g. IP cameras) on a segregated network that has no access to the outside world. I then pull th

  • " by extremist political views that were overheard. We're here due to public safety concerns..."

  • Is why people should never buy this kind of spyware.

  • There are entirely too many reports of police stalking women they wanna meet or opposing suitors. At least with the warrant requirement please actually had to make an effort to get information now they can make up any reason to get information on anybody without a warrant. Itâ(TM)s not like Googleâ(TM)s going to track The information is used properly services include email and everything else sounds like a lot of parallel reconstruction is going to be going on after digging through somebodyâ(

  • by sabbede ( 2678435 ) on Thursday July 28, 2022 @07:03AM (#62740876)
    "These companies would be legally bound to provide data to the authorities if they were shown a legal document."

    Well, that's not very specific. My birth certificate is a legal document, as is the title to my car. Can I compel Google to hand over footage if I wave my passport at them? That is literally what that sentence means.

  • This is what happens when you actually read the terms of service. Don't do it!
  • People shouldn't be...ahh forget it. Continue putting those telescreens in your homes and hope the MIB go after someone else and not you.

No spitting on the Bus! Thank you, The Mgt.

Working...