Fashion Innovation

More Connected Devices Means More Data Therefore More Risks


Consumers tend not to read privacy policies. While this is not something new, a recent PEW Research survey showed that more than half of Americans don’t even know what a privacy policy really is. Many consumers cite the length of privacy policies as a reason for not being informed, but few realise the implications that could result from this negligence.
So how much do people really understand about what it is that they’re giving up when they buy a Wearable or Internet connected device? Take, for instance, “smart” TVs. These televisions take home entertainment to the next level, giving owners not just amazing visuals, but also the ability to use things like voice recognition to change the channel or turn up the volume. This seems like a revolution for those of us that seem to always be misplacing the remote, but there is a downside to being able to talk to your TV.
We dug into one popular manufacturers privacy policy and we were shocked at what we discovered. According to the Samsung Smart TV Addendum in their privacy policy, Samsung may send your voice data “to a third-party service that converts speech to text”. This seems innocuous enough, after all, we are accustom to applications using our historical preferences to serve up more relevant ads and information. However, Samsung’s policy goes on to read, “please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”
Wait a minute. I am fine with Samsung knowing that I spent the weekend catching up on Homeland, but capturing personal conversations that I have in the comfort of my living room??! This is a true invasion of our most intimate spaces and cannot be tolerated!
While it may seem I’m picking on Samsung, I actually applaud them for being so plain spoken (I bet they pick a sneakier law firm for their next EULA). Most of the other electronics companies make their privacy policies so complicated you need a lawyer to make sense of it. And time is another factor dissuading consumers from being informed. The average privacy policy takes 10 minutes to read and if we correlate that with the fact that the average American encounters nearly 1,500 of these policies per year…
Many of us are okay with releasing some of our private habits to our technology provider; after all it is much better to be served advertisements for things we actually want. But having our personal conversations analysed by connected devices so that corporations know about our most intimate affairs is going too far. Imagine that you are discussing your upcoming surgery over a meal and you turn on your TV to be greeted with an ad for life insurance.
Samsung is transmitting your data through pretty normal means, the Internet, either wired or wireless, protected by your ISP. But “connected devices” are becoming a norm and many of these are designed to go with you. As such, battery life is a concern. To address that, manufacturers are relying on newer protocols for connected devices such as Bluetooth LE (low energy) and ZigBee. In turn, these protocols create a personal area network (PAN), which is allows each person to use a mobile device as a networking hub. What you end up with is a lot of data transmitting across a lot of connected devices using a lot of different protocols and lots of opportunity for that data to be intercepted.

The World Economic Forum released its Global Risk Report which states that IoT hacking is ‘very likely’ and points out that today’s Internet infrastructure was simply not created to handle this kind of flood of connected devices. CES2015 also reinforced this sentiment, with Edith Ramirez warning that attackers could “access and misuse personal information collected and transmitted by connected devices”.
While Smart TV’s have access to a fairly safe means of transmission via wifi or hard-wired ethernet, the market for IoT and connected devices is growing by the day. These connected devices have equally loose privacy policies and are constantly sharing data between connected devices and apps; all of this activity is putting data at risk for exploit.
Another example of this data dragnet is Uber, the car service that has made transportation a socially connected service. No more hailing a cab, now you simply request an Uber driver from your phone. Uber made the news late last year for it’s questionable data collection. While, sure, it needs your geolocation to send a car, it also take the opportunity to look at your contacts, your geolocation history, what apps you have installed – even your neighbour’s wifi information. The list is endless and has nothing to do with a car service. It is clear that data is a secondary business for Uber. And, looking at their privacy policy – that you agree to in order to use the service – they are able to share it. This means your data is drifting around the Internet to third parties that that may “perform other administrative services”. Whatever that means.
For more and more, data analytics is big business. But, this is your data that is flying around out there that ultimately stops between your service provider and whatever third, fourth, or fifth parties their sending it to.
Make sure you read your privacy policies. It will be up to each of us to determine what we’re willing to give up in the name of modern convenience.

Your email address will not be published. Required fields are marked *