We’re now in the thick of the holiday season, and connected devices of all kinds will be gifted, opened and set up by consumers around the world this month. The Consumer Technology Association projected that consumer technology sales will top $400 billion by the end of 2019, pointing to gains in connected devices ranging from smartphones and tablets to smartwatches, smart home products, wireless earbuds and in-vehicle technology.
That means the number of connected devices—which hit 22 billion in 2018, according to Strategy Analytics—will climb even higher. And the new owners of those devices—many of whom have concerns about privacy issues related to those products—will have to ensure that their privacy and security are not compromised by either the devices or third-party applications.
“Companies have realized now that privacy is an important part of their brand and their reputation, and of consumer expectations,” said Omer Tene, vp and chief knowledge officer of the International Association of Privacy Professionals. “It’s not just a regulatory issue where you check the boxes and have your lawyer sign off on paper. The world at large will tolerate a lot more from you if you have a good, solid track record.”
A good place to start, on both devices and apps, is the privacy settings, but the most logical path isn’t always the easiest to navigate.
“Companies are not designing and writing the information about their products with the customer in mind,” said Ashley Boyd, vp of advocacy for nonprofit and Firefox browser creator Mozilla. “It’s very difficult for customers to wade through the language and understand what it means for them on an individual level.”
Making voice assistants more secure
Sometimes, those privacy decisions are not in the hands of consumers at all. Amazon found itself under fire in April following reports that thousands of employees worldwide were listening to voice recordings of people using its Alexa voice assistant and Echo smart speakers so that the devices would better respond to the command of their users.
The backlash was swift and, in May, Amazon added the ability to delete those recordings via a voice command to Alexa. However, the only two deletion options are “everything I said today” and “what I just said,” putting the burden on privacy-conscious users to repeat the step on a regular basis.
Amazon spokesperson Samantha Kruse said the company has taken additional steps to make Echo and Alexa devices more secure. Those include “disallowing third-party app installation on the device, automatic software updates, rigorous security reviews, secure software development requirements and encryption of communication between Echo, the Alexa App and Amazon servers,” she said. Echo devices contain buttons that enable people to turn off the microphones, and all information transmitted between the Alexa app and the Alexa cloud, as well as between the Alexa cloud and devices, is authenticated and encrypted, the company emphasized.
“All of these smart apps need a lot of data to become smart,” said Param Vir Singh, professor of business technologies and marketing at Carnegie Mellon University’s Tepper School of Business. “They want to hear what you’re saying. The data needs to be curated by humans. This is the voice of person X, but that has to be labeled by a human before you can build a machine learning algorithm.”
Boyd said she was heartened by efforts from industry leaders like Apple, Google and Amazon to offer centralized privacy centers with comprehensive, detailed information on products, settings and options, as well as adding security steps such as encryption and requiring users to change their passwords.
Tightening up default privacy settings
For the next step, Boyd and Mozilla are advocating that tech companies tighten up their default privacy settings. The default Apple ID setting on Apple devices, Boyd said, enables sharing data with advertisers, and “third-party data sharing with apps” in general “is pretty Wild West-y.” While users can turn off the settings on their own, Mozilla is encouraging the company to turn them off by default. (Apple declined to comment for this story.)