Image: Nick Beer/Dreamstime.com

Analysis

Why smart homes may not be so smart

24 January 2018 | By Stephen Cousins

With the internet embedded in the smart TV, the security system, in waste bins or the robot vacuum cleaner, there is no longer any way to control what type of personal data is generated and distributed about the domestic environment.– Andreas Jacobsson

Smart homes technologies such as smart meters, smart thermostats and voice-activated assistants, are all the rage. But they raise serious data privacy concerns. Andreas Jacobsson, a researcher at the Faculty of Technology and Society at Malmö University, who has studied data privacy for the past 15 years, explains why some of the issues may never be solved.

Smart connected homes are able to harvest data from a range of different devices, but what are the implications for the privacy of personal information and how it may be exploited?

The main problem, in terms of misuse of information, has its roots in commercial intent. Data collected about occupants through various connected devices in the home can be used to infer things about occupants’ behaviour and preferences. This can be used for targeting marketing campaigns, such as those created using data mined from social media and other sources.

Data may also be exploited by insurance companies, who could deduce the health profile of occupants based on the amount of time they spend watching TV, or the types food contained in their smart refrigerator.

You could find yourself in a situation where you are forced to accept an insurance situation, based not on information that you have chosen to share, but information that has been secretly collected about you from inside your home.

While both of these could be considered a nuisance – it bothers me that I have to share things about myself that I have not willingly given up – data can be used to draw extensive conclusions about a person and their behaviour that may place them in danger.

For example, data from movement sensors can show when people are not at home, this information could be posted on the dark web, where criminals go in search of assignment and jobs, such as breaking and entering.

Data on the types of products installed can indicate the value of items in the property, for use by potential thieves.

Aren’t regulations in place to prevent access to personal data?

Things like the UN Declaration of Human Rights and the new General Data Protection Regulation, due to come into force in the EU in May, try to protect citizens from privacy and data breaches. However, the fact the internet is decentralised, owned by everyone and no one at the same time, and operates across country borders, makes the regulation of smart home data a major challenge.

The fact is, no one really knows what kinds of personal, sensitive data are being collected, let alone where they are being distributed and how they are being used. There is no common understanding of this, there is only varying degrees of speculation. 

Don’t data privacy laws dictate that personal data collection should be limited to what is necessary and not shared with anyone without active user consent?

Yes, but there is debate over how “informed” users are when they give consent to access their personal data, it will remain a challenge to create the fully informed consumer.

Even looking closely at the privacy policies and end user license agreements of different firms and it’s difficult to understand how data will be used. You almost always encounter lines like “we will not share this data with anyone else, except for the companies we are collaborating with in our various alliances”.

That may be fine if certain statistics are being used by a technology supplier to improve their products, but questions should be raised if the supplier has a similar agreement in place to share the same data with a number of other companies.

In an eco-system of highly complex relations between different actors, there is a danger that some firms will use the data for commercial purposes.

We have seen similar development with the traditional internet, with the likes of Google and Facebook, harvesting data about users, which is packaged and repackaged in numerous ways to be sold in different online auctions. Much of the info ends up as tailored marketing messages you may be exposed to when surfing the web.

Does the smart homes phenomenon have deeper cultural and societal implications for privacy?

Yes, what troubles me is that all definitions of privacy have their roots in the virtue of privacy, and ever since the Ancient Greeks we have lived by the notion that what happens in the home should stay in the home.

Up to the point where the smart home enters the market, we have always regarded the home as the safest place where we can control the information about us that is spread outside.

But with the internet embedded in the smart TV, the security system, in waste bins or the robot vacuum cleaner, there is no longer any way to control what type of personal data is generated and distributed about the domestic environment.

Is there a solution to the problem?

When I started in this field 15 years ago there was a global debate and many people trying to fight invasions of privacy. Then, along came the likes of Facebook and Google and suddenly people didn’t care anymore, they were happy to give up their personal data to access different internet services because they considered the benefits greater than the risks.

This development does not lead me to think things will be any different regarding the smart homes paradigm. Quite the opposite – people won’t care. On one hand, you could say personal privacy is not such a big deal any more, on the other, you could say the need to discuss personal privacy issues is more important than ever before.

Image: Nick Beer/Dreamstime.com