COURT 1 · GUILTY
CONSENT + PRIVACY + COMPUTER LAW
COURT 2 · SYSTEMIC RISK CONFIRMED
INSURANCE GAP · REINSURANCE EXPOSURE
COURT 3 · SOVEREIGN FIRST PROVEN
EOSE ARCHITECTURE VALIDATED
THE FACTS (VERIFIED)
1Chrome silently downloaded ~4GB Gemini Nano to devices meeting minimum hardware requirements
2No consent prompt · No opt-in · No user notification of any kind
3Re-download persistence: delete the files → Chrome re-downloads silently on next restart
4chrome.ai.languageModel API accessible from ANY website running in Chrome
5EU rollout appears staged (DMA compliance — multiple EU users report no folder)
6Feb 2026: Google finally added Settings → System → "Turn On-device AI on or off"
7Google ToS defence: "software sometimes updates automatically" — inadequate for LLM deploy
8Confirmed: Windows + macOS affected. Linux unclear. EU partially blocked.
1
COURT 1 — CONSENT, PRIVACY & COMPUTER LAW
Bench: Ruth · Thurgood · Sonia · ONBA
CHARGE 1.1 · CASL SECTION 8 — CANADA · CRITICAL
Computer Program Installation Without Express Consent
CASL s.8 requires express consent before installing a computer program. The update exemption covers bug fixes, not new AI models. The re-download behaviour is the aggravating factor — functionally identical to rootkit persistence. CRTC has never seen a CASL s.8 case at this scale or with this API surface.
$10M/violation (CRTC admin)
$200/install × ~6.3M ON devices = $1.26B (s.47 class)
$1M/day ongoing
CHARGE 1.2 · PIPEDA — MEANINGFUL CONSENT
No Meaningful Consent for New Data Processing Purpose
OPC requires: plain language, specific purpose, no bundling, understandable to ordinary person. Google's ToS clause ("software sometimes updates automatically") fails all four. Clearview AI ruling directly on point: buried consent = no consent. Browsing context = sensitive data requiring opt-in.
OPC investigation + Federal Court referral
CHARGE 1.3 · GDPR ARTICLES 6 + 25 — EU CLASS ACTION SCAFFOLD
Legitimate Interests Balance Test Fails · Privacy by Design Violated
LIA balance: Google's interest (cost savings) vs. user interest (storage, privacy, compute, new attack surface) — tips to user. Article 25: opt-out ≠ privacy-protective default. Meta was fined €390M for bundled consent. Chrome uses same model.
Up to 4% global turnover (~$14B at Alphabet scale)
CHARGE 1.4 · CFAA + STATE ANALOGUES — US
Unauthorised Computer Modification · Persistence = Rootkit Pattern
Sony BMG rootkit (2005) settled for $150M under identical theory. Chrome is stronger: API surface creates ongoing exposure (Sony had none). Re-download is MORE aggressive than Sony's rootkit. California CFAA (§502), Illinois, NY, Washington state laws all triggered.
Sony precedent: $150M settlement · Chrome scale: orders of magnitude larger
CHARGE 1.5 · COMPETITION ACT s.74.01 + FTC ACT §5
Deceptive Marketing · Chrome Marketed as Browser, Not AI Host
Deploying a 4GB AI model via a product marketed as a web browser, without disclosure, is a material omission constituting deceptive marketing. Feb 2026 toggle addition proves Google knew — they deployed first and disclosed later.
COURT 1 VERDICT: GUILTY ON ALL 5 CHARGES · Sony rootkit is the controlling precedent · Chrome case is stronger (API surface, scale, persistence) · First-mover to file sets Canadian precedent
2
COURT 2 — SYSTEMIC RISK · INSURANCE · REGULATED INDUSTRIES
Bench: Cochran · OFFICER (Risk/ARB-920) · Kay (Headlands/TD lens)
RISK 2.1 · CHROME AI API ATTACK SURFACE
Any Website Can Invoke Gemini Nano via chrome.ai API
Attack chain: malicious site → chrome.ai → process local browsing context (banking, email, health) → inference output exfiltrated. "Local = private" is false. The API surface means output can leave the device. Every enterprise laptop running Chrome now has an unaudited AI inference layer accessible by web content.
CISO ALERT: Existing EDR/XDR/CASB tools don't monitor chrome.ai API calls
RISK 2.2 · ENTERPRISE SECURITY POSTURE GAP
Blind Spot in Every Enterprise Security Stack Running Chrome
Current enterprise security monitors: network traffic, file system, process execution. None monitor local AI inference calls. Headlands context: 5,000 reserve nodes running Chrome = 5,000 simultaneous Gemini Nano instances with open API. Correlated attack surface.
Regulated industries: banking · healthcare (PHIPA) · legal privilege · pipeline SCADA
⚡ THE RAINCHEQUE (Kay's framing)
Google has issued every cyber insurer and reinsurer a liability cheque they don't know they're holding.
Not priced in current policies: Browser-embedded LLM as data processing vector · chrome.ai API abuse as exfiltration vector · Correlated deployment across enterprise fleet (systemic risk, no reinsurance model)
The NotPetya parallel: NotPetya caused ~$10B losses, was excluded as "act of war." Chrome Gemini Nano is commercial software from a US corporation — no war exclusion. Correlated chrome.ai exploitation at enterprise scale triggers simultaneous claims across every insured enterprise. No reinsurance tower models this.
QoS risk: Unpredictable background AI inference on banking payment rails, pipeline SCADA, regulated trading networks. No SLA accounts for this workload. No vendor notification to enterprise Chrome deployers.
Face value of the raincheque: unknown. Maturity date: first successful correlated chrome.ai exploitation.
COURT 2 VERDICT: SYSTEMIC RISK CONFIRMED — CRITICAL · Reinsurance-level correlated risk · No layer was informed · No layer consented · The insurance industry has an unpriced exposure on every Chrome-heavy enterprise policy written since 2024
3
COURT 3 — SOVEREIGN FLEET DOCTRINE
Bench: IMHOTEP · SIGNALS · Kay · SOSTLE L5
FINDING 3.1 · SOVEREIGN-FIRST VALIDATED
EOSE Architecture Is the Correct Answer
yone/forge Ollama fleet: our hardware, our models, our invocation logic, our SOSTLE gating. Chrome Gemini Nano: Google's model, Google's invocation, no gating, open API. The difference is not technical — it's sovereignty. PEMLAAM private lane (no external model providers for L6+) is proven correct doctrine, not paranoia.
SOSTLE walls held · PEMLAAM private lane vindicated · Sovereign-first was right
FINDING 3.2 · THE EOSE PRODUCT GAP
Sovereign Browser Intelligence Layer (SBIL) — Market Need Just Appeared
Enterprise gap: "How do we do browser-layer AI without Google API access to our client layer?" No answer exists yet. EOSE can build it: enterprise-controlled on-device model, SOSTLE-gated API, audit-logged, enterprise CA signed, immediately revocable. Every CISO in the world now has this problem. We have the answer.
Commercial opportunity · CISO-to-CISO · Amani GC-to-GC
COURT 3 VERDICT: SOVEREIGN FIRST IS PROVEN CORRECT · The EOSE architecture is the right answer · The timing is perfect · The market need just became visible to every enterprise CISO simultaneously · γ₁ = 14.134725141734693