Sergey Brin, the Co-Founder of Google is at TED 2013 Conference in Long Beach California this week talking up the benefits of Google Glass. There’s been a lot of “gee whiz” news coverage recently about Google Glass — smart eyeglasses that figure out what you’re looking at, and then add to your experience by searching the web for relevant information about what you’re seeing.
This is a greatly simplified explanation, but imagine starting at an attractive stranger who’s seated on the other side of a cafe, and his or her Facebook page pops up in your field of vision. Google Glass represents the commercialization of augmented reality and wearable computers.
Augmented reality combines real world screen images enhanced with system data. In the case of Google Glass, the technology will be used first and foremost to hone advertising messages to your precise interests. Reports indicate that Google Glass can use 3G or 4G data streams from the user’s smart phone. Other reports point to the device also being WiFi enabled for network connectivity.
In legal terms, Google will make inferences about your frame of mind and your disposition toward people, places and things. Google will do this by tracking your eye movements, recording what you look at, and for how long. Part of the Google patent portfolio includes patents on tracking eye movements.
If you spend a lot of time gazing at sports cars, Google will infer an interest in high-performance automobiles and related products. If you regularly read Chinese menus, or street signs in a questionable neighborhood, or email messages, that data could be available to someone who wants to draw conclusions based on what you choose to put in front of your face. What can be inferred from detailed records of what you choose to look at?
If the “wearable computing device” is widely adopted, expect an avalanche of digital forensics and legal issues a few years down the road. For instance, did you spend too much time looking at certain body parts on your co-worker? Will that information become admissible evidence in a sexual harassment action?
Who did you talk with and what was said? Some casual conversations will become part of a permanent data trail, because the Google Glasses have audio equipment.
Google Glass and the devices and clouds they’re connected to will know more than ever about the user and his activities, and that moves us into uncharted civil and criminal legal territory.
Can intent be demonstrated through eye and head movement? If person #1 stares at person #2 for a long time, and then person #2 is found beaten and bloody, what was the intent of the staring?
Could a record of eye movements compound or mitigate liability? What does a surgeon see leading up to a sentinel event, or an airline pilot see before a crash?
In an auto accident case, did the driver see the pedestrian? Or was he looking at a blonde behind the wheel in the adjacent lane? Or a SatNave display, or the maintenance light on the dashboard? (Or a message being sent to him by his Google Glass?)
Will augmented reality glasses like Google Glass required, under contract or agreement? Would it be desirable to follow the eyes of a dockworker who loads and unloads valuable merchandise? Would recording a nurse’s field of vision provide valuable defense during litigation? Could Google Glass alert the employer when a staffer does a task that’s outside of the standard operating procedure?
All of this will be discoverable, and these are just some of the questions this new technology brings with it. Hold onto your hat, we are entering a new phase in law and jurisprudence.
by Ira Victor, G2700, GCFA, GPCI, GSEC, ISACA CGEIT CRISC. Ira Victor is a digital forensic analyst with Nevada-based Data Clone Labs. He is a co-host of CyberJungle Radio, a contributor to HabeasHardDrive.com, and The SANS Computer Forensics Blog. He President of Sierra-Nevada InfraGard, and a member of The High Tech Crime Investigator’s Association (HTCIA). Follow Ira’s security and forensics tweets: @ira_victor.
Please support our sponsors, as they support The CyberJungle
SpectorSoft: IT professionals, Risk Officers, and HR staff have more worries than ever: insider theft, inappropriate communications, inefficient processes, employee investigations, and compliance requirements. These pressing issues demand a reliable, automated, advanced technology capable of showing user, department, and division activity no matter where the users are or what devices they are using. SPECTOR 360, the de facto corporate User Activity Monitoring solution, addresses these issues and meets this demand.
SPECTOR 360 monitors, captures, and analyzes ALL user and user group activity including: email sent and received, chat/IM/BBM, websites visited, applications/programs accessed, web searches, phone calls, file transfers, and data printed or saved to removable devices.
SPECTOR 360 features automated, remote installation of the Windows and Mac clients and requires no client installation on BlackBerry devices.