How Much Is Smart Home Privacy Worth?
“The telescreen received and transmitted simultaneously. Any sound that Winston made, above the level of a very low whisper, would be picked up by it; moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment.” —George Orwell, 1984
The line, “If you can’t measure it, you can’t manage it,” has become a management cliché.
Likely derived from an utterance from management thinker Peter Drucker, the phrase frequently refers to tracking various elements of business operations. But in this era of surveillance capitalism, often the object being quantified is the individual. A number of corporations want to measure and manage your interests, habits and, ultimately, purchases.
A small army of companies from well-known entities like Facebook and Google to more-obscure ad tech companies and data brokers are collecting and trafficking in consumer data. While that in itself is not a revelation, the ubiquity of smartphones and, increasingly, IoT devices such as smart speakers provide new possibilities for measuring the whims of scores of consumers.
The situation is leading individuals who supported companies that gather such data to revolt. “I’ve become a critic of the very industry to which I devoted my entire life, not because tech is bad; tech is great! But because the culture of a handful of companies — Google, Facebook, Microsoft, Amazon — has gone completely off the rails,” said Roger McNamee, a prominent Silicon Valley investor at McAfee MPOWER in early October.
The fundamental goal of gathering data and using it to support business goals has become toxic, McNamee said. A new philosophy in Silicon Valley has arisen to spur efficiency at all costs. “And the two things [tech firms trafficking in personal data] are going to eliminate most are your personal choice and democracy because those are inherently inefficient things,” McNamee said.
[IoT Security Summit is the conference where you learn to secure the full IoT stack, from cloud to the edge. Visit the website for more information.]
McNamee’s wakeup call came in 2016 when he decided the same tools that make Facebook “the most effective platform ever for advertisers can be used to distort a democratic election.”
Richard Stokes, chief executive officer of the startup Winston Privacy, had a similar awakening while working in the advertising industry. “The ad industry was really fond of saying: ‘Hey, trust us. The data is anonymous. We don’t do anything with it,” Stokes said.
But then he attended a demo in 2017, where several ad tech company employees would walk onto a stage and show off their proficiency in tracking customer data. “The first company [representative] pulled up his own records by name,” Stokes recalled. The resulting data was akin to “the most invasive credit report you could imagine,” he said. It showed that the employee had a penchant for craft brewing, where he banked, how much he earned, his political affiliation, the kind of car he drove, and so forth.
“That was pretty disturbing,” Stokes said.
The second demonstration at the event would be equally unsettling. Opening up with a map of San Francisco, the company showed its ability to track individuals as they went about their day. The company showed an individual who woke up, went to an elementary school, a Starbucks, a yoga studio and so on. “And you can tell this from this one day in the life, this was a mom with young kids,” Stokes said. “Imagine if we have this [kind of data] for almost everybody in the U.S., and we’re trying to get it to within 10 minutes with 10 feet of accuracy. You can imagine having this whole 360-degree X-ray of your life seeing available for anybody who wants to buy it.”
While McNamee’s change of heart has led him to become an outspoken critic of Silicon Valley culture and author of “Zucked: Waking Up to the Facebook Catastrophe,” Stokes decided to investigate the situation and later found a startup to address it. While some involved in the ad tech industry posit that consumers don’t care about privacy, Stokes points to Pew research concluding “would like to do more to protect their privacy.”
While some options designed to protect privacy, such as VPNs and the Tor browser, are not a good fit for the average consumer, Stokes said. So he decided to found a company known as Winston Privacy to create hardware that is compatible with home-based IoT devices while also offering features for web browsing. The company spent about two years designing the tool, which packages various privacy technologies together. “The whole goal of Winston is you plug it into your network, 60 seconds later, it’s going to block almost all [tracking]. And then you can harden your browser with a single simple, integrated browser extension that does the work of Ghostery, Adblock Plus and Privacy Badger all in one,” Stokes said.
When asked how the service preserves smart home functionality while safeguarding privacy, Stokes acknowledged there is something of a balancing act at play. “In terms of what we do, we had to make a choice right between, on one in the spectrum, hardcore privacy concerns and on the other, some people actually do want smart speakers and smart home devices and thermostats and so on,” he said.
Winston Privacy’s strategy is to reinforce the boundary between consensual first-party data collection and non-consensual third-party data collection. “If you bring an [Amazon] Echo into your home, you’re sending data to Amazon, and you’re okay with that,” Stokes said. “But you may not be okay with other companies harvesting the data.”
The details of how smart speaker companies use data is often vague, but Amazon says it does not share voice recordings with third-parties. When a consumer uses a third-party Alexa app, the company says it shares relevant information with that app maker, but not personally identifiable information. Google has a similar policy to preserve privacy. But the company got something of a black eye when a contractor leaked more than 1,000 Google Assistant recordings to the Belgian broadcaster VRT NWS. In a blog post, Google Product Search, Manager David Monsees blamed the breach on the misconduct of a single language reviewer. Apple and Amazon have faced similar embarrassments.
In terms of data sharing from IoT devices with third-party organizations, Stokes points to the smart TV as an example. “There are dozens of apps that are preinstalled on it. They run in the background; they’re all recording. And virtually all of them are phoning home and reporting on what you’re watching, and all of the data that TV can provide,” he said. “So Winston, when it is plugged in, is blocking almost all the telemetry and all the tracking data from your TV while retaining your television’s core functionality.”
While the majority of consumers continue to feel uneasy about the prospects of having systems ranging from web browsers to smart speakers to smart TVs track them, such tracking has become entrenched. “You know how [some people] say: ‘If you’re not the customer, you’re the product’?” McNamee asked at McAfee MPOWER. “In the world of today, the truth is all of us relative to Facebook, Google, Microsoft and Amazon, we’re not a product. We’re the fuel,” he said. “Our data is what drives their profitability. And it’s not because they’re bad people. It’s because there are no rules.”
Winston Privacy aims to address the situation with its device, which has won considerable crowdsourced funding on Kickstarter ($514,669) and Indiegogo ($942,813), in addition to private funding.
The device has a price tag of $249 in addition to a $99 per year subscription fee, although the company could offer a lifetime subscription option as well.
While there are competing products offering similar functionality, most are targeted at a tech-savvy subset of the population and have more fragmented functionality. By contrast, Winston Privacy device bundles together multiple privacy-protecting technologies and is aimed at the broader population.
One of Stoke’s main objectives for Winston Privacy is blocking data from becoming a commodity for sale. “There are thousands of companies that are buying and selling this data. I worked with a lot of them. You cannot control this data once it is out,” he said. “Whenever you have this much data out there on the scale and comprehensiveness, there’s potential for abuse and where there’s a potential for a profit motive, combined with that, it’s going to happen.”