After Amazon introduced a drone camera capable of flying around people’s homes recording what’s happening, I felt like it might be time to reprise my concerns about building ethical connected devices and ensuring that people can consent to the data collection and sharing involved when bringing these products into their homes. There are two issues that I’m most worried about.
The first is the idea that companies are collecting reams of data about us that they may not use today, but that might be able to provide new insights about us in the future. The second is that, for those of us who live with other people, they may not realize the information that connected devices can provide about their daily activities and whereabouts. So I’ve created nine rules that product makers should keep in mind if they want to design ethical smart devices.
Before we get to the rules, I want to explain my concerns in a bit more depth. Data collection is a double-edged sword. Many connected devices collect data as a means of understanding how a product is functioning and how people utilize it. In most cases, this understanding is used to make the product better or to offer users new features. One example would be taking heart rate data from a wearable fitness tracker to monitor the onset of COVID-19, or taking the data of users of a particular camera from around the world to offer better image detection.
But it’s one thing for me to agree to share my home’s IP camera data to help improve image detection. It’s quite another if the in-home camera maker tracks how people move around their homes with the device and uses that data to draw conclusions about their health or wellness. And companies are constantly merging. What if the data I’ve shared with the original company can then be used by the purchasing company, whose ideals I don’t agree with, or which worry me?
As to the notion of letting those people we share a home with give meaningful consent, I like to use an example from my own life. I have a smart oven that my husband has connected to an app on his phone. Which means that whenever anyone uses the oven, he gets a notification and an image of what’s in the oven. One morning, on my way out the door to give a talk, I quickly toasted some waffles for the road. A minute later I got a call from my husband asking why I hadn’t left yet and telling me I was going to be late. Until that moment, I hadn’t really considered that him having the oven app on his phone might also let him know what I am or am not doing.
After that, we took pains to tell my daughter about the oven, the doorbell cameras, and all the other smart devices in our house that could provide clues to her behavior even if we weren’t around. Yes, I can turn to an app or a Google display in my home and see if her lights are turned on after her bedtime (though she’s rapidly growing out of a bedtime). I could even set a notification to let me know when her light turns on between certain hours if I wanted to be even more intrusive.
It’s not just her and it’s not just at home, either. I can check the Tesla app and see exactly where my husband is. In fact, I generally use it instead of texting him to see if he’s on his way home yet, and he’s aware that I take advantage of the app for that purpose. However, I have also used it during the holidays to see what store he might be visiting, so I can get a sense of the gifts he might be buying me.
Many connected devices offer similar ways to track people’s behaviors. It’s possible to build a veritable cage of surveillance around the people you live with using these devices. In my house, I tell everyone whenever I bring in a new product, and I explain what it does, what sensors it has, and what information I can see. When new features get added, I let my family know. If they don’t like it, we don’t install the device (or in a review situation, we install it in my office and then take it out.)
Frankly, it’s a lot of work. And my hunch is that most of us don’t take this approach. But as more things are connected and it becomes even easier to monitor someone’s activities, I think it’s both essential and ethical to let people know. Furthermore, I think the companies making these devices have an obligation to think about how the people buying these products can use them to monitor their loved ones and provide safeguards.
Maybe it’s a warning label, or a reminder to buyers to tell their housemates what a device will share. Or maybe it’s a process that can help a domestic violence victim quickly remove access to an account in an emergency situation. I don’t have the sense that we’re thinking of consent either in terms of surveillance or in terms of future data use and analytics, but we should. So without further ado, here is my list of nine rules to help all of us design and build ethical smart devices.
- Provide transparency about your data collection practices
- Provide transparency around the sensors inside the device
- Protect the user’s data through encryption at rest and in motion
- Promote safe data practices with partners
- Develop a clear practice around the use of data after a merger/acquisition
- Develop and explain your data deletion policy and give consumers a chance to delete their data
- Promise users the device will work for X number of years
- Patch devices in the wake of new vulnerabilities
- Push users to ask for consent from others in their environment
I already see a few companies pushing these as norms. For example, when I recently set up a Google device it prompted me to tell my friends and family that their data would be stored in my Google account if they used my Google Home Device without linking their account. It’s a step in the right direction.