The real price of cheap smart devices
In a majority of U.S. states, companies can sell the data they collect on you without your consent or knowledge. And they’re collecting everything.
Today, we live in a smart world. Smartphones have become essential items and tablets, laptops, and computers are scattered about our rooms haphazardly. But this is just the tip of the iceberg. Fitness watches, smart fridges, smart thermometers, smart light bulbs, smart washing machines, smart assistants, and smart vacuums (among others) pepper our everyday lives with convenience. We have smart TVs upstairs and downstairs, connected to controls and consoles, offering us round-the-clock entertainment from cable and myriad streaming services. And, of course, we need to protect our smart homes with smart security systems like video cameras, smart locks, and baby monitors.
Your smart home is intelligent in more ways than one and your privacy is the price of convenience. Your home, and the companies behind it, know everything about you.
The more you don’t know
The lax or (in many cases) absent laws on data collection, usage, and commodification contribute to most people having no idea that their devices might be collecting their data, which data is being collected, or where that data could end up. There are two ways your devices may collect your data:
1. Personally entering your data when setting up the device. A lot of smart devices will have companion apps or a registration requirement before use, during which you will likely be asked to enter a range of personal information with often worrying ramifications
The requested information has no relevance to the device (e.g. your date of birth when setting up a smart washing machine)
There is no clarification, or difficult to find clarification, about the intended use of your data
There is no opt-in or opt-out concerning the intended use of your data
Likely, any data collected and sold will not only travel from A (company) to B (data brokerage), although this would be concerning enough. Data will be sold, analyzed, and compiled multiple times between multiple sources. Additionally, the more frequently and widely your information is shared, the more at risk it is to hacks and leaks.
2. Constant monitoring from inside your home. You may be familiar with how smart televisions use Automatic Content Recognition (ACR) to monitor what you watch, assess content performance, build profiles for audiences, and target you with relevant ads. However, this type of activity monitoring isn’t exclusive to entertainment devices
Your devices could be monitoring your activity without your knowledge, everything from your schedule to consumption habits
Your devices could be listening without your knowledge (do you know when a device’s mic is on/off/active?)
The companies behind your devices could be aggregating and selling this data to multiple unknown sources for profit
The growing world of data brokerage
There are dozens of companies across the U.S. that deal in data. Huge companies with millions of personal profiles, profiting off of your data and your (lack of) privacy. These profiles are used for banal practices like ad targeting, but there are instances where they have been applied to more insidious and potentially manipulative practices like race and medical condition profiling, risk assessment, and voter identification.
You may also be surprised at the complexity of your data profile as compiled by some data brokerages. It extends far beyond things like age and gender, including education, employment, political views, granular purchasing habits, media usage, net worth, vehicles owned, health, religion, ethnicity, socioeconomic status, economic stability, likelihood to be socially influenced, relationship to your taxes - the list keeps going.
So, what’s next?
The first step to combating this egregious invasion of (and profit from) your privacy is to raise awareness of these practices. There can be no public pressure to resolve this infringement of rights without education about how data is collected, shared, and sold.
Secondly, there needs to be effective recourse from the government. There has been some effort to legally address transparency over data collection (notably in California, Colorado, and Virginia) but, as a whole, the U.S. falls drastically behind when it comes to the implementation of appropriate laws and regulations to manage consumer safety around data privacy. The EU has implemented General Data Protection Regulation (GDPR), a regulation on information privacy and a component of human rights law. GDPR includes ‘the right to erasure’ which says citizens must be able to request the deletion of their personal data from individual organizations. The U.S. has no equivalent.
In an increasingly smart world, you deserve increasingly smart data security.