Whilst in theory Google Glass is a fascinating development, as is the case with any new technology, there are a number of risks that need to be carefully considered and – where possible – mitigated.
Of course the technology could be used as a cyber espionage tool. I could, for example, walk into a competitor’s office and discretely photograph documents and plans that have been left lying around. Equally, however, I could do that with the camera that is on my mobile phone or I could (if I had time) photocopy the originals and steal the resulting copies. But nobody is suggesting we should ban mobile phones or photocopiers from offices.
To my mind, Google Glass is something that organisations need to be aware of when considering their internal security policies but, in the grand scheme of things, it is probably less of a risk than BYOD or even simple memory sticks or other removable media, both of which enable disgruntled employees to extract vast quantities of potentially sensitive or confidential data from a company.
A number of commentators have raised the concern that Glass could also be vulnerable to hackers, who could potentially see and hear everything that a user does. The primary concern is that Glass does not, at present, have secure authentication in place, which could enable hackers to access all of a user’s confidential online information, including passwords, PINs, banking and credit card information. Earlier this year, for example, two US research students produced a proof-of-concept attack via a disguised app that enabled them to spy on a user’s activity, enabling identification of his location, the company he was keeping, and any passwords as they were typed. They were also able to take photos and videos without the Glass display being lit.
Again, however, this is not a novel risk. Mobile cyberspace has always been vulnerable to attack. And in this scenario, users had to download the app, which was disguised as an app for note-taking. This is no different from many of the viruses or worms already in existence.
Glass may simply be a useful reminder that certain information is best not accessed from mobile devices.
Will organisations be reluctant to use Google Glass? Do they see it as a security threat?
I wouldn’t be at all surprised if organisations were reluctant to use Glass, at least initially, but much of this is to do with fear of the unknown. As I say, the cyber risks already exist: Glass is simply another opportunity for users to expose themselves to those risks.
There is no doubt that Glass does raise some novel issues. For example, one concern that has been expressed is that other employees may not be aware of what is being recorded at any given time, which raises both security and privacy issues. However, such behaviour can be discouraged through a combination of a company’s work policies and disciplinary processes, through on-going staff training, and through the culture of the organisation itself.
And let’s not forget that the ability to easily record conversations and behaviour may actually result in significantly improvements in the way other employees behave: it will now be much easier for someone to prove an allegation of bullying or to become a whistle blower for illegal or immoral activity.
Rhys Williams is a partner in the Technology team at Taylor Vinters LLP.
Share this story