Smart Devices Make Everything Easier – Like Spying On Users

Apr 27, 2015
Amisha Manek

Page Media

Samsung SMART TV

By all indications, the Internet of Things (IoT) – a world where everyday devices, machines, and appliances collect and transmit data about their use and surroundings – is well on its way to becoming a reality.

Ubiquitous broadband access, advances in computing, and cheap sensors allow for everything from cars to kitchen gadgets to eyeglasses to deliver information to us, and to collect data from us. Industry experts estimate that 50 billion devices will be connected to the Internet by 2020.

In recent years, consumers have become wise to the privacy practices of popular Internet companies. Informed by revelations of mass surveillance and reports of everything from covert location tracking to the unconsented sale of personal information, consumers today are wary of efforts to capitalize on personal data, scrutinize privacy practices and expect transparency reports. Yet, even as consumer privacy awareness is at an all-time high for websites and apps, the privacy issues are only beginning to come into focus for the IoT.

Companies and regulators have the responsibility to create and communicate new privacy practices to consumers in this new world.

With great connectivity comes great privacy risk

The IoT is no doubt a promising advancement for consumers, as it lets them control and interact with their ‘things’ remotely, with a smartphone for instance. Consumers will turn up their home thermostats as they leave work on a cold day or use their smart phones to brew coffee or cook dinner without entering the kitchen. All the while, these devices are silently collecting vast amounts of data about our habits, preferences, and movements.

Without privacy protections in place, the massive trove of consumer data created by the IoT is susceptible to misuse. For instance, companies might sell this data without giving consumers a say in the matter or they could use it to make invasive predictions about consumer behavior. Consumers must remain mindful of the risk to their privacy and seek control over their information in this new world of connected devices. Lately, consumers have been caught unawares when devices they think of as straightforward collect data from them and potentially share it for purposes that are not obvious. Consumers were shocked to learn from news outlets that Samsung’s SMART TVs were eavesdropping on them and transmitting unencrypted voice data to a third party. Samsung failed to properly inform users beforehand that their TVs might record them. Instead, the company provided notice via a single sentence buried in a dense privacy policy. The collection of information in ways consumers do not desire or expect damages trust, and this practice risks the benefits of these devices from being realized.

Recognizing the numerous privacy issues raised by the IoT, the Federal Trade Commission this month announced the creation of its Office of Technology Research and Innovation. The agency intends for the Office to monitor the privacy and data security of IoT devices in places ranging from the automobile to the home. An FTC report released earlier this year noted that as “everyday devices increasingly detect and share observations about us, consumers will likely continue to want privacy.” FTC Chairwoman Edith Ramirez has expressed enthusiasm for the IoT, but at the same time acknowledged that a greater number of devices connected to the Internet meant “more entry points for potential intrusion.” Privacy advocates and attorneys are also increasingly drawing attention to the IoT. At a recent privacy law forum hosted by the Berkeley Center for Law and Technology, several panelists called for stringent security standards to safeguard personal data in the IoT.

The IoT is only likely to reach its full potential if the companies building “things” also build privacy into this new world. As always, consumers must endeavor to inform themselves about the privacy impact of using any new technology, and the IoT is no different. At the same time, device manufacturers must attempt to build consumer confidence in the IoT by proactively sharing and drawing consumer attention to the details of their data collection and sharing practices. An inconspicuously placed privacy policy, like Samsung’s, that users are unlikely to read will not suffice. The onus is on manufacturers to be upfront about their privacy policies and practices and to make consumers familiar with them. For without favorable consumer sentiment, the Internet of Things is unlikely to flourish.

Amisha Manek is a Technology & Civil Liberties intern with the ACLU of Northern California.