Every customer has one – Losing privacy to pernicious smarts

Several months ago, moving into a new home I discovered the central heating system is controlled by ‘smart devices’. To make it work I had to invest in a ‘home hub’, initialise and pair the boiler controller and the smart thermostat to the hub, and install an app on my smart phone to control it. It’s quite good really. I can sit in my comfy chair and if I start feeling a bit chilly I just reach for the phone and crank up the temperature a bit. And when I’ve been out for the day and I’m on the way home I can reach for the phone and turn the heating on so that it’s toasty warm when I arrive.

If I want to, I can invest in smart light bulbs, smart plugs for controlling appliances, water leak detectors and cameras. I can have a whole smart home, catering to my every need. No more coming home to a cold, dark home with water pouring through the kitchen ceiling. No more need to phone ahead to say, “put the kettle on, love”! I can do it all from the comfort of my car seat (not while driving of course, although my assistants Alexa and Siri can probably help with that).

But I forgot to mention: To make it all work I must set up an account with the provider. Why, I enquired?

Well, apparently: “Every customer has one. We store the account holders name, property address username/email, etc.; and if you choose to purchase any additional compatible products it is all linked to your account. The features and benefits of having the account/app can be found on our website.” I looked. It says that using the app “puts my home in my hand” and makes looking after it easy so that I can spend more time doing the things I love. What gobbledegook is that? And no mention of why an account is needed. Oh, well I thought. It’s just my central heating, and it is convenient. Promptly, I forgot about it, except on the one or two occasions since when it seems that I’ve been unable to use the app to control the heating because connection to the provider’s servers seems to have been lost temporarily. So, the luxury of being able to control my heating from anywhere in the World depends on the provider’s servers running – and in fact, on the provider remaining in business! That shouldn’t be necessary. After all, it’s only an IP address of my own I need to connect to my own hub.

Of course, this is all about value-added services, where the provider can charge a monthly fee to monitor things on my behalf – water leaks, or someone entering my property. Nothing new there. We’ve been used to that for years with with the neighbour popping in or alarm monitoring and CCTV surveillance linked back to the control centre of the security company. The difference today though is in the variety and value of the data that smart homes generate. The provider can know everything about how I behave in the home. Quite apart from being able to tell me I heated my home, on average to 18.6°C during December 2017, they would know what time I get up, what time I go to bed, who I go to bed with(!), when I eat, what I eat (out of the smart tins in the smart larder) and more. Combine this with other sources of data about me, my social and business connections and my dealings (on-line, financial, etc.) and it creates information about me of very high value. This would be interesting to all kinds of organisations and people, both good and bad.

The issue is privacy. In the pre-Internet era, we mainly benefitted from privacy by obscurity. It was just too expensive to discover information about individuals for it to be worthwhile for any but the most interesting and important persons. Who is ‘interesting and important’ depends on perspective. Are you a potential customer for expensive cars or watches? Is your spouse having an affair? Are you a ‘person of interest’ to the authorities?

Retail and airline loyalty cards started to change that.  In return for miles, points and upgrades, we were more than willing to hand over details about our travel arrangements, hotel bookings and retail purchases. But this remained somewhat ring-fenced and controllable. We were able to decide for ourselves which loyalty cards we wanted, and by implication which organisations we were happy to trust with data about ourselves. Retailer X has a good reputation. I like their products. Surely, they won’t do anything untoward with my data – except use it to send me promotions or share it with “carefully selected partners” whose products and services may interest me; that sort of thing. For a bit of seemingly innocuous information about my supermarket purchasing habits, I’m able to get cash-back and discount vouchers. Thank you very much.

As retailers, airlines, hotel bookings and more moved on-line to the World Wide Web, it seemed natural that this kind of data collection and promotional offers should move there too. During the noughties we mostly willingly and unwittingly accepted it. Check your air miles and shopping points, receive discount codes and find coupons, etc. We wanted something (everything) for free. To search, to access newspapers / magazines on-line, connecting to friends and family by social media, blogging, tweeting, linking for professional purposes: In most cases, we’re largely unwilling to pay in cash but quite willing to gain access in exchange for pointless adverts, giving out personal details, handing over our entire list of address book contacts, or allowing access to our location / camera / microphone.

Adaptive mobile shopping apps, based on customers’ actions and predicted preferences are used by multiple retailers now to drive up sales through mobile devices. They help customers to “discover and buy more of the products they love”. At the same time, they’re collecting not only more information about your shopping habits but also about your patterns of shopping behaviour. Do you shop on Saturday’s or Sunday’s? In the day or in the evening? Are you likely to rush into The Body Shop if an ad pops on your phone as you walk past a Body Shop store?

Internet banking asks you to hand over more and more personal information – the name of the first school you went to, your mother’s maiden name, your boyfriend’s middle name, your favourite pet, what you want the money for, where you got the money from.  Almost all other financial services providers ask these things as well. Money laundering regulations compel some of this but nevertheless. With open banking, companies other than licensed banks can now gain access to your accounts so they can offer you new products and services. Just as you nonchalantly give your permissions through Facebook to access that crazy cats quiz or that “What will I look like in 20 years” app, so too will this happen with your banking information. They gain access to your patterns of financial behaviour.

Analysis and prediction of social media information can inform ‘those that need to know’ about the way individuals are about to behave; whether they’re about to  commit a hate crime, start a riot or take their own life perhaps. One can argue that these are greater goods made possible by the vast amount of information people reveal about themselves on-line. Conversely of course, individuals often regret unintentionally revealing information about themselves that later comes back to haunt them. At that crucial job interview perhaps? In their marriage?

Shopping – retail behaviour. Banking – financial behaviour. Smart homes – domestic behaviour. Driverless cars – movement behaviour. Telemonitoring for health and social care – health behaviour. The list goes on. Together these sensing systems collect almost everything there is to know about you and you’re unlikely to be able to do anything at all to prevent it. There’s talk of putting the individual in control of their data but really, how realistic is this? All kinds of reasons will be given by companies and organisations as to why it’s necessary to provide the information. Remember my central heating system enquiry? – “Every customer has one …”. Just look at W H Smiths at airports, requiring you to hand over your boarding pass information so they can reclaim the VAT on your purchase. If you don’t hand it over you’re not permitted to buy. “Sorry, we can’t serve you” they will say. The reality is that to gain access to almost any modern-day product or service, people are will increasingly be required to hand over more and more of their personal information. Of course, it’s choice so you have control. But if you choose not to hand over the information you choose to exclude yourself from being able to benefit from the product or service you want. Cutting off noses to spite faces comes to mind.

The big four: Google, Apple, Facebook, Amazon, they’re hoovering up your data but so is everyone else. Not only the data you willingly gave them because you use their services but also the data they gain access to through their group businesses, mergers and acquisitions that you probably haven’t given explicit permission for. When you signed up to create your connected home with Nest, (I’m not with Nest, by the way) you probably weren’t aware that it’s part of Alphabet Group, the Google holding-company; nor that Google recently merged Nest into its main operations. Suddenly, Google could have access to all your smart home data to add to everything else it already knows about you. Nest, Google self-driving cars, Google health, there’s a lot hidden behind that Google mission statement: “Organize the world’s information and make it universally accessible and useful.” Accessible and useful to who? Anyone who’ll pay for it!

And if one’s doing it you can be sure all the others are too. You will have no control. In fact, you probably already have no control.

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s