Smart Homes: Our Next Digital Privacy Nightmare

The hyper-connected smart home of the future promises to change the way we live. More efficient energy usage, Internet-connected appliances that communicate with one another and cloud-enhanced home security are just some of the conveniences we'll enjoy.

It's going to be amazing. It will also open up major questions about privacy.

We're already catching a glimpse of our futuristic living quarters with products like the Nest, the WiFi-connected smart thermostat with an Apple-esque sleekness. Each year, the Consumer Electronics Show introduces us a handful of new connected appliances and household items, each one bringing us closer to the so-called "Internet of things" we keep hearing about. Everybody from giant Internet service providers to scrappy startups are getting in on the smart home game, building products that will make our homes more efficient, secure and livable. Before long, Jetsons-style robots will be feeding our pets. 

If you think digital privacy is a contentious issue now, just wait. 

Government Requests For Personal Data On The Rise

Consider this: In the last few years, Internet service providers and mobile carriers have seen a huge spike in government requests for data about customers. AT&T alone receives 700 such requests per day, according to The New York Times. They're not alone. Carriers and ISPs collectively receive thousands of requests for customer data per day from local law enforcement, federal agencies and courts. In many cases, they're willingly handing it over. In very few are they actually telling us about it.  

This uptick in government data requests corresponds with the rapid rise of smartphones and other connected gadgets among the general population. Naturally, as these devices proliferate, they are inevitably being used by some consumers to do bad things. But as we've seen, the technology has evolved more quickly than our society's rules about privacy — such as those enshrined in the Fourth Amendment to the U.S. Constitution — can possibly be crafted.

Why does it matter what companies like Verizon and Comcast do with their customers' information? Because those very same firms are now selling smart home products that will allow them to collect more data about our lives than ever before. 

"The information that's available in a smart home can be really extraordinarily detailed," says Rebecca Jeschke, media relations director at the Electronic Frontier Foundation.  

Analyzing a household's power usage alone can reveal details about a family's schedule and habits and may even one day hint at what different appliances might be used for. 

"The technology is such that it won't be too long before you can look at somebody's power usage be able to know when they opened the fridge or how much food was in it," says Jeschke. "And that's without a wired fridge. That's just the power."

Your Smart Home Will Be a Trove Of Data

Every time we connect another one of our household appliances to the Internet, we're going to be generating another set of data about our lives and storing it some company's servers. That data can be incredibly useful to us, but it creates yet another digital trail of personal details that could become vulnerable to court subpoenas, law enforcement requests (with or without a warrant) or hackers. 

Okay, so maybe you don't care if somebody else knows what's in your WiFi-connected refrigerator. But what about your bedroom? 

Comcast is one of the many companies making a move toward the connected home. The cable giant offers a product called XFinity Home that offers the latest in home automation technology: smart energy management, remote-controlled door locks and in-home video surveillance. All of these features and more are conveniently accessible from smartphones, tablets and a Web-based portal. 

Having remote, mobile access to our homes in this way presents enormous advantages. But it also raises a red flag when it comes to privacy, says Abdullahi Arabo, a research fellow at the University of Oxford who wrote a paper examining the privacy implications of smart home technology. 

"In reality, our smart devices hold more information than our brains," says Arabo. "This makes them a good target for hackers, malware and unauthorized users."

Of course, this has been the case for quite some time, but in the age of the smart home, a stolen or hacked phone isn't just a repository of personal information: it's a remote control for your entire house. If you've signed up for the remote surveillance service, it also contains live video feeds from every room in the house. 

In-Home Video Surveillance: Fair Game For Authorities? 

The video monitoring feature alone raises some serious questions about privacy, hackers aside. These videos are living on Comcast's servers. If the police suspect me of being a drug lord and they ask Comcast for access for a live video feed into my house, will they comply? Would the police need a warrant? 

As is often the case with digital privacy issues, there's no clear legal precedent to draw from. Courts and legislative bodies tend to move considerably more slowly than the pace of technological innovation, so we end up with awkward grey areas like this. 

Comcast did not respond to multiple requests for information about XFinity Home's privacy protections. In general, the company's privacy policy acknowledges that "it is possible that we may be required to provide information about you to a court or law enforcement agency… [only] if we are legally required to do so." 

Not Exactly Digital Privacy Champions 

Historically, Comcast isn't known to be transparent about such requests. In the EFF's "Who Has Your Back?" digital privacy scorecard, Comcast earned only one of four stars. While the company has been known to stand up for user privacy in the courts, it lost points for not being transparent about government data requests. 

It's not just XFinity Home that offers this type of smart home service. Verizon has its own offering and its privacy record is even worse, according to the EFF's most recent report. AT&T, another telco with a less-than-stellar privacy record, is also getting into the home automation business. It's worth noting that these are the same companies fielding thousands of government data requests every day, many of which are granted. 

"The big question you need to ask when you look at these kinds of services is, If I can get access to this information, who else can?" says Jeschke. "If a report is being generated for me or if I have access to a live feed, who else has access to it?"

It's admittedly still very early in this game. There haven't been any known cases of smart home customers alleging privacy intrusions via their Internet-connected home surveillance systems, for instance. But as the technology becomes more widely adopted, expect to hear more about the privacy implications.  Indeed, there's already been some controversy in Northern California over the use of smart energy meters and the personal information they can transmit. 

"I can see some really bad outcomes from this kind of wired world," says Jeschke.  The most obvious one, she says, is that third parties like law enforcement, courts and marketers can get access to more private information about consumers.  "Another bad outcome is that we don't get these cool things, because of privacy concerns."

Lead photo via Flickr user Brett VA