Did you know that law enforcement could obtain a search warrant to access the data recorded by a smart device? Perhaps you’ve read about the murder case in Arkansas in which the prosecution sought to get data collected by the defendant’s Amazon Echo smart speaker on the night of the crime. Police also looked at data collected by a smart water meter, which showed a spike on the morning after—a possible indication that the accused, James Bates, had hosed away evidence of the crime.
This example, while extreme, brings up questions of privacy protection: As smart devices proliferate, where should the line be drawn? Amazon, citing privacy concerns, fought the request in the Bates murder case, but this became a moot point when the defense voluntarily agreed to release the recordings. Meanwhile, an advocacy group called Stop Smart Meters! has presented an alternate scenario for the spike in water use, and argued that law enforcement’s use of the data collected—which was obtained without a warrant—represented a direct violation of the Fourth Amendment.
As published in the Cornell Law Review, law professor Andrew Ferguson makes the case for developing a new conceptual framework to keep the Fourth Amendment relevant in the digital age. In his introduction, he reminds us that “billions of sensors will soon collect data from smartphones, smart homes, smart cars, medical devices and an evolving assortment of consumer and commercial products.”
A sobering thought, when you consider the wider implications. Putting the ethics of criminal cases aside, seemingly-innocent devices collect streams of data that you might not even be thinking about. High-end models of the robotic vacuum Roomba, for instance, create maps of your home to help them avoid crashing into your furniture. But, as Cornell robotics professor Guy Hoffman recently told Reuters, that data could also be used by companies like Amazon, Google and Apple to recommend home goods for customers to buy. Of course Roomba’s manufacturer, iRobot, has stated that no data will be shared without customers’ informed consent. But will people read the fine print before clicking “I agree” on the myriad of terms of service contracts that come with nearly every piece of technology they interact with?
Granted, not everyone has a Roomba. But how about a car? As the Wheels column of the New York Times recently put it, “Cars have become listening posts. They can track phone calls and texts, log queries to websites, record what radio stations you listen to....” That data could represent a marketer’s dream, not to mention a desirable source of information for insurers, government agencies and of course automakers.
This is not to say that all of this information is put to questionable uses: as the Times article also points out, for example, turning over your information to live traffic services can save a driver hours of time. Connected car services, such as diagnostics, are also available. And there are even insurance companies that offer discounts in exchange for collected data that paints the picture of a “good driver.”
Still, there is every reason to be very skeptical about the security of your information when it comes to connected devices, which can also be tapped for far more unsettling purposes than mere marketing. With a quick Google search, you can find reports of hacking attacks into just about any smart device you can think of. And recently, WikiLeaks released an enormous volume of what it says are confidential CIA documents revealing an extensive global covert hacking program. This includes tools to access smartphone data; to bypass messaging encryption; and even to turn Samsung smart TVs into wiretaps.
An expression one often hears in conversations about the burgeoning internet of things (IoT) states that “everything that can be connected, will be connected.” Perhaps that same principle applies to “everything that can be collected,” as well.