Should Burger King Be Prosecuted For Their Google Home-Triggering Ads?

Slashdot reader Lauren Weinstein thinks Burger King should be prosecuted for successfully running an alternate version of its advertisement to trigger Google Home devices again Wednesday: Someone -- or more likely a bunch of someones -- at Burger King and their advertising agency need to be arrested, tried, and spend some time in shackles and prison cells. They've likely been violating state and federal cybercrime laws with their obnoxious ad campaign... For example, the federal Computer Fraud and Abuse Act broadly prohibits anyone from accessing a computer without authorization... Burger King has instantly become the 'poster child' for mass, criminal abuse of these devices... It was a direct and voluntary violation of law.

Re:/. won't either

[93+Escort+Wagon]

You're looking at this the wrong way - you should see this as an opportunity. When you see an obvious dupe on Slashdot, your first response should be to submit a new, slightly tweaked version of the item.

If we all work together, we can make it so Slashdot's front page is full of eight or nine copies of the same story!

Re:/. won't either

[rtb61]

Yeah, well that is OK the first time around, a big ole tee hee whoopsee but the silly fuckers went back for seconds, after they knew the outcome and Google's attempt to block it. So from neat advertising trick to multi-million dollar fine, value of the ad space stolen, serious money and Google will demostrate it is serious about security and junk food is shit food, as such junk food companies are shit food companies, so no empathy for those fuckers. Google makes a bunch of money and a junk food company get punished, so this round of marketing will be even more beneficial, just not for 'Hungry Jacks', this time round for Google and the criminal justice system ( a big ole example of how naughty it is to hack computer networks no matter how insecure or how you do it, simply not a opportunity for federal prosecutors to miss, esepcially if they land some of them with short custodial sentences, months not years and a really, really big fine, millions)

Re:YES!

It's not that it triggered it, it's that they went around something that was obviously meant to stop them from triggering it. It's like someone putting up a no trespassing sign but the trespassers come and trespass again. That shit will get you six months and a $5000 fine.

It's a good thing it happened.

[fyngyrz]

You're missing the point. If Burger King legitimizes triggering digital assistants, then everybody can do it.

No, this is a good thing. The security hole is, and has always been, that the devices only recognize selected trigger words. This hole is due to poor design choices of the manufacturers, and they must step up to the plate to fix it or become liable for any and all consequences.

My GPS in my car has a 100% programmable verbal trigger (I have used "yo, bitch" in the past... so as you can see, quite programmable) and it is almost a decade old. So there's zero question it can be done.

The message is flat on the table now: Amazon, Google, Mycroft... everyone has to set up user-programmable trigger words as part of the install of the device / app. Otherwise this kind of thing, including truly hostile events, will be a regular consumer experience, and the manufacturers will be complicit.

No manufacturer can argue they were ignorant of the risk now. Entirely a good thing. I look forward to them repairing this obvious malfeature.

let's take a step back here

[Goldsmith]

What is authorized and un-authorized use? Has Google made any effort to limit use to only the owner, or have they optimized to allow use by anyone who can talk to the device? If there's no authentication, log-in, or physical controls, there's no permission needed to use the device. What does the owner need to do to keep other people from using the device? Turn it off.

Re: /. won't either

[ewanm89]

I wonder if anyone has figured just how malicious this actually is, it is insidiously so when we consider this deliberate repeat activations of what is a google search recorded against a users google account and feeds into the advertising interest algorithms for the advertising google's network serves. It is directly going to skew adverts to win win the advert buy auction on an interest score rather than a price per an advert.

Re: Someone triggered a /. dupe?

[Zero__Kelvin]

Look, I'm not going to attack someone's character over one ridiculous belief. That being said, believing that Burger King did something that violates the CF&A is a pretty fucking stupid belief. Believing that jail is a solution to what is essentially a harmless hack is even more ridiculous. In fact I would go so far as to say that they did the world a favor by giving the proletariat a wake-up call, albeit as an unintended side effect rather than as their intended purpose.

Re:No, Google should be prosecuted -

Bullshit. There actually is something called "intent". It's quite critical in a lot of cases when you separate what's a crime from what's not. I really don't think BK's intentions are open to discussion.

They are assholes, and they deliberately abused other peoples equipment, repeatedly and deliberately, for their own gain.

Lock 'em up.

Re:/. won't either

[bickerdyke]

But it would be really simple here: That activation phrase is already annoying enough. ("Hey Siry" rolls like something you'd normaly say to someone, but chanting some company name to get results back sounds more like arcane magic summoning a demon from mammon's hell..)

Why not use individualized activation phrases?

Give your "personal assistant" some personality! A name of it's own, randomly modulate the speech synthesis parameters a bit for each device, and BK would need to go "OK John, OK Helen, OK Majel, OK Eliza, OK HAL..." and the spot would be over without triggering any device