Following on from my initial thoughts on home automation, I wanted to look at the privacy and security implications of smart homes and Internet of Things.  With surveillance in our towns and cities on the rise, our homes (and cars) are fast becoming the last private spaces left.

Privacy

XKCD comic showing a character triggering Amazon's Alexa to order a large quantity of creamed corn.
XKCD comic 1807 showing a character triggering Amazon's Alexa to order a large quantity of creamed corn.

Theoretically, smart speakers such as Amazon's Alexa, always listen but don't always hear what you say.  That's an important distinction - the device has to always listen in order to detect the trigger word ("Alexa" by default) but speech not preceded by the trigger word should be automatically discarded.  

In practice this isn't always the case - take for example the occasion the Google Assistant on your phone suddenly pipes up with information "found in a search" when you didn't say "Hey Google".  Often when that's happened to me there's been no trigger or wake word used and I looked at my history to find some examples.

Firstly, let's take a look at a correct example.  For this I said "OK Google, what is the average road speed in the United Kingdom?".  Assistant on my phone correctly responded and in the history we can see "started by hotword":

Google history showing the activity was triggered by "hotword".
Google history showing the activity was triggered by "hotword".

I can also understand why sometimes the Assistant would be accidentally triggered, like when I'm talking about Google itself.  In the example below I was talking about how Google had changed their APIs, but the only word used was "Google" and not the full "OK Google" or "Hey Google" wake words.  Nonetheless, the log shows the Assistant was "started by hotword":

History entry for an accidental trigger, started by "hotword".
History entry for an accidental trigger, started by "hotword".

Those first two examples make sense because they at least contained the word "Google".  This last one doesn't though:

History entry that does not show a trigger at all.
History entry that does not show a trigger at all.

In this final example I was in conversation with a friend about an activity I'd run.  The Assistant believes I said "me and told there for the whole evening" although the recording clearly shows I said "me and Todd".  Ignoring the dictation error, the important thing was there was no trigger word used and the history entry confirms that - there's no indication as to why it was started.

Looking at the data in my account, there's recordings going back to 2015.  Most of them are correctly invoked cases of the Assistant, but not all.  It's interesting that this data is kept for so long too.

Law enforcement is taking an interest in recordings made by our digital assistants too, with Amazon being asked to provide recordings to be used as evidence in a murder case.  A high ranking Google employee also revealed that he discloses the presence of smart speakers to guests - maybe etiquette will change so we start dispalying signs in our homes.

Position & behaviour tracking

Another concern is around presence detection.  Take my friend's smart thermostat with the geofencing.  The thermostat knows when they're home (or at least nearby) so the company could build a behaviour pattern.  That might not sound too bad until there's a data breach allowing someone to download your history including your address and enough data to determine that your house is empty 09:00 - 17:00.  Fairly predictable except the data also shows the house remains empty until 21:00 every Tuesday.

Another possibility is that your energy supplier purchases the smart thermostat company and can target you with advertising.  The energy company knows you always turn the heating on from October (*sigh*) so bombards you with adverts in mid September for new deals.

Security issues

Internet of Things devices have been fraught with security concerns, from wormable Philips Hue light bulbs to smart speakers eavesdropping on conversations.  Much of the issue seems to come from devices being rushed to market quickly and cheaply, resulting in poor or no security being implemented.  The adage of "you can have it quickly, cheaply or secured - choose two" is nicely reinforced by IoT.

The first thing to do is to change any default credentials for the device wherever possible.  Even if the device password looks randomly generated it's important to consider that manufacturer password lists can be leaked, compromising all of the devices.  Change the password if you can.

Another consideration is whether the device actually needs Internet access itself.  This varies by device, how it's controlled and your use case.  To give an example, I have a security camera at home that watches my back gate.  I have no plans to view this footage externally (and if I needed to I'd just use a VPN into the house) so the camera is unable to reach the Internet [1].

One of my concerns has been around the security of my accounts - I don't want someone coming into my home and getting a device to read them my email!  It would appear this is being resolved too.  While at my sister's recently she asked her husband to help her remember to give their son baby vitamin suplements.  We were stood at the kitchen at the time, where a Google Home smart speaker was present, so I simply said "OK Google, set reminder to give baby vitamins at 08:00 tomorrow".  Its reply?  Something along the lines of "I don't recognise you, please retrain your voice in the Google Home app".

Conclusions

Ultimately it's a trade off between the convenience of smart devices / Internet of Things and your privacy and security.  For me, there's certainly a convenience that I appreciate behind my smartphone's Assistant but I'd rather something in my home was home-made.  Problem is there's also a trade off between time and convenience, so I probably haven't the time to build something.

At the moment I don't have any IoT or smart speakers at home (besides my smart phone) but it's something I'm certainly considering.


Banner image: A hastily cobbled together image of a house and some privacy type graphics.  Probably demonstrates I shouldn't be a graphic designer!

[1] A combination of an invalid default gateway and firewall rules preventing outgoing traffic.