It all started with a container of milk going bad in the refrigerator.
Again.As a software developer in Taipei, Taiwan who works long hours, Tammy Yang started dreaming of having a ‘smart refrigerator’ with a camera that would let her peek inside remotely from her phone. “I would always forget what I had in the fridge,” she laughs.
But when she started researching what to buy in 2017, she realized that regardless of whether she bought a connected refrigerator or a camera to mount inside, most options on the market involved sending data to ‘the cloud’. “I found it a bit creepy,” she says. “If I decide to drink a coke or a glass of milk at midnight, I just don’t like the idea of my photo being uploaded to a cloud computer somewhere.”
It may be hard to imagine why information about something as basic as what you eat, or when you turn on the lights is valuable, but it’s the kind of data that tells a story about when you are home and who you are. Extensive new research to monitor smart home devices in 2019 has revealed astonishing information about the types and quantities of personal data that are transmitted out of the home. Consumers aren’t just oblivious to what smart doorbells or televisions know about them, they are frequently never told or given control over how their data will be shared or used for machine learning.
Considering how fun (and useful) it can be to see everyday objects come to life, it’s no surprise that privacy concerns are often dismissed. But it is actually possible to create smart devices that are both fun and healthy for the smart home ecosystem. Why so few currently are, traces back to how devices are created, how the market is regulated, and what consumers and product developers themselves have come to terms with as an acceptable risk of convenience and low cost.
Few developers recognize how closely privacy and security are interrelated, or that security alone is not enough to create a good product, says Kathy Giori, a staff evangelist at Mozilla with years of experience at tech companies, including Qualcomm and Arduino. “Every IoT workshop and conference I go to focuses only on security,” she says. “What about privacy? What about cross-brand interoperability? Without this, I don’t want the device, no matter how secure it is.”People want to know what is safe to buy, but unfortunately, it’s tricky for internet health experts to wholeheartedly recommend IoT products. “There really just aren’t that many products to recommend, depending on how harshly you want to judge,” says Peter Bihr, co-founder of the international ThingsCon community “for fair, responsible, and human-centric technologies.”
Security Is Not Privacy
What can be done? We know that if more devices were designed with privacy, security, interoperability and sustainability in mind things would be better. This article explores seven key areas for solutions, and summarises them on a ‘cheat sheet’ at the end.
Improving the situation requires action on different levels, starting with the architecture of the devices themselves, how they are marketed and sold, and what rules govern the data they can transmit. Fortunately, because of the known risks, many developers, security experts, consumer groups and policy makers are working on solutions to make smart homes wiser.