Focusing public attention on emerging privacy and civil liberties issues

Google Glass and Privacy

Top News

  • Privacy Officials Seek Answers on Google Glass: Over thirty privacy officials, including the Privacy Commissioner of Canada and the Chairman of the Article 29 Working Party, have written to Google demanding information on Google Glass. "[W]e would strongly urge Google to engage in a real dialogue with data protection authorities about Glass," they wrote, and listed eight specific questions, including how Glass complies with privacy laws and how Google intends to use the information collected by Glass. Recently, members of the Bi-Partisan Privacy Caucus wrote to Google with similar questions about Glass. Following the letter, Google announced that it would not approve any facial recognition apps for Glass. For more information, see EPIC: Google Glass. (Jun. 19, 2013)
  • Google Bans Facial Recognition Glass Apps: Google announced that it will not approve any facial recognition apps for Google Glass, pending the development of privacy safeguards. "[W]e won't add facial recognition features to our products without having strong privacy protections in place," the company said in a blog post. In comments on facial recognition to the Federal Trade Commission last year, EPIC recommended that the Federal Trade Commission enforce Fair Information Practices against commercial actors when collecting, using, or storing facial recognition data. "In the absence of guidelines and legal standards, EPIC recommends a moratorium on the commercial deployment of facial recognition techniques," EPIC wrote to the FTC in early 2012. For more information, see EPIC: Facial Recognition and EPIC: Federal Trade Commission. (Jun. 3, 2013)
  • Congress Seeks Answers on Google Glass Privacy Risks: Members of the bipartisan Privacy Caucus sent a letter to Google seeking answers to questions about Glass, a wearable computer that routinely records video and audio, and gathers locational data. Among several questions, the Members of Congress asked "how Google plans to prevent Google Glass from unintentionally collecting data about the user/non-user without consent?" and whether Glass would be able to use facial recognition technology. Recently, Attorneys general for 38 states and the District of Columbia reached a $7 million settlement with Google over the unauthorized collection of data from wireless networks, including private WiFi networks of residential Internet users. Early last year, Google collapsed its privacy policies, prompting objections from EPIC state attorneys general, members of Congress, and IT managers in the government and private sectors. For more information, see EPIC: Google Glass and Wearable Computers. (May. 17, 2013)

Background on Google Glass

Google Glass is a wearable computer. The device, worn like a pair of glasses, has a camera, microphone, and tiny "heads up display." The first generation of the device is capable of recording audio, video, and photos. The Glass camera sees whatever the wearer sees. It can use GPS for location-tracking and directions. Glass can also connect to a smartphone to make phone calls, send text messages, and read email. The device is controlled by the wearer's voice and gestures. Users can talk or tap Glass to initiate searches and execute functions. Google will allow developers to create apps to enable additional functions. One developer has already created a app to take pictures surreptitiously by winking. To an observer, it is difficult to know whether Glass is recording the environment or not.

All data recorded by Glass, including photos, videos, audio, location data, and user data, is stored in the cloud on Google's servers. Glass can connect to the Internet via wifi, or tether to the user's smartphone. Even when offline, Glass can record pictures and video.

Surveillance and Wearable Computing

Wearable computers, of which Glass may be the first with mass market appeal, have significant technological advantages, but also create new privacy challenges. Because a device like Glass is worn constantly, there is no "overt act" that signals to an observer when surveillance starts and stops. If someone takes a photo or video with a cell phone, that person must hold up the device in a noticeable fashion. But Glass can begin recording with only a subtle tap, a word, or a wink. After this first step, it may not be possible for an unfamiliar observer to tell whether recording is ongoing or not.

While the first generation of Glass can only record segments of audio and video, later generations with more advanced hardware could enable "always on" recording. This would allow Glass to see and hear everything the user sees and hears, and record it for later.

In addition, apps or subsequent products may integrate facial recognition capabilities into Glass. The Glass camera could capture images of people walking down the street, who would then be identified with facial recognition software. Once identified, the wearer could be presented with that person's Facebook profile, Twitter feed, or other internet search results linked to his/her name. The military and law enforcement have been using similar handheld facial recognition devices for several years.

Privacy Risks Posed by Glass and Wearable Computers

Wearable computers like Google Glass create a number of privacy risks. Some are unique to the technology, while others are existing risks exacerbated by the nature of wearable computers.

