Skip to content

Your Snitching Gadgets

Your gadgets are spying on you. And not just in the ways you’ve become uncomfortably familiar with, like forking over personal information to the data-mining mill in return for ads for discount florists. A new generation of always-listening devices is now collecting practically whatever they can, to increasingly creepy ends.

The most prominent recent example is Samsung’s SmartTV, whose privacy policy includes the following warning about its voice recognition system: “If your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”

The news of Samsung’s snooping follows similar stories about the likes of LG, whose smart TVs send a raft of information about viewers’ habits back to headquarters. One sophisticated consumer found that his LG set was transmitting clear, unencrypted text back to the company every time he changed the channel. His TV was also harvesting information from USB sticks he plugged in to watch outside media. This data was collected even after he turned off an obscure menu setting called “collection of watching info.”

The danger goes far beyond home appliances. According to a report issued this week by Sen. Edward J. Markey (D-MA), the wireless systems in many new cars are both information-hungry and terribly insecure. Vehicle manufacturers track parking locations, routes taken, diagnostic data, and much else, while frequently working through third-party companies that could parse and sell that information. And with the addition of in-car Internet service—Audi and GM are among the companies offering 4G LTE connectivity in their vehicles—the untrammeled collection of personal data that you’ve been subjected to through your phone and computer can now follow you everywhere.

This kind of data collection is the new industry standard. At the same time, many of the latest devices—especially those digitally connected cars, fridges, baby monitors, and other doo-dads that fall under the Internet of Things umbrella—are built without security in mind. They transmit data unencrypted, use easily guessed default passwords (or none at all), and rarely receive software updates or bug fixes. They are a technologist’s nightmare, and a hacker’s dream.

“Always-on connectivity” makes the situation even more perilous. From Samsung’s SmartTV, to Xbox’s voice recognition system, to the vocal commands that power Google Now and Amazon’s Echo speaker, our devices no longer need to turn off, much less go to sleep. Instead, they enter a kind of resting state where they are still picking up stray bits of information and possible insight, all so that they may be available to zap back to life whenever they’re needed. The Terms of Use for the Echo make no mention of how incidental data collection is managed, but an FAQ does state that Amazon may exchange user information with (un-named) third parties.

Always-on data collection, combined with porous privacy policies and insecure devices, are changing our expectations for security and privacy. What matters now is not just what our devices and apps collect but also why, for whom, when, and how. It may not concern you that your carmaker is collecting location information in order to improve its navigation system. But what if that information is being sold to marketers, who might be curious to learn when you go to your psychologist, or divorce lawyer? Or what if that information is also stored in an unencrypted, hackable system?

As Internet connectivity becomes ubiquitous, there has been little discussion about the extent to which it’s even necessary. Adding 4G to your car or TV is presented as a simple upgrade—an added convenience, should you ever care to use it. There may be a place for always-on, information-rich devices. But without better security, public education, and proper consumer protections, we risk seeding our environments with machines whose utility is far outweighed by the costs of their inevitable leaks.

Even the rosiest vision of ubiquitous connectivity shows how divergent the interests of consumers and marketers are. A recent article in Ad Age fantasizes about the possibilities of what Tom Goodwin, the article’s author, calls “intimate data” drawn from our devices. Whereas advertisers once hoped to target us based on general demographic and consumer information, “the next stage will be about buying people at a moment in time—buying micro-moments to serve hyper-relevant personal ads.”

This “flow advertising,” as Goodwin describes it, would be as seamless and pervasive as the Internet-connected screens that follow us everywhere. Flow advertising would be instantly reactive, even anticipating when consumers need to make decisions. In these micro-moments, an advertiser would appear in order to nudge us toward particular choices and opportunities: “the ads of the future may be promoted routes in our cars, notifications on our smartphones that it’s about to rain and an Uber is close, or money-off codes for holiday resorts when sensors on our smartphones detect we’re getting stressed.”

Horrified by this prophecy? Want to talk about it? Please lean forward and speak clearly into the mic. Your devices are here to listen.