IoT reality: no alternative or acceptable outcome
How have Amazon employees bugged users for years and keep silent about it? What can you tell about a person by knowing their floor temperature and humidity level in their home? Why do insurance companies want to break into your refrigerator? Let's find out how a smart home works, what privacy risks are associated with it and ways of how not to lose your sense of security in your own home.
One example of such "smart device," is a light bulb announced by Sengled. It is designed to track sleep and other measurements like heart rate and body temperature. The company claim that the light bulb determines whether a person has fallen or not, and if a fall is life-threatening, to call an ambulance.
The undeniable benefits offered by IoT technologies, however, come with security and privacy risks. The emergence of innovative developments not only "shakes" public opinion, but also changes the idea of "technology ethics". According to a survey of residents in the United States, Canada, Japan, Australia, France and the United Kingdom, about 63% of people perceive them as "creepy" and 75% do not trust the way these devices handle personal data.
At the same time, consumers' wariness does not stop them from continuing to buy devices (the same survey showed that 70% of respondents have smart devices). This contradiction was also documented in a study conducted by Consumers International and the Internet Society.
A report by Fortune Business Insights indicates that the global Internet of Things market, valued at $190 billion in 2018, will reach $1.11 trillion by 2026.
Most of the questions remain unresolved. Will "smart devices" respect the right to privacy of our lives? Who has a stake in this? Have standards of secure IoT devices been created?
The data collected by smart devices, whether it's light levels, refrigerator fullness or air humidity, hardly fits within the concept of personal data because it doesn't relate to a person's identity. At the same time, the huge sets of data collected by the devices on a daily basis make it possible to fully build a person's schedule and find out their eating habits, sleeping habits, sex life and interests. Thus, companies that have possibilities to correlate or enhance data (data enhancement) gain virtually limitless power over the individual, evading the requirements of privacy and personal data protection laws. In this regard, it is increasingly possible to hear calls for a large-scale revision of the fundamental principles of privacy protection and the definition of personal data.
Moreover, the activities of IoT-system operators are not licensed because they do not fall under the provision of communication services or data protection, as indicated by Roskomnadzor in its response to an appeal by the Internet of Things Association. The lack of licensing requirements and standards negatively affects the security characteristics of "smart" devices. For example, many devices can communicate with each other either through weakly protected networks or through shared WiFi networks to which all mobile and stationary devices are connected
It's no secret that for most people home is a space of security and privacy. In practice, however, the situation is different: it turns out that when you buy a smart device in your home, you simultaneously invite an "uninvited guest" — a person from the think tank of the company-developer. In April 2019, it was revealed that millions of recordings from Alex's smart speaker had been tapped by Amazon employees to improve the home station:
“I think we’ve been conditioned to the assumption that these machines are just doing magic machine learning. But the fact is there is still manual processing involved.” — said Florian Schaub, a professor at the University of Michigan who has researched privacy issues in smart speakers.
Imagine that a smart home detected that you are absent-minded and often forget to lock your door or leave your keys when leaving your apartment. Upon learning this, smart home operators may illegally sell data to insurance companies interested in obtaining information on potential customers. When you apply to an insurance company for car insurance, the insurance risks will be assessed already. And fact that you are a distracted person will be taking into account.
Another example, the developers of Siri or Alexa voice assistants explicitly state that the devices can record and transmit information which they receive during interactions with the owner to third parties. Thus, if you ask the assistant the weather before you leave the house in rainy weather, you are likely to see advertisements for umbrellas and waterproof clothing. Many people take this as a given, not realizing that in this way advertising companies and manufacturers of smart devices can deliberately influence your desires, needs and purchases, pushing you to a particular decision.
One of the best ways to keep your "smart home" safe is to do research before purchasing new devices and not shop on a whim. If you're thinking about buying a new connected speaker or smart refrigerator, search the Internet for that device and see if other consumers have had problems with it. For example, you can learn about Yandex's most popular station in the CIS, Alice, in Roscomsvoboda materials. You can also explore privacy policies. Many smart home device manufacturers have them.
Many smart devices come with short and simple passwords that must be reset after purchase. It's important that you take the time to change them.
When you choose a new password, make sure it consists of symbols, numbers, and characters and does not contain recognizable words or numeric sequences. It's also important to review and change your default security and privacy settings. If you can limit the amount of data stored and processed by the smart device, by all means do so.