Smart Homes and Privacy

mother and children playing on ipad
photo by Alexander Dummer

Your computerized car can pinpoint where you are as you drive. Your wireless computer and phone have microphones and cameras that hackers could access. Your smart TV collects data on your viewing habits to better target you with ads. Smart home devices promise convenience, but they also carry the danger of whittling away at our privacy.

In addition to exercising care with connected, wireless devices for health reasons, it’s important to keep privacy considerations in mind when inviting connected devices into your home, as well as when investing in smart-tech companies, and when developing policy (or contacting your Congressional representatives about it).

A 2017 report from the Internet of Things (IoT) Forum asserts that manufacturers should do the following to protect people’s privacy: Only gather data with strong permission from customers. Be transparent about how they collect and use data. Keep explanations clear and simple, rather than vague. Delete data immediately once it’s been used. 

The report also notes that policymakers must get involved in privacy protection. “Relying on market forces alone to embed strong privacy practices in the IoT is a flawed approach,” the report states. 

In 2016, EU regulators created the General Data Protection Regulation (GDPR), to establish standards for data protection for products sold in the EU. US policymakers have been much slower to act. In March of 2015, the Federal Trade Commission (FTC) created a devision to study the links between smart devices and privacy. And this past August, four Senators introduced the bipartisan Internet of Things Cybersecurity Act, which would require devices sold in the US to meet minimum security requirements. It’s not as robust as the GDPR, but it does ensure that devices include some security protections against hackers.

At least 42 states introduced more than 240 bills or resolutions in 2017 related to cybersecurity, including those that would instill mandatory protections from cyberattacks and rules for the disposal of data a company collects. 

As US consumers wait for privacy laws to catch up with smart technology, it’s important to take steps to protect yourself.

At Green America, we advise purchasing “more stuff” only when you need it. Simply put, it saves resources and money. Sticking with your older or analog technology has the added benefit of helping to preserve your privacy. 

When you do purchase a smart device, take care to read data-collection notices. If the company doesn’t give you control over whether and how your data is stored or used, think about whether you truly need that device. Turn off functions you don’t need that are connected to the internet. Use strong passwords for your router and all devices, taking care to create a unique password for each one. (A password tracking program like LastPass can help you keep track of them.)

Also, don’t use smart devices that come with a default, hard-coded password. Experts note that those are exceedingly simple for hackers to attack. Instead, look for devices that have at least a two-factor authentication process. What that means is that in addition to requesting a password, you’ll need to provide a security key or a one-time code received via text or e-mail to access them. A thumbprint or eye scan works, too.  

You can also look for the TRUSTe mark. Companies with this independent certification may display the mark on their devices, showing that they meet strong standards for privacy protection, transparency, accountability, and customer choice in the collection and use of personal information.

From Green American Magazine Issue