In the past few years, we’ve seen an explosion in the number of ‘smart devices’ for our homes and personal use. From vacuum cleaners to thermostats, innovators are discovering more and more ways to bring us electronic devices that are connected to the Internet.
But just how smart is it to use these devices? Just how much privacy (and personal security) are you trading in for convenience?
We know that smart devices are everywhere, and most of us already have at least one in our lives. Rather than argue against them we thought we’d explore some of the privacy issues these devices represent, so you can make an informed decision about which ones you want in your home or pocket.
What Are Smart Devices?
According to Wikipedia, a smart device is any electronic device that can be connected via Wi-Fi, Bluetooth, or other networking protocols and “can operate to some extent interactively and autonomously.”
At the top of the list is your smartphone. But the list of smart devices has exploded in the past few years to include the following:
- Smart speakers such as the Amazon Echo (Alexa), the Google Home, and similar devices that are voice-activated and can control other smart devices.
- Ebook readers like the Kindle or Nook.
- Smart doorbells, garage door openers, locks, and surveillance camerasthat allow you to control access to your home (and record activity outside your door) all using your smartphone.
- Smart household items such as thermostats (e.g. Nest), vacuums (e.g. Roombas), televisions, pressure cookers or slow cookers (e.g. Instant Pot), lightbulbs, order buttons, washing machines and dryers, and other items that can be programmed, controlled by a mobile device, and may even communicate with utility companies or online merchants.
- Smart watches, fitness devices, jewelry and similar items that record biometrics, count your steps, and deliver data to your phone or a website.
- Smart tech for your car. This can include radios, GPS, and other technology.
By no means is this a definitive list, but it does illustrate just how widespread smart technology—also known as “the Internet of Things”—has already become.
Do Smart Speakers Record Your Conversations?
Outside of our smartphones, one of the most common smart devices many of us use these days is a smart speaker, such as an Amazon Echo or a Google Home (and similarly, Siri, Google Now and Cortana on our smartphones). These devices allow us to ask the time and weather, play games and music, control household devices like thermostats and lights, and a variety of other commands
They work by having a speaker that constantly listens for the “wake word.” The question is, are these devices innocent bystanders that are essentially asleep when we’re not using them, or are they spying on us, recording everything that goes on in our private environments?
The answer isn’t exactly what you want to hear.
While the companies behind them (e.g. Amazon and Google) state that they don’t listen to, or record, any conversations other than what is needed for the devices to function, in reality, it’s not so black and white.
In a murder case in Arkansas, police tried to get Alexa recordings as part of the investigation. While Amazon refused to turn over records, citing First Amendment protections, they didn’t deny that the recordings existed.
Then there was a recent report about an Amazon customer who requested all of the data the company had collected about him. In return, he received a recording of a conversation made with an Echo device in someone else’s home.
Both incidents demonstrate two things that are worth further pondering:
- Amazon’s Echo devices are, in fact, recording and saving at least some of the conversations in our home—something Amazon had denied previously—so it’s not just what the device hears after you say the action word.
- Amazon’s data isn’t as secure as we might like to think.
The point here is that if you have a smart speaker in your home, you’ve granted the company the right to eavesdrop in your home, for reasons that are sometimes unclear (and mostly unregulated).
Smart TVs: Trading Price for Privacy
Since 2017 we’ve known that smart TVs—at least those manufactured by Vizio—spied on their owners, thanks to a report from the Federal Trade Commission.
As it turns out, it’s not just Vizio TVs we need to worry about. Currently, many manufacturers use a technology known as Automated Content Recognition (ACR) that collects data on viewing habits. It doesn’t just capture broadcast television, but anything visible on the screen, including gaming, DVDs, and other content.
As Tech Hive noted, “ACR can be used for good.” Your devices can help you find content you want to watch. But generally speaking, this data is sold to third parties for marketing purposes. In other words, you’re able to afford that 72” smart TV because a good chunk of your purchase was subsidized by your willingness to provide viewing data.
