General security

Privacy Implications of Google Glass

Daniel Dimov
June 13, 2013 by
Daniel Dimov

Introduction

Google Glass is a wearable computer worn like a standard pair of glasses. The device displays information on a glass screen in front of the eyes of the user. It accepts voice commands that start with the phrase "ok glass." Google Glass contains 12GB of usable storage and has a 5-megapixel camera which is capable of shooting 720p video. Users will be able to upload photos on the Internet. By the end of 2013, Google Glass will be available to consumers.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Google Glass is one of the most anticipated "wearable computing" devices. It has the potential to become widely used because it has the ability to augment reality. For example, it can present text based translations in real time and serve as navigation guide by showing a map and the location of the user.

The use of Google Glass poses privacy threats that differ significantly from those related to the use of mobile phones. This article explores the privacy threats posed by Google Glass, namely, unauthorized tracking of eye movements (Section 2) and unauthorized tracking of objects and subjects on which the user looks at (Section 3). The article also explains the eventual consequences of a Google Glass security breach (Section 4). Finally, a conclusion is drawn (Section 5).

2. Unauthorized tracking of eye movements

In the future, Google Glass may support an eye movement tracking technology that allows the user to take pictures by winking. Eye movement tracking refers to a process of recording eye movements of the examined subject.
The primary elements of visual behavior used to study face processing include fixation duration, frequency, and location.

Fixation duration refers to the time spent on fixating on an object. Tasks requiring more time for cognitively processing the object have increased fixation duration. For example, out-of-context objects generate longer fixations than contextual objects. The fixation duration on a cow placed in a downtown setting will be longer than the fixation duration on a person in the same setting.

Frequency of fixations refers to the numbers of fixations. The frequency of fixations is related to the search efficiency. A lower number of fixations on a display is an indicator of an efficient visual search. The visual search process can be influenced by several elements, including color, size, orientation, and motion. For instance, an animated advertisement published on a web page may increase the fixation duration on that page because the motion will divert the user's attention during the search process.

Fixation location refers to that part of the visual field at which the examined person fixates. Normally, the eyes fixate on areas that are important through experience, surprising, and salient.

Eye tracking has already been utilized by psychologists for more than a century now. The eye movements can be used for the creation of complex psychological profiles of people. Because eye movements are most often not consciously controlled, such profiles may reveal characteristics that are not familiar even to the person whose data is collected. These characteristics can be related to social interactions, emotional responses, and cognitive reasoning.

Consequently, in case of an information security breach of a Google Glass, the compromised data can be used for understanding the most intimate aspects of human personality. Taking into account that Google Glass is not a server locked in a secure building, but an electronic device in the form of glasses, information security breaches related to lost or stolen devices may occur often. Moreover, because the device uses Internet connections and Bluetooth, it is possible that the signal is intercepted.

3. Unauthorized tracking of objects and subjects on which the user looks at

Public authorities, privacy invaders, and companies may use Google Glass to track objects and subjects that the user looks at.

Public authorities

Public authorities are increasingly resorting to digital information to catch criminals. For example, Microsoft and the New York Police Department have recently developed a data aggregation and analysis system allowing the police to collect and analyze 911 calls, license plate readers, live video camera feeds, and mapped crime statistics.

In the future, the police in some countries may be allowed to receive real time access to the information transmitted by the users of Google Glass. In extreme cases, the users of ordinary glasses may be obliged to wear devices similar to Google Glass in order to transmit information about the people they see. Thus, the users of such devices will become snitches for the police.

Taking into account the fact that Google complied with 93% of the 6,321 requests for user data that it received from U.S. law enforcement agencies in the second half of 2011, it would not be surprising if the Police start looking through the eyes of the users of Google Glass.

Technologies similar to the existing Facebook recognition technology may transform Google Glass to a perfect surveillance device for public authorities. Face recognition technology may identify a searched person out of a large number of persons who are seen by Google Glass user.

