Sensorized smart devices + cloud services = privacy problems?





This week saw the launch of the Apple Watch, one more product in a growing number of “smart” sensor rich devices that promise to make life easier and better by monitoring user behaviour. Will the Apple Watch be a game changer among these devices? Technologically, the only really new sensor included in the watch that wasn’t already in smart phones appears to be the LED based heart rate sensor, which for some reason is receiving relatively little attention in the popular tech magazines. The Apple marketing machine, however, may prove to be a game changer in terms of popularity of such devices. What might the consequences be if wearable, sensorized, tech truly does become the next big consumer trend?

From the perspective of CaSMa, we are primarily concerned with potential consequences relating to data ethics, the digital rights of citizens and the balance of trust/power between service users and service providers (data controllers). We are therefore mostly interested in questions like: How will the data from such devices be managed? Who will have control over the capture, transmission and processing of data from wearable devices? How will the rights to privacy be protected, not only for the wearer of such devices but also for people in their surroundings?

Thinking of “smart” devices with pervasive monitoring functions that made headlines recently rapidly brings to mind the Samsung smart TV controversy, which involved comparisons to Orwellian “Telescreens” due to statements in the privacy policy to the effect that customers should “be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”

This association is especially strong since the Apple Watch also appears to transmit its data out to third-party service providers via the HealthKit, though we have yet to see that privacy policy that Apple is going to use. While such statements, and more important the actions revealed by them, immediately raise red flags concerning the principle of “respect for the privacy and dignity of people”, it can be valuable to pause for a moment and take a closer look at the real underlying source of the privacy concerns. The key section that raises alarm in the privacy policy we quoted above is the statement that “data [will be] captured and transmitted to a third party”. Note that the primary word of concern in this statement is “transmitted” and not “third party”. Who exactly is being given the ability to spy on people, Samsung or a third party, makes a fairly insignificant difference compared to the privacy invasion perpetrated by the data transmission itself. It also doesn’t significantly alter the chances of having the data intercepted or stolen. If the TV would simply monitor and process all conversations in a built-in circuit that is securely isolated to prevent the information from being transmitted beyond the device itself, there would be no cause for alarm; especially if the information is never stored anywhere. It should be noted that the approach that was chosen by Samsung for the voice recognition is essentially exactly the same procedure that is used for Siri and Google Now. So why did Samsung, and Apple and Google, choose a “cloud based” solution for their voice recognition feature? For phone apps like Siri and Google Now it might be argue that the use of cloud services is required due to processing limitations of the mobile devices, though this argument is becoming increasingly unconvincing with the increasing power of mobile processors. A device like a smart TV however could, if necessary, undoubtedly have included a dedicated voice analysis processer. Such a dedicated processor would even have helped to facilitate isolating the voice processing circuit from the smart TV elements that communicate with the internet.

The real reason for using a cloud service, and thus requiring the transmitting of data, is likely to be less technical and more a choice of business model. The question is, does this business model involve data mining of the voice information for further analysis of their customer behaviour? If it is not done now, is this considered as a possible future option?

So what does this tell us about the ethical, privacy and digital rights issues we can expect with the introduction of the Apple Watch and the increasingly pervasive nature of smart sensors in devices carried by people or in owner environment?

Based on the current trends in these technologies we should probably expect many of them to use cloud services of some sort, with large quantities of privacy sensitive data being transmitted over the internet to server farms at distant locations on the globe. Unless this business model is quickly changed in favour of processing within the sensor device, it may only be a matter of time until highly personal data transmitted by such a device is stolen or abused, resulting in some form of harm to the users.

5 thoughts on “Sensorized smart devices + cloud services = privacy problems?”

  1. New EU data regulations in the form of the General Data Protection Regulation (GDPR) will begin to apply in May 2018 and could drastically influence the Internet of Things and how data is collected and protected on IoT devices. The vast majority of IoT devices make use of an extraordinary amount of data while also being some of the easiest to remotely access or infiltrate due to having multiple attack vectors. In response to the swift evolution in both the way data is collected and then used, the GDPR aims to expand on existing regulations as well as improve data handling practices in order to keep up with this ever-changing landscape. From May 2018, any companies that deal with personal data will need to comply with the GDPR, which means assessing what data they have, where they are storing it, how they are using it, and who has access to it. Internet of Things Privacy: What GDPR Means For IoT Data:

Go on, leave us a reply!

This site uses Akismet to reduce spam. Learn how your comment data is processed.