For most people, the thought of a smart device sharing their intimate conversations and sending those recordings along to their acquaintances is the stuff of dystopian nightmares. And for one family in Portland, it’s a nightmare that became all too real when their Amazon Echo sent a recording of a private conversation to a random contact in their phone book.
Mercifully, the recorded conversation was fairly banal — a chat about home renovations. But as smart home technology is swiftly being integrated into our daily lives and private spaces, it’s not difficult to imagine far worse scenarios.
Smart speakers record residents’ conversations. Thermostats equipped with motion sensors track the whereabouts of each household member, and when they leave the house. Refrigerators remember grocery lists and spending habits. One thing is clear: when residents invite smart technology into their homes, they are gambling with their privacy.
Ironically, the smart home may turn out to be the salvation of online privacy itself. Internet companies have gotten away with hoarding people’s personal data for so long in part because of what experts call “the privacy paradox”: while most people claim to care deeply about online privacy, very few of them take action to protect it. Just look at the recent furor over Facebook’s lack of data privacy protections, which resulted in the compromise of 87 million users’ personal information. Though plenty of people tweeted they would #DeleteFacebook, how many actually permanently closed their accounts? Certainly far fewer than 87 million.
While experts disagree about why this paradox exists, at least some of the problem seems rooted in the fact that online space is virtual, whereas our privacy instincts evolved in physical space. By bringing virtual privacy incursions into the physical world—particularly into the protected private space of the home—smart home technology could short-circuit that dynamic.
The internet is intangible, and so its privacy risks appear to be too. It’s one thing to know, in the back of your mind, that Facebook has the ability to comb through your private messages. But when devices in your home are recording your spoken conversations and physical movements, it’s harder to ignore the looming threat of potentially disastrous privacy violations.
If smart fridges and smart locks get people to take online privacy as seriously as physical privacy, they could do what the Equifax hack and other high-profile data breaches could not: actually get people to change their behavior. If users vote for privacy with their feet—or their wallets—they could spur a wholesale rethinking of the online economy, away from one-sided exploitation and toward greater trust and transparency.
Privacy in virtual space
In Western culture, the home has long been recognized as a protected zone; the Talmud includes prohibitions against putting in windows in a house that directly look into a neighbor’s. When a stranger peeps through our window or listens at our door, millennia-old norms tell us we should chase them away. This desire for isolation may stem from a fundamental biological need; whether you’re a human or a possum, physical withdrawal means concealment and protection from predation, making privacy an evolutionary life-or-death matter.
But websites and apps have no physical presence in our lives. A software algorithm, no matter how malicious, doesn’t have the visceral menace of an unknown face at the glass. The internet disarms us by making our interactions feel abstract, even unreal. One 2016 study posited that this sense of unreality leads to contradictory attitudes about online privacy: while people know rationally that they should be concerned about virtual incursions, they simply don’t have a strong “gut feeling” about it intuitively. And when making decisions in the moment, gut feeling often wins out.
The problem is exacerbated by the fact that online, there is less of a clear distinction between private and public space. We use social media to communicate simultaneously with hundreds or thousands of anonymous followers and with our closest friends. Email inboxes, Slack channels, and the like are more obviously “closed” spaces, but even there it’s often unclear to users which algorithms might be listening in. Even Snapchat—known for auto-deleting users’ photos, videos, and chats to protect their privacy—announced it would allow retargeted ads in fall 2017, to relatively little backlash. It’s hard to think about protecting ourselves from the stranger peeping in the window when we’re not even sure if it’s a public or private space he or she is looking into. What’s more, many users tend to imagine online “walls” that aren’t really there.
“How secure are your light bulbs?”
When the internet enters the clearly private space of the home, some of that ambiguity will to disappear. It’s telling that a November 2017 survey by Deloitte found that consumers are more cautious in general about smart home devices compared to general online activities or even other categories of IoT. Forty percent of respondents said that they felt smart home technology “reveals too much about their personal lives,” while another 40 percent said they were worried about their usage being tracked. By comparison, they were less mistrustful of other IoT applications like autonomous vehicles and smart car technology, even though they have similar tracking capabilities.
And that survey only considers peoples’ reaction to fairly abstract privacy risks. The reality is that in a smart home, security vulnerabilities and data breaches can have much more dramatic real-world impacts. On his blog Charged, developer and journalist Owen Williams recently detailed his experience trying to figure out who or what kept overriding his brightness settings for his Phillips Hue smart light bulbs. It turned out that an app he’d enabled to dim his office lights at night had taken over all the bulbs hooked up to Williams’ Hue system and was keeping them at one uniform brightness.
As Williams points out, if a malicious app accomplished the same feat, it could extort money from the user by “randomly changing the brightness or color of lights until they pay.” When a cyberattack results in lights that won’t stop flashing—or doors that won’t lock, windows that won’t close, or a fridge turns itself off and melts all your ice cream—it’s logical that people’s reactions to digital privacy incursions will become that much more extreme.
Trust is the antidote
How can internet companies thrive in the privacy-sensitive space of the home? If privacy behavior is mostly about gut feelings, they’ll need to reinforce positive ones by winning consumers’ trust.
Trust has not historically been a major factor in the adoption of complex new technologies—research into technology acceptance models on both virtual and IOT systems shows that usability has been much more important. Even heavy users of Google and Facebook probably wouldn’t say that they trust either company very deeply.
However, a look at another internet giant, Airbnb, shows how this calculus changes when users’ homes and not just their online identities are involved. Airbnb puts trust at the core of its business model. Hosts are only willing to open their homes to strangers because the company empowers them with access to information about potential guests (which the guests themselves choose to provide), including their bio, reviews, and public Facebook profile.
By focusing on forging connections between hosts and guests, Airbnb builds community and reduces the uncertainty that pervades users’ relationships with so many internet companies. Airbnb is also relatively transparent about how it collects and analyzes user data, and often puts it to use in ways that increase users’ control over how they use the platform—for instance, to generate more accurate pricing suggestions for hosts. The result: it pushes users’ concerns about opening their homes or staying in others’ spaces out of the realm of gut feeling into that of a more considered, rational (and easy to ignore) concern.
If they want to thrive amid rising privacy concerns in the long term, manufacturers of smart home products, would be wise to take a page from Airbnb’s book. They should find ways to forge trust through absolute transparency, sharing with customers what data is being collected and how it’s being used. They should create new business models that don’t rely on collecting terabytes and terabytes of personal data, but on building trust – and even community – with customers.=
Companies should not only implement best practices for personal data encryption, storage, sharing, and deletion, but design their products around the customer’s ability to control their own data. If the development of IoT follows this path, the next 10 to 15 years won’t bring an inevitable erosion of privacy, but its renaissance.