How to Keep the Internet of Things Out of Spooks’ Hands
If the U.S. government plans on using the Internet of things to spy on people, there are still steps companies and consumers can take to stop it.
As part of testimony submitted to the Senate’s Armed Services Committee on Tuesday, James Clapper, the U.S. director of national intelligence, wrote, “In the future, intelligence services might use the (Internet of things) for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”
While this statement, first noticed by The Guardian, won’t exactly come as a shock to civil liberties groups, the average consumer might be surprised to hear the potential privacy threat so boldly stated. Andreas Gal, the CEO and co-founder of Silk, a connected home product that contains a camera with facial recognition capabilities, certainly was.
“I am startled that this statement was so amateurish and this early,” said Gal.” I would have thought they would have done this after (the Internet of things) is more distributed.”
Gal is the former CTO at Mozilla, the maker of the Firefox browser. At Silk he is building a connected device that controls a variety of Wi-Fi connected products and contains a camera with facial recognition capabilities. But unlike many other connected devices, he’s trying to build a product that is also focused on keeping a user’s data secure first and foremost.
Get Data Sheet, Fortune’s technology newsletter.
All of the facial recognition takes place on the device, and any data sent from the device is encrypted before it is sent. The only one with the key for the encrypted stream is the owner of the device. This doesn’t preclude Silk from offering a cloud service, Gal says. It just means that when he sends the data to a cloud, it has to stay encrypted. That way, if it is stolen or hacked, the criminals only get something they can’t see without also having the customer’s physical device. That level of encryption comes at a computing cost, which raises the cost of the end device and precludes Gal from using the user information. But it does prevent casual hacking and surveillance.
“The government can order us to reveal the data, but all we can give them is the encrypted stream,” Gal says. “So that means to get the data the government has a harder path. They must go get the physical device, but that is a different order of magnitude of difficulty and that’s much harder to do in an unnoticed and broad way.”
Gal points out that in that case the government must ask for a specific piece of evidence as opposed to conducting broad surveillance, which is what is new and most upsetting to people. It is that broad access to data that others watching the rise of the Internet of things are most concerned about.
Nuala O’Connor, the president and CEO of the Center for Democracy & Technology, a nonprofit that focuses on individual liberty in a digital world, says Clapper’s remarks are an example of the blurring of the lines between the private sector and the public sector, which she calls the most compelling public policy issue of the decade.
“This is an early warning sign for companies that they need to have really clear policies and technical boundaries and systems in place if they do not intend to be a permanent pipeline of data flowing directly to the government,” O’Connor says.
For more on the Internet of things, watch:
As the former VP of Compliance and Customer Trust at Amazon and the chief privacy leader and senior counsel for Information Governance at GE, O’Connor has worked with companies to create those privacy boundaries and policies. Now she’s trying to educate the government, consumers, and other companies about how the digital world we live in can threaten privacy in places we hold most dear—like our bodies and homes.
In the wake of Clapper’s comments she stresses that consumers are likely to keep buying connected devices, and they should. But they should seek to understand how such devices work. For example, the Amazon Echo, a favorite device that listens for a voice command to execute, is always listening for its “wake word” but it doesn’t store what it hears until it recognizes the wake word. At that point it starts recording and sends everything it hears to Amazon’s cloud.
However, O’Connor stresses that companies shouldn’t put the burden on consumers to read “40 pages of consumer privacy information just to understand how something works” and how their data is protected. Ironically, when I asked Amazon (AMZN) about its privacy features, the spokesman directed me to Amazon’s privacy page, which is somewhat dense and doesn’t actually detail its efforts to protect consumer data against government requests. Meanwhile, Nest was a little bit more direct when asked about Clapper’s statements.
Spokeswoman Ha Thai said in an emailed response to my questions that Nest (GOOG) doesn’t expect Clapper’s statements to affect Nest’s business. And when asked about how Nest acts to preserve privacy she wrote:
Protecting our customers’ information is as important as anything we do, and we have strict policies and technical barriers in place to help prevent unauthorized access to data. We also don’t provide the government with direct or ‘back-door’ access to data—they have to submit a request and they must have legal process (such as a subpoena, court order or search warrant) to do it. When we receive a request, we evaluate it carefully and provide information only within the scope and authority of the request.
SmartThings, which makes a connected home hub and is owned by Samsung, didn’t return requests for comment. Neither did Comcast, which offers a connected home product called Xfinity Home. Amazon didn’t respond to inquiries about Clapper’s comments. August, the maker of a popular smart lock, declined to comment. Wink, which also makes a popular home hub, avoided commenting on Clapper’s comments, and said of its security policies that it conducts “outreach to the ‘white hat’ security researcher community, and regular independent security analysis.”
For consumers who are concerned about their data getting swept up as part of blanket surveillance, the best efforts are probably devices that encrypt your data or avoid putting them in the cloud in the first place. Gal’s Silk device isn’t available yet, but Netatmo does offer a connected security camera that doesn’t upload your video to the cloud. Instead the Welcome camera provides facial recognition and video monitoring on the device or using a personal server a person keeps at home. (It’s kind of like Hillary Clinton’s email.)
If that feels like too much, your next best bet is to try to pressure companies to adopt more transparent and robust security measures for their data. At the minimum those companies should demand warrants before turning over your video streams or sensor logs, but ideally the information will be encrypted. Here’s the hard part. Consumers will have to decide this matters. And vote with their wallets.
Updated: This story was corrected to reflect that O’Connor is with the Center for Democracy & Technology not the Center for Digital Democracy.