Do you have a smart device in your home? You’re definitely not alone if you do. According to projections in October 2018 by the International Data Corporation (IDC), smart home device shipments in 2018 were expected to number 644 million worldwide. This number is expected to nearly double by 2022. While smart devices can be found for nearly every room in the house, currently the most popular are video entertainment (smart TVs), smart speakers, and home monitoring/security. (https://www.idc.com/getdoc.jsp?containerId=prUS44361618)
Smart TVs connect to the internet for streaming video and web browsing. They typically don’t record audio or video. However, smart speakers like Amazon’s Echo, Google’s Home speaker, and Apple’s HomePod do. As do home security devices like Ring and SimpliSafe, which come with video recording devices that can be pointed anywhere you choose. These devices can be profoundly useful. Who doesn’t want to see who is ringing their doorbell, especially when they’re not home? Checking the weather or traffic when you’re in a hurry getting ready in the morning, just by asking Alexa, is a valuable time-saving service.
What are we giving up in return for these benefits? According to an NPR and Edison Research 2017 survey of consumers who do not own a smart speaker, 41% worry about hackers, and 36% have concerns that the devices are always listening, in other words their privacy. Are their concerns valid? Amazon, Google, and Apple are notoriously tight-lipped and opaque about their recording/storage protocols. Amazon and Google both provide a way to access and delete all your recordings. But do consumers trust that the recordings on that list are all Amazon has? Or that only the user has access to them?
In December of 2018, a user in Germany attempting to access his own recordings realized he had access to 1,700 recordings from another user. Amazon blamed “human error,” an “isolated incident,” and vowed to have “taken steps to further improve [their] processes.”
In another incident earlier in 2018, a couple’s conversation at home was recorded by their Echo, attached to an email, and sent to someone on their contacts list. Amazon explained that the device thought it heard its wake word, and then mistakenly thought it heard a command to record and email the conversation to a name in the user’s contacts list. (both reported here https://www.washingtonpost.com/technology/2018/12/20/amazon-alexa-user-receives-audio-recordings-stranger-through-human-error/?noredirect=on&utm_term=.5c45093a28e7)
Our personal information, discussed at home, is not the only thing we have to consider. Smart devices are showing up in the workplace more often, by way of videoconferencing equipment, and home devices that employees bring into the office. How much confidential business information is shared in range of those machines? Similarly, what are your employees discussing about work near their smart devices at home? These devices add a new layer to data security that needs to be considered and addressed in your security plan. They present challenges not faced before, but the benefits to productivity might be worth the effort to address the risks.