First, wearable computers threaten non-users with "always on" surveillance. For example, if a person walks into a bar wearing Google Glass, other patrons may not be able to tell whether that person's Glass is recording their actions and conversations. Even if Glass is not actively recording, third-parties must react to the device as if it might be recording at all times. This threatens the ability of individuals to have private, candid, or anonymous social interactions. People cannot let down their guard or lower their veneer of professionalism, for fear that their actions may be recorded, disseminated, and criticized out of context. Because of the invasiveness of Glass, some venues may choose to ban its use.

While the Glass user may have made the conscious choice to trade his privacy for the use of his new gadget, the people captured by the Glass camera have not. Google Glass invades their privacy and anonymity without their consent.

While individuals may not have an expectation of privacy in public, they do have an expectation of anonymity. A person expects to be able to walk down the street and blend into the crowd. There are many public settings in which a person does not expect to be recorded, even if they could be casually observed. Some of these settings could be sensitive, embarrassing, or incriminating, such as:

  • Talking about one's coworkers, family, or friends at a restaurant
  • Going to a doctor's or psychologist's office
  • Buying medications at a pharmacy
  • Sunbathing at the beach
  • Shopping for private items, such as underwear
  • Attending a support group
  • Being sweaty and dirty after exercising
  • Drinking or dancing at a bar
  • Transacting financial matters at a bank or ATM
  • Taking one's kids to a park, playground, or school
  • Attending a political event
  • Going to religious services

Law enforcement and government agencies may also obtain access to the data recorded by wearable computers such as Glass. Because wearable computers will capture a large volume of "always on" data, that data will be highly sought after by law enforcement. It is essential that adequate legislative and judicial safeguards are instituted to ensure that government agents cannot access these data without oversight, transparency, and accountability. Probable cause warrants should be required for all data collected by Glass, regardless of whether the data is possessed by the user or Google.

When a person is subject to the potential for "always on" recording, that fundamentally alters how that person behaves. Privacy is the ability to control how and to whom one expresses oneself. If a person cannot control to whom they are expressing themselves, they will tailor the nature of their expression. Without the ability to control one's audience, individuals will fear reprisals for non-conforming, unusual, or unprofessional behavior. The resulting chilling effect will stifle creativity, innovation, and self-discovery.

How Google Stores and Uses Cloud Data

Glass does not just allow the wearer to record and observe other people, but Google as well. All of the data captured by Glass, including photos, videos, audio, location data, and other sensitive personal information, is stored on Google's cloud servers. Google will possess the data and may analyze it to develop profiles of individuals. Google currently scans the contents of emails of its Gmail users in order to target advertising, so it is foreseeable that it could do the same with Glass data.

People observed and recorded by Google Glass will have their personal information captured and stored on these Google servers. While the users of Google Glass will have to consent to Google's Terms of Service and Privacy Policies in order to use the device, Google will not have the consent of non-users. Google therefore will be capturing, storing, and profiling the personal information of non-user bystanders without permission. The mere act of walking down the street is not consent to be cataloged in a marketing database.

Google's stewardship of user data has come under scrutiny in the past. On February 9, 2010, Google attempted to launch Buzz, a social networking service linked to Gmail, Google's email service. Google Buzz was an online service that compiled and made public a Gmail user's social networking list based on address book and Gchat list contacts. In response, EPIC filed a complaint with the FTC, highlighting several aspects of the Google Buzz service that threatened Gmail users' privacy. The complaint alleged that Google engaged in unfair and deceptive trade practices by transforming its email service into a social networking service without offering users meaningful control over their information or opt-in consent.

On October 13, 2011, having determined that Google did engage in unfair and deceptive trade practices, the FTC issued a consent order establishing new privacy safeguards for users of all Google products and services and subjecting the company to regular privacy audits. This order bars Google from misrepresenting the company’s privacy practices, requires the company to obtain users’ consent before disclosing personal data, and requires the company to develop and comply with a comprehensive privacy program.

On January 24, 2012, Google announced that it would change its terms of service for current users of more than 60 Google services, including Gmail, Google+, Youtube, and the Android mobile operating system. Rather than keeping personal information about a user of a given Google service separate from information gathered from other Google services, Google will consolidate user data from across its services and create a single merged profile for each user. The change will become effective on March 1, 2012.

On February 8, 2012 in the D.C. District Court, EPIC filed a complaint and motion for a temporary restraining order and preliminary injunction compelling the FTC to enforce the Google consent order. After briefing had completed, the Court dismissed EPIC's lawsuit against the FTC because the "decision to enforce the Consent Order is committed to agency discretion and is not subject to judicial review." However, the Judge also said, "the Court has not reached the question of whether the new policies would violate the consent order or if they would be contrary to any other legal requirements." And she said "the FTC, which has advised the Court that the matter is under review, may ultimately decide to institute an enforcement action."

