“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of voice recognition.” 

This is not the start of a work of dystopian fiction, although it certainly sounds like it could be. Instead, this is a clause tucked away in the terms and conditions for Samsung’s Smart TV range; or, at least, it was until it surfaced online and invoked the wrath of the commentariat. The resulting furore forced the company to guarantee that its technology would not be used to listen into and record every conversation that takes place in our living rooms.

For the Internet of Things and — by extension — connected home systems, data protection is a fundamental consideration. While the heady wild west days of the early adopters are now behind it, companies still often offer little in the way of a coherent strategy for assuring the privacy and security of the user when it comes to IoT technology.

This is a significant problem, as it is not just basic demographics and activity that can be monitored by the myriad of smart devices on the market. Sensitive information such as personal habits, individuals’ moods, medical information, personality traits and stress levels are all measurable to a greater or lesser degree using smart technology. Being able to recognise all of this is precisely why these units are so useful — but it also means there is significant scope for misuse should this data fall into the wrong hands.


A triple threat to your privacy


The obvious hazard that comes with living alongside IoT-connected devices is that the technology provider has access to your personal data. While these units will primarily track and analyse data vital to the operation of the application — a fitness tracker, for example will likely monitor activity, location and heart rate to provide accurate measurements — some items will process and store data that might not be relevant to the function of the device. This behaviour is particularly prevalent in ‘always-listening’ voice-activated technology, or in smart meters that operate constantly in the background.

Whether necessary or not, the data that is held about you is exceptionally valuable. If identifiable data is sold to a third party, it could be used for the purpose of deciding whether to extend credit, dictate insurance premiums or even influence an employment decision. Handing over data without explicit agreement as to how it will be used means losing control over which companies are able to access sensitive personal information.

The third danger is external: the more connected devices there are in the home, the more potential entry-points there are for hackers to exploit. There are several examples of customer data being leaked by devices due to security flaws and unencrypted data being sent across the internet. James Clapper, the US Director of National Intelligence, has openly stated: “In the future, intelligence services might use the [Internet of Things] for identification, surveillance, monitoring, location tracking and targeting for recruitment, or to gain access to networks or user credentials.”


What is being done about it?


Much like with the advent of the internet, companies and governments have taken a while to fully understand the scope of the threat and take steps to prevent it from happening. However, some progress is belatedly being made. In the USA, the Federal Trade Commission has introduced a set of non-binding guidance that puts the onus on companies to deliver transparency, while the European Union is bringing in the General Data Protection Regulation (GDPR) which stipulates strict financial penalties for businesses that fail to comply with its rules for data use.

There is evidence that many companies are beginning to see the need to come clean about data use and what they are doing to prevent it. Fitbit, for example, provides clear examples at the top of its privacy policy as to how it uses the data it receives. When it comes to device security, several groups and academics are actively examining web-connected devices to identify weaknesses; one such project from Princeton University identified that Nest thermostats were revealing identifiable details about device location, a flaw which the Google-owned company quickly rectified.


How can I protect my home?


In much the same way that a homeowner can proactively protect themselves and their family while using the internet, there are several things that can be done to ensure their privacy in the home. Consumers should expect a certain level of transparency about IoT companies’ data-gathering habits — if their policy is not clearly made available and explicit permission is not sought for the gathering of data that is non-specific to the application, then it is inadvisable to integrate that product into a connected home.

As most, if not all, smart devices will need to communicate via the building’s Wi-Fi, efforts should be made to limit unauthorised access to your network. There are many basic steps that can be taken to do this, while cybersecurity experts will be able to advise on best practice when it comes to ensuring that all devices within a network are able to function properly while keeping your home as safe as it can possibly be.

Much like with physical security, there is no system that is 100% impenetrable: everything, to a greater or lesser degree, represents a risk. Yet privacy and security concerns are not insurmountable; paying attention to detail and seeking expert advice if needed can make sure that your home benefits from all of the advantages that a smart home can bring, as well as offering peace of mind to you and yours.