The capabilities of face recognition technology have been tested in a real-world context. In 2011, researchers at Carnegie Mellon University attempted to identify students on the campus of a North American college. They took photos with a webcam and then used face recognition software to compare them to images from Facebook profiles. Using this approach, the researchers successfully identified about one-third of the subjects in the experiment. In relation to the experiment, Professor Alessandro Acquisti, who was a member of the research team, stated "My bet is facial recognition and augmented reality will become commonplace and popular."

Privacy invaders

Google Glass can also be used by people who would like to capture images without permission. These future privacy invaders will not only be more efficient in obtaining photos and videos, but they will be much better able to cover their tracks. Steve Lee, the product director for Google Glass, stated that there will be certain social cues allowing people to know when the device is on. For instance, the eyepiece lights up when activated and the user either has to press the side of the unit or say a clear verbal command to capture a photo or a video. However, Lee admitted that the device could be hacked in such a way as to allow the user to circumvent the social cues.

The privacy threats posed by Google Glass will urge institutions handling sensitive data to take privacy measures. Jim Mandler of Continuum Health Partners, a New York-based hospital system, stated that "I would venture to say that we will probably have some kind of policy in place that would ban the use of these glasses until we learned more about them and their use, because it could impend on patient privacy."

Banks may prohibit the use of Google Glass near ATMs. A person wearing Google Glass can take a video of the credit card number and the pin of a cardholder. Casinos may prohibit the use of Google Glass on the gambling floor in order to avoid cheating during casino games.

Companies

Anonymous data obtained by Google Glass may be used for profiling. Profiling means "an automatic data processing technique that consists of applying a 'profile' to an individual, namely for the purpose of analyzing or predicting personal preferences, behaviours and attitudes."

For example, Google will be able to obtain data concerning the brand of the coffee and butter which a consumer prefers to use in the morning. In this regard, it is worth mentioning that Google already has experience in collecting data without permission. This year, Google has reached a $7 million settlement with 38 states in the US, after it was found out that Google Street View cars deliberately collected payload data including emails and passwords from unencrypted Wi-Fi networks across America.

4. Eventual consequences of a security breach of a Google Glass

A security breach of both mobile phone and Google Glass may have harsh consequences on the owner of the compromised data. However, there is one very important difference between security breaches of those devices: a compromised Google Glass may allow the attacker to have direct access to images captured in real time.

As a result, a criminal may rob apartments by knowing when the owners are not at home and where they hide their spare keys. Also, criminals may observe the fingers of their victims until they can guess their passwords and PIN codes. Moreover, embarrassing pictures taken with Google Glass may be used for blackmailing. Blackmailing is a crime involving the use of information (e.g. photos) to coerce a person to do something.

In relation to the consequences of a security breach of a Google Glass, Jay Freeman, a Santa Barbara based technology consultant, wrote on his blog: "Once the attacker has root on your Glass, they have much more power than if they had access to your phone or even your computer: they have control over a camera and a microphone that are attached to your head. A bugged Glass doesn't just watch your every move: it watches everything you are looking at (intentionally or furtively) and hears everything you do. The only thing it doesn't know are your thoughts."

5. Conclusion

This article has shown that the unique features of Google Glass, namely, its tracking eye movement system and the head-worn camera, raise new privacy issues. These privacy issues did not remain unnoticed. On the 16th of May, 2013, eight members of the US Congress wrote a letter asking Larry Page, Google's CEO, to explain how Google Glass will prevent the unauthorized access to user/non-user data. The letter asks for a reply by June 14, 2013. In response to the letter, Steve Lee stated that "We've consistently said that we won't add new face recognition features to our services unless we have strong privacy protections in place."

While there are still uncertainties concerning Google's compliance with the privacy laws, the Explorer Edition of Google Glass is currently available to testers in the United States. The consumer version will probably be on the market by the end of 2013. As with any revolutionary technological innovation, the question remains: Will our society be able to accept Google Glass despite its potential risks?

