A couple of weeks ago we experienced a media-wide furore over Samsung’s smart TVs potentially recording all your privately spoken words, with the company’s privacy policy advising owners not to disclose “personal or other sensitive information [because] that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”
Although Samsung quickly moved to quell fears by telling users that they could deactivate voice recognition or disconnect their TVs from their Wi-Fi network, the very fact that a such clause was inserted into the privacy policy in the first place should be disconcerting, if not downright frightening.
Smart TVs are far from being the only offenders, however. With Facebook recording our every click, Google tracking us around the web, and smartphones saving our locations on a worryingly frequent basis, we are increasingly living in an Orwellian dystopia. The advent of the smart home and the Internet of Things (IoT) is only exacerbating the problem, and there are now so many devices spying on us that they’re becoming ubiquitous.
Here we look at some of those devices, along with what exactly they’re recording, and who’s benefitting:
1. Sense
What is it?
Manufactured by Hello, the Sense device claims to be “the first system for understanding your sleep and bedroom.” It comes in two parts - a bedside device which monitors external factors such as noise, light, temperature, humidity and particles in the air, and a “Sleep Pill” which attaches to your pillow and monitors your movements and the quality of your sleep by using an accelerometer and gyroscope. It was one of the most-backed Kickstarter projects of last year.
Why should you be concerned?
The bedside device contains an “always-on” microphone, with all audio sent back to Sense’s cloud for easy playback by its owners. While eight hours of snoring might not be very interesting, there are an untold number of reasons why this is a privacy nightmare, with anything from personal details to the sound of two consenting adults being put into a space that the owner has no control over.
Most worrying? A glance at Hello’s privacy policy shows that the company takes no responsibility when it comes to deleting your information, saying:
“You agree that Hello has no responsibility or liability for the deletion of or failure to store any data or other content maintained or uploaded by the service.”
It means that if you accidentally discuss your finances, reveal your personal data, or discuss other sensitive topics, that audio could be stored in the cloud for a long, long time.
2. LG Smart ThinQ Fridge
What is it?
It’s that thing in the corner of your kitchen that you keep food (or drink) in…!
On a serious note, the LG Smart ThinQ fridge aims to take over everything to do with cooking and preparing meals. It’ll tell you what’s inside it, help to create shopping lists, inform you when expiration dates are approaching, suggests recipes, sync with your smartphone, and even tell you the weather.
Why should you be concerned?
In order to function effectively, smart fridges need to connect to your Wi-Fi network, and that means that they can be commandeered by hackers and criminals. In fact, Dawn Meyerriecks, the Deputy Director of the CIA’s Directorate of Science and Technology recently told the Aspen Security Centre Forum in Colorado that “Smart refrigerators have been used in distributed denial of service attacks,” and claimed that “At least one smart fridge played a role in a massive spam attack last year, involving more than 100,000 Internet-connected devices and more than 750,000 spam emails.”
This raises wider concerns about security within the Internet of Things. The nature of the sector means access points are going to grow exponentially over the coming years, and while a typical home user might currently have less than ten access points that need to be secured, the IoT could expand that number into the hundreds. Without adequate security, everything from your fridge to your in-car entertainment system could become a potentially exploitable route into your personal data and information.
3. MyLink
What is it?
MyLink is a product by American car manufacturer Chevrolet that aims to turn a normal vehicle into a smart vehicle. It provides drivers with hands-free control of the hi-fi, an ability to access phone contacts, and access to SiriusXM. That’s all great. What’s less great from a privacy perspective is its built-in data grabber, enticingly called “Valet Mode with Performance Data Recorder.”
Why should you be concerned?
“Valet Mode” allows you to monitor you own car remotely, while the “Performance Data Recorder” tracks data such as GPS location, speed, RPM, gears, and distance driven. The concerning part is that its privacy policy entitles Chevrolet to profile driving activity and sell it in an “anonymous and aggregated form” to third parties - meaning other companies will have access to how and where you drive. Could this information eventually find its way into the hands of the police? Possibly. For example, is it that hard to imagine cloud-based speeding tickets in the not-to-distant future?
4. iSmart Alarm
What is it?
The iSmart Alarm is a cloud-based, real-time, “intelligent”, home security system. It was founded out of Silicon Valley back in 2012 and has gone on to win multiple awards from publications such as CNet and PC Mag. It offers on-demand video streaming from around your home, control of all your electrical outlets, instant notifications of intruders, control over your lighting, and remote control management of the system.
Why should you be concerned?
The idea of streaming video of your empty house to the Internet should instantly ring alarm bells. Where is the data stored? Who has access to it? Could criminals determine your movements to establish a pattern of whether or not you’re at home? Would the alarm manufacturer also be notified if you got a notification about an intrusion?
Concerns of this nature extend to all “smart systems” in the home. For example, would the manufacturer of a Wi-Fi based entertainment system be able to get information about your choice of audio? Would energy companies ultimately get access to data provided by your smart thermostat, allowing them to hike their rates if they know you’re using the air conditioning?
5. Xbox Kinect
What is it?
Xbox Kinect is an add-on for Microsoft’s Xbox gaming console. It uses a camera to monitor and record a player’s movements, enabling them to both interact with Windows, games and issue spoken commands. It was originally Microsoft’s response to the popularity of the Nintendo Wii, but has since become an integral part of Microsoft’s entertainment product suite.
Why should you be concerned?
Originally, it was Microsoft’s intention to make it an “always-on” device, but users were not happy. It’s no surprise, and it’s all because of the power of the device’s camera. As the company itself boasts:
“Microsoft’s Xbox One system has a high-definition camera that can monitor players at thirty frames per second. Using a technology called Time of Flight, it can track the movement of individual photons, picking up minute alterations in a viewer’s skin colour to measure blood flow, then calculate changes in heart rate. The software can monitor six people simultaneously, in visible or infra-red light, charting their gaze and their basic emotional states.”
Are you comfortable with Microsoft knowing your emotional state at any given moment? Probably not…
Who is Benefiting?
As with almost everything privacy related, two main groups of people stand to benefit: advertisers and criminals.
While it is true that all the gadgets naturally aim to bring benefits to the user - be those entertainment benefits, practical benefits, or health benefits - all the gadgets we listed also offer clear benefits to manufacturers and advertisers. The manufacturer can collect user data and sell it to third parties, who can then use it to build up a consumer profile of your likes and dislikes - serving you differing adverts depending on your preferences, your mood, or what time of day it is. Ultimately, it means both parties are making a lot of money off your usage of their products.
A further consequence of all this connectivity is that criminals can also benefit. Home networks and company infrastructure can be hacked and exploited, identities can be stolen, and malware and computer viruses can be spread. Why do they do this? The same reason as the companies themselves. Money. Your data is hugely valuable in both the corporate world and criminal underworld. Legal and illegal groups are both willing to go to extreme lengths to get their hands on it.