It’s no secret that when it comes to the ethics of the Internet of Things, there can certainly be a dark side. While home automation offers the convenience of remote smart home control, the benefits of automatic energy savings, and advanced security or property, its weakness is the one thing that enables it all to exist: the internet. While the “Internet of Things” has taken over with a generally positive reaction, there still exists the possibility for security issues, privacy concerns, and safety problems.
Take the Amazon Echo for example. While the popular voice assistant and speaker has grown tremendously popular, it hasn’t been met without concers that the device is “constantly listening” to you. Although the device only activates when it’s wake word “Alexa” is said, anything said afterwards as part of a command is send to the Amazon cloud for processing, where it remains on the user’s Amazon account until manual deletion. For some customers, this alone turned them away from purchasing an Echo unit.
Most recently in the news, it was revealed through government leaks that the CIA had been participating in personal device hacking, such as on civilian smart phones and computers. While the Amazon Echo wasn’t a device explicitly mentioned in the leaks, one Echo user took matters into their own hands by asking the device, “Are you connected to the CIA?” When no reply was made by Alexa (most likely due to a lack of a programming an answer to this on Amazon’s part), the user concluded that the Echo was connected to the government agency.
While Amazon responded by updating the Alexa to provide the answer, “No, I’m not employed by them. I work for Amazon,” this raises the question of the general possibility of hacking the device to activate its microphone, or retrieve cloud-stored voice recordings. This might be akin to the concern of hacking into a laptop webcam when a user is unaware, which has prompted many to place tape over their cameras when not in use.
The connection between government and devices like the Echo has also been debated when it comes to crime. In December of 2016, police arrived at at a home to discover a dead body in the home’s backyard. Upon investigation, they discovered that an Amazon Echo was present at the scene, (with the possibility of recorded audio as evidence), and immediately seized it, later demanding that Amazon allow them to search it. Amazon refused, citing that it would not release customer information without a proper legal reason. This case isn’t too far off from the FBI’s pressure on Apple to unlock the iPhones of the two terrorists attackers at San Bernardino, CA. Most, if not all modern customer grade electronics are manufactured by private companies, so the political debate continues as to whether law enforcement should have access to data from internet connected devices as a means of evidence.
Outside of government, there have been reported issues of home security in the past related to voice control services. Last year, a user on reddit posted a story about how his neighbor unlocked his front door by shouting “Hey Siri, open the front door” through the window to an iPad acting as a smart home hub. A connected lock instantly followed the command and unlocked the front door. Apple responded to this by recommending a passcode requirement for this type of command, but many users may not think to enable this as an option.
As much as diving into the Internet of Things has been a fun, exciting, and gratifying experiences, I’ve kept security in mind as I expand my own system. In the past I’ve experienced situations in which my smart lights were flickering on and off beyond what seemed like a glitch, prompting me to quickly change my passwords to rule out a hack as a potential threat. While I don’t have any devices that could cause more harm (such as a smart lock, thermostat, or even toaster), stories of security breaches have only reemphasized the need to take security seriously with Internet connected devices at home or in general.
