Have you ever felt an eerie feeling that someone is watching you? Then you turn around and see nothing out of the ordinary. Depending on where you were, however, you may not have fully imagined it. You are feeling billions of things every day. They are hiding everywhere – inside your TV, your fridge, your car and your office. These things know more about you than you might imagine, and many of them share that information on the internet.
Back in 2007, it would have been hard to imagine the revolution of apps and useful services that smartphones have brought. But they came at a cost in terms of disruption and loss of privacy. As computer scientists who study data management and privacy, we see that privacy is threatened more than ever by the expansion of internet connectivity to devices in homes, offices and cities.
The Internet of Things
Your appliances, your car and your home are designed to make your life easier and automate the tasks you do every day: turn the lights on and off when you enter and leave a room, remind you that your tomatoes are about to go bad, adjust the temperature of the house to suit yourself. depending on the weather and the preferences of everyone in the family.
To work their magic, they need the internet for help and to correlate data. Without internet access, your smart thermostat can collect data about you, but it doesn’t know what the weather forecast is, and it’s not powerful enough to process all the information to decide what to do.
But it’s not just the things in your home that are communicating on the internet. Workplaces, malls and cities are also becoming smarter, and the smart devices in those places have similar requirements. In fact, the Internet of Things (IoT) is already widely used in transportation and logistics, agriculture and farming, and industrial automation. There were approximately 22 billion internet-connected devices in use worldwide in 2018, and the number is expected to increase to over 50 billion by 2030.
What these things know about you
Smart devices collect a wide range of data about their users. Smart security cameras and smart assistants are ultimately cameras and microphones in your home that collect video and audio information about your presence and activities. On the less obvious side of the spectrum, things like smart TVs use cameras and microphones to spy on users, smart light bulbs track your sleep and heart rate, and smart vacuum cleaners recognize objects in your home and map every inch of.
Sometimes, this surveillance is marketed as a feature. For example, some Wi-Fi routers can collect information about where users are at home and even coordinate with other smart devices to detect movement.
Manufacturers usually promise that only automated decision-making systems, not humans, see your data. But this is not always the case. For example, Amazon workers listen to some conversations with Alexa, transcribe and annotate them, before feeding them into automated decision-making systems.
But even limiting access to personal data to automated decision-making systems can have unwanted consequences. Any private data shared over the internet could be vulnerable to hackers anywhere in the world, and few consumer internet-connected devices are very secure.
Understand your vulnerabilities
With some devices, such as smart speakers or cameras, users can turn them off from time to time for privacy. However, even when this is an option, disconnecting the devices from the Internet can severely limit their usefulness. You also don’t have that option when you’re in workspaces, malls or smart cities, so you could be vulnerable even if you don’t have smart devices.
Therefore, as a user, it is important to make an informed decision by understanding the trade-offs between privacy and comfort when purchasing, installing and using an internet-connected device. This is not always easy. Studies have shown, for example, that owners of smart home personal assistants have an incomplete understanding of the data collected by the devices, where the data is stored and who can access it.
Governments around the world have introduced laws to protect privacy and give people more control over their data. Examples are the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Because of this, for example, you can submit a Data Subject Access Request (DSAR) to the organization that collects your data from an internet-connected device. The organizations are required to respond to requests within those jurisdictions within a month explaining what data is collected, how it is used within the organization and whether it is shared with any third parties.
Limit the privacy damage
Regulations are an important step; however, their implementation is likely to take some time to catch up with the ever-increasing population of internet-connected devices. In the meantime, there are things you can do to take advantage of some of the benefits of connecting to the internet without giving away too much personal data.
If you have a smart device, you can take steps to secure it and minimize risks to your privacy. The Federal Trade Commission offers recommendations on how to secure your internet-connected devices. Regularly updating the device’s firmware and going through its settings and disabling any data collection that isn’t relevant to what you want the device to do are two key steps. The Online Trust Alliance provides additional tips and a checklist for consumers to ensure the safe and private use of consumer devices connected to the internet.
If you’re on the fence about buying an internet-connected device, find out what data it captures and what the manufacturer’s data management policies are from independent sources like Mozilla Privacy Not Included. By using this information, you can choose a version of the smart device you want from a manufacturer that takes the privacy of its users seriously.
[Over 150,000 readers rely on The Conversation’s newsletters to understand the world. Sign up today.]
Last but not least, you can pause and consider whether or not you really want all your devices to be smart. For example, are you willing to give information about yourself to be able to verbally command your coffee machine to make coffee for you?
Roberto Yus, Assistant Professor of Computer Science, University of Maryland, Baltimore County and Primal Pappachan, Postdoctoral Scholar in Computer Science, Penn State
This article from The Conversation is republished under a Creative Commons license. Read the original article.