Have you ever had the creepy feeling that someone is watching you? There are billions of things that detect it every day. They’re everywhere, hidden in plain sight: inside your TV, refrigerator, car, and office. These things know more than people realize, and many of them communicate that information through the Internet.
In 2007, it would have been hard to imagine the revolution of useful apps and services that smartphones ushered in. But they came at a cost in terms of intrusiveness and loss of privacy.
As computer scientists studying data management and privacy, we discovered that with Internet connectivity extended to devices in homes, offices, and cities, privacy is more at risk than ever.
Internet of Things
Your appliances, car and home are designed to make life easier and automate the tasks you do every day. To work their magic, they need the Internet to search for help and correlate data. Without internet access, your smart thermostat can collect data about you, but it doesn’t know what the weather forecast is and it’s not powerful enough to process all the information and decide what to do.
But it’s not just the things in your home that communicate over the Internet. Workplaces, shopping malls and cities are also getting smarter. Smart devices in those places have similar requirements.
In fact, the “Internet of Things” is already widely used in transportation and logistics, agriculture, and the automation of industry and livestock. There were around 22 billion internet-connected devices in use worldwide in 2018, and the number is projected to grow to more than 50 billion by 2030.
What these things know
Smart devices collect a wide range of data about their users. Smart security cameras and smart assistants are ultimately cameras and microphones in your home that collect video and audio information about your presence and activities.
On the less obvious end of the spectrum, things like smart TVs use cameras and microphones to spy on users, smart light bulbs track your sleep and heart rate, and smart vacuum cleaners recognize objects in your home and map every inch of it.
Sometimes this surveillance is marketed as a feature. For example, some Wi-Fi routers can collect information about the whereabouts of users in the home and even coordinate with other smart devices to detect motion.
Manufacturers often promise that only automated decision-making systems and not humans will see their data. But this is not always the case. For example, Amazon workers listen to some conversations with Alexa, transcribe them and annotate them before feeding them into automated decision-making systems.
But even limiting access to personal data to automated decision-making systems can have unintended consequences. Any private data shared over the Internet could be vulnerable to hackers anywhere in the world, and few Internet-connected consumer devices are very secure.
Understand the vulnerabilities
Users can occasionally turn off some devices such as smart speakers or cameras for privacy. However, even when this is an option, disconnecting devices from the Internet can severely limit their usefulness. You also don’t have that option when you’re in workspaces, shopping malls, or smart cities. So you could be vulnerable even if you don’t own smart devices.
As a user, it is important to make an informed decision by understanding privacy and convenience when purchasing, installing, and using an Internet-connected device.
This is not always easy. Studies have shown that, for example, owners of smart home personal assistants have an incomplete understanding of what data the devices collect, where the data is stored, and who can access it.
Governments around the world have introduced laws to protect privacy and give people more control over their data. Some examples are the European General Data Protection Regulation and the California Consumer Privacy Act. Thanks to this, for example, you can send a data subject access request to the organization that collects your data from a device connected to the Internet. Organizations must respond by explaining what data is collected, how it is used within the organization and if it is shared with third parties.
Limit damage to privacy
Regulations are an important step. However, your app will likely take a while to catch up with the ever-increasing population of internet-connected devices. In the meantime, there are things you can do to reap some of the benefits of connecting to the Internet without revealing excessive amounts of personal data.
If you own a smart device, you can take steps to protect it and minimize risks to your privacy. The Federal Trade Commission offers tips on how to protect your Internet-connected devices.
The key steps are updating the device’s firmware regularly, reviewing your settings, and disabling any unwanted data collection. The Online Trust Alliance provides additional advice and a checklist for consumers to ensure the safe and private use of consumer Internet-connected devices.
If you are unsure about purchasing an Internet-connected device, find out what data it captures and what the manufacturer’s data management policies are from independent sources, such as Mozilla’s privacy not included. By using this information, you can opt for a smart device from a manufacturer that takes the privacy of its users seriously.
Last but not least, you can pause and reflect on whether you really need all your devices to be smart. For example, are you willing to give up your information so you can verbally command your coffee maker to make a cup of coffee or play your favorite music while you shower?