You might think you’re not impacted by this technology because your television doesn’t have “smart” capabilities. Think again. If you watch TV via Hulu or Netflix, use a Roku, Apple TV, or Chromecast device, or purchase movies and TV shows via iTunes or Amazon Prime, your viewing habits (what, where, and how you watch TV) are all captured and sold to advertisers.
Is the trade-off worth it? Time will tell.
Recording Might Not Be the Biggest Issue
While it’s troubling that big companies might be able to spy on us, that concern pales in comparison to what the devices represent for a skilled hacker.
In a chilling report, The New York Times reported that it’s possible to send undetectable commands via all of these smart speakers (and smartphone assistants like Siri) that can cause the devices to make telephone calls, open websites, or operate other smart devices. And it doesn’t stop with smart speakers. These commands can also be embedded within YouTube videos. As the article noted, “In the wrong hands, the technology could be used to unlock doors, wire money or buy stuff online—simply with music playing over the radio.”
Meanwhile, if you purchase a Roomba or other smart vacuum, you’re allowing that company to gain a map of your house, which could represent a security concern, especially since smart locks and security systems are vulnerable to hacking. Google Home and Chromecast devices leaked precise user information data. And, for some brands at least, smart light bulbs contain your WiFi password and other data that a determined hacker could extract.
In possibly the most extensive data collection to date, computers within Tesla automobiles amass a huge amount of data about their drivers, including video from inside the vehicle, data on crashes, and even contacts and other information from smart phones. As CNBC notes, “trashed Teslas that are sent to salvage can yield unencrypted and personally revealing data to anyone who takes possession of the car’s computer and knows how to extract it.”
So these devices present quite a few potential safety concerns, especially if the firmware that controls these devices isn’t routinely upgraded with security patches (and really, when’s the last time you updated your Nest?)
What Are You Willing to Trade for Privacy?
You might think it’s not a big deal that Amazon (or Apple, Microsoft, or Google) is listening to you singing goofy songs to your cats, but the reality is troubling. What if a conversation you have with someone ends up in the hands of one of your friends or relatives? What if a stranger finds out something and decides to use that information against you?
If you value your privacy, your interaction with these devices is worth considering. But before you toss your Amazon Echo in the trash, many other devices (including your computer and phone) can be used to listen to your conversations. Suffice it to say that digital eavesdropping and data collection remains a real privacy concern without sufficient legal protection for how companies should collect or protect the data.
As TechCrunch points out,
The Internet is intangible, and so its privacy risks appear to be, too. It’s one thing to know, in the back of your mind, that Facebook has the ability to comb through your private messages. But when devices in your home are recording your spoken conversations and physical movements, it’s harder to ignore the looming threat of potentially disastrous privacy violations.
Outsmarting the Smart Devices
Let’s face it. Smart devices are here to stay. Once we start using them, it’s very difficult to imagine life without them, even if they are watching our every move.
The good news? Lawmakers are starting to pay attention. The Electronic Privacy Information Center is pushing for more robust disclosure rules for smart devices and recommends consumers become better informed about what kinds of information are being collected and how they’re being used.
In the meantime, there are some things you can do to protect yourself.
- Disable ACR on Smart TVs. The New York Times has an excellent guide(with pictures!) to disabling ACR on every major TV brand. You can also go a step further by not connecting your TV to WiFi to begin with, effectively turning it into a dumb TV. Wired also looked into this issue and they break down the steps to disconnecting various brands’ smart TVs from the Internet, so it’s worth taking a look.
- Use smart speakers safely. There’s a limit on what you can do, but consider disabling calling/messaging features, don’t provide your contact list, and use the mute button.
- Practice safe WiFi. To reduce the chance of a nefarious hacker taking over your smart devices, always change the default username and password on your router as well as individual smart devices that connect to your network, using strong passwords that are unique to each device or service.
- Don’t enable features you don’t need. If a device like a cooker or washing machine offers Bluetooth connection to your smartphone, for example, ask yourself if you really need such functionality. Just because the option is available, don’t open yourself up to vulnerability.
- Keep all software up-to-date. While you may not always be able to update the firmware on a given device, you can ensure that the manufacturer’s app on your phone is current, as well as your operating system.