References

  1. Acquisti, A., "What Facial Recognition Technology Means for Privacy and Civil Liberties", Testimony before the U.S. Senate, 18 July 2012. Available on http://www.judiciary.senate.gov/pdf/12-7-18AcquistiTestimony.pdf .
  2. Bonnington, C., "First Wave of Google Glass Apps Revealed", Wired Magazine, 16 May 2013. Available on http://www.wired.com/gadgetlab/2013/05/glassware-unveiled-io/ .
  3. Cain Miller, C., "Lawmakers Show Concerns About Google's New Glasses", New York Times, 17 May 2013. Available on http://www.nytimes.com/2013/05/17/technology/lawmakers-pose-questions-on-google-glass.html?_r=0 .
  4. Chaey, C., "Tracking: The Ban on Google Glass", FastCompany, 13 May 2013. Available on http://www.fastcompany.com/3009432/tech-forecast/tracking-the-ban-on-google-glass .
  5. "Draft Recommendation on the Protection of Individuals in the Framework of Profiling," European Digital Rights (EDRi), October 2009. Available on http://www.edri.org/docs/edri_CoEprofiling_response_091103.pdf .
  6. Efrati, A., "Google Glass Privacy Worries Lawmakers", 16 May 2013, Wall Street Jounral. Available on http://online.wsj.com/article/SB10001424127887324767004578487661143483672.html .
  7. Efrati, A., Fowler, G., "Google Glass is Watching - Now What?", Wall Street Journall, 17 May 2013. Available on http://online.wsj.com/article/SB10001424127887324767004578489503146013208.html .
  8. Etherington, D., "Facebook, Twitter, Tumblir, CNN and Evernote

    Apps Coming to Google Glass Today", TechCrunch, 16 May, 2013. Available on http://techcrunch.com/2013/05/16/facebook-twitter-tumblr-and-evernote-apps-coming-to-google-glass-today/ .

  9. Fell, J., "Congress to Google: Glass Privacy Issues Must be Taken Seriously", Enterpreneur.com, 17 May 2013. Available on http://www.entrepreneur.com/article/226722 .
  10. Fiveash, K., "Google to pay laughably minuscule fine over Wi-Fi slurp across US", The Register, 13 March 2013. Available on http://www.theregister.co.uk/2013/03/13/google_wifi_multi_million_dollar_settlement/ .
  11. Freeman, J., "Exploiting a Bug in Google's Glass". Available on http://www.saurik.com/id/16 .
  12. Lloyd, C., "Casinos banning Google Glass over cheating threat", Slashgear, 8 May 2013. Available on http://www.slashgear.com/casinos-banning-google-glass-over-cheating-threat-08281017/ .
  13. McAllister, N., "Congress asks Google to explain Glass privacy policies", The Register, 17 May 2013. Available on http://www.theregister.co.uk/2013/05/17/congress_queries_google_glass_privacy/ .
  14. McCarthy, T., "Is Google Glass an affront to privacy? Rest easy: Congress has got your back", The Guardian, 17 May 2013. Available on http://www.guardian.co.uk/technology/us-news-blog/2013/may/17/congress-caucus-google-glass-privacy .
  15. Mills, E., "Surveillance city? Microsoft, NYPD team on crime fight system", CNET, 8 August, 2012. Available on http://news.cnet.com/8301-1009_3-57489636-83/surveillance-city-microsoft-nypd-team-on-crime-fight-system/ .
Daniel Dimov
Daniel Dimov

Dr. Daniel Dimov is the founder of Dimov Internet Law Consulting (www.dimov.pro), a legal consultancy based in Belgium. Daniel is a fellow of the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Society (ISOC). He did traineeships with the European Commission (Brussels), European Digital Rights (Brussels), and the Institute for EU and International law “T.M.C. Asser Institute” (The Hague). Daniel received a Ph.D. in law from the Center for Law in the Information Society at Leiden University, the Netherlands. He has a Master's Degree in European law (The Netherlands), a Master's Degree in Bulgarian Law (Bulgaria), and a certificate in Public International Law from The Hague Academy of International law.