The FTC eventually enforced the consent order against Google by fining the company $22.5 million for violating the consent order by placing advertising tracking cookies on Safari browsers despite telling users that it would honor the default Safari privacy settings, which prevented the placement of such cookies.

Google Glass Threatens Women's Privacy Rights

Google Glass, and similar wearable computing devices, pose special threats to women's rights and privacy in particular. Women are frequently subjected to harassment or shaming based on their appearance and behavior. Glass exacerbates these risks.

Glass gives stalkers, harassers, and creeps the ability to take invasive photos of women in public without their knowledge. If such a person were wearing Glass, they would be able to surreptitiously take photos and videos of women's bodies with a low risk of getting caught. This could include taking photos down women's shirts, up their skirts or dresses, or while sunbathing at the beach or pool. These images can then be distributed over the Internet. There are already web forums for sharing such invasive images taken with cell phone cameras. Being able to sneak a photo with Glass heightens the risk to women's privacy and public safety.

Glass poses a security risk to victims of domestic violence. A domestic violence victim who has escaped her attacker may rely on anonymity and privacy to hide her location from her abuser. If a victim is caught on a location-tagged Glass photo, her abuser could be able to find her more easily. This has occurred previously with cell phone location tracking. When a family shares one cell phone family plan, an abusive husband can call the wireless provider and obtain the location of his wife or children after they have fled.

Young women and teenage girls are especially at risk where "always on" surveillance is concerned. Because young women and girls are subject to great scrutiny for their actions and appearance, Glass's ability to record everyday interactions threatens otherwise normal, important aspects of women's health. For example, the fear of being recorded while buying birth control at a pharmacy, or visiting a women's health clinic, may cause some women and girls to forgo these important services.

Congress Investigates Glass Privacy Risks

Congress has taken an interest in the privacy risks posed by Glass and Google's use of consumer data. On May 16, 2013, members of the Congressional Bi-Partisan Privacy Caucus sent a letter to Google asking for answers to the following questions:

  1. In 2010, it was discovered that Google was collecting information across the globe from unencrypted wireless networks. This practice caused multiple investigations into the company along with consumers left perplexed. Google just recently agreed to pay $7 million to settle charges with 38 states for the collection of data from unprotected Wi-Fi networks without permission.8 Google also admitted that they did not adequately protect the privacy of consumers and "tightened up" their systems to address the issue. While we are thankful that Google acknowledged that there was an issue and took responsible measures to address it, we would like to know how Google plans to prevent Google Glass from unintentionally collecting data about the user/non-user without consent?
  2. What proactive steps is Google taking to protect the privacy of non-users when Google Glass is in use? Are product lifecycle guidelines and frameworks, such as Privacy By Design, being implemented in connection with its product design and commercialization? For example, if a Google Glass customer/user decides to resell or to dispose of their Google Glass product, would there be any product capabilities incorporated into the device to ensure that one's personal information remains private and secure?
  3. When using Google Glass, is it true that this product would be able to use Facial Recognition Technology to unveil personal information about whomever and even some inanimate objects that the user is viewing? Would a user be able to request such information? Can a non-user or human subject opt out of this collection of personal data?If so, how? If not, why not?
  4. In Google's privacy policy, it states that the company "may reject requests that are unreasonably repetitive, require disproportionate technical effort ... risk the privacy of others, or would be extremely impractical." Please provide examples of when Google would reject requests on Google Glass that would risk the privacy of others? Would Google place limits on the technology and what type of information it can reveal about another person? If so, please explain. If not, why not?
  5. Given Google Glass's sensory and processing capabilities, has Google considered making any additions or refinements to its privacy policy? If so, please explain. If not, why not?
  6. In Google's privacy policy, it states that the company "may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number)." Would this information be collected from users operating Google Glass? If so, what specific information is Google intending to collect? Would Google Glass collect any data about the user without the user"s knowledge and consent? If so, why? If not, please explain.
  7. It was recently revealed that the New York Times was the first to release an app for Google Glass. To what extent was privacy considered in approving this app? Is Google planning to make privacy a priority for future app developers? If not , why not? If so, please explain.
  8. Will Google Glass have the capacity to store any data on the device itself? If so, will Google Glass implement some sort of user authentication system to safeguard stored data? If not, why not? If so, please explain.

Resources

News Reports