Your smart devices are spying on you — here’s how to limit the privacy damage
Think before you buy
Internet of Things
Your appliances, car, and home are designed to make your life easier and automate tasks you perform daily: switch lights on and off when you enter and exit a room, remind you that your tomatoes are about to go bad, personalize the temperature of the house depending on the weather and preferences of each person in the household.
To do their magic, they need the internet to reach out for help and correlate data. Without internet access, your smart thermostat can collect data about you, but it doesn’t know what the weather forecast is, and it isn’t powerful enough to process all of the information to decide what to do.
But it’s not just the things in your home that are communicating over the internet. Workplaces, malls, and cities are also becoming smarter, and the smart devices in those places have similar requirements. In fact, theInternet of Things(IoT) is already widely used in transport and logistics, agriculture and farming, and industry automation. There were around 22 billion internet-connected devices in use around the world in 2018, and the number isprojected to grow to over 50 billion by 2030.
What these things know about you
Smart devices collect a wide range of data about their users. Smart security cameras and smart assistants are, in the end, cameras and microphones in your home that collect video and audio information about your presence and activities. On the less obvious end of the spectrum, things like smart TVs usecameras and microphones to spy on users, smart lightbulbstrack your sleep and heart rate, and smart vacuum cleanersrecognize objects in your home and map every inch of it.
Sometimes, this surveillance is marketed as a feature. For example, some Wi-Fi routers can collect information about users’ whereabouts in the home and evencoordinate with other smart devices to sense motion.
Manufacturers typically promise that only automated decision-making systems and not humans see your data. But this isn’t always the case. For example, Amazon workerslisten to some conversations with Alexa, transcribe them and annotate them, before feeding them into automated decision-making systems.
But even limiting access to personal data to automated decision-making systems can have unwanted consequences. Any private data that is shared over the internet could be vulnerable to hackers anywhere in the world, andfew consumer internet-connected devices are very secure.
Understand your vulnerabilities
With some devices, like smart speakers or cameras, users can occasionally turn them off for privacy. However, even when this is an option, disconnecting the devices from the internet can severely limit their usefulness. You also don’t have that option when you’re in workspaces, malls or smart cities, so you could be vulnerable even if you don’t own smart devices.
Therefore, as a user, it is important to make an informed decision by understanding the trade-offs between privacy and comfort when buying, installing and using an internet-connected device. This is not always easy. Studies have shown that, for example, owners of smart home personal assistantshave an incomplete understandingof what data the devices collect, where the data is stored, and who can access it.
Governments all over the world have introduced laws to protect privacy and give people more control over their data. Some examples are theEuropean General Data Protection Regulation (GDPR)andCalifornia Consumer Privacy Act (CCPA). Thanks to this, for instance, you cansubmit a Data Subject Access Request (DSAR)to the organization that collects your data from an internet-connected device. The organizations are required to respond to requests within those jurisdictions within a month explaining what data is collected, how it is used within the organization, and whether it is shared with any third parties.
Limit the privacy damage
Regulations are an important step; however, their enforcement is likely to take a while to catch up with the ever-increasing population of internet-connected devices. In the meantime, there are things you can do to take advantage of some of the benefits of internet-connected without giving away an inordinate amount of personal data.
If you own a smart device, you can take steps to secure it and minimize risks to your privacy. The Federal Trade Commission offerssuggestions on how to secure your internet-connected devices. Two key steps are updating the device’s firmware regularly and going through its settings and disabling any data collection that is not related to what you want the device to do. The Online Trust Alliance provides additionaltips and a checklist for consumersto ensure safe and private use of consumer internet-connected devices.
If you are on the fence about purchasing an internet-connected device, find out what data it captures and what the manufacturer’s data management policies are from independent sources such asMozilla’s Privacy Not Included. By using this information, you can opt for a version of the smart device you want from a manufacturer that takes the privacy of its users seriously.
Last but not least, you can pause and reflect on whether you really need all your devices to be smart. For example, are you willing to give away information about yourself to be able toverbally command your coffee machine to make you a coffee?
This article byRoberto Yus, Assistant Professor of Computer Science,University of Maryland, Baltimore CountyandPrimal Pappachan, Postdoctoral Scholar in Computer Science,Penn Stateis republished fromThe Conversationunder a Creative Commons license. Read theoriginal article.
Story byThe Conversation
An independent news and commentary website produced by academics and journalists.An independent news and commentary website produced by academics and journalists.
Get the TNW newsletter
Get the most important tech news in your inbox each week.
