The idea that household appliances need Internet-connected capabilities has always seemed over the top. Take the example of Samsung’s infamous “smart fridge.” Debuted at the 2011 International Consumer Electronics Show, its RF4289 model came with an LCD screen above the ice dispenser that allowed you read the news and send tweets. At the unveiling a Samsung executive explained why they chose those features, and without a hint of irony, he asked, “Are you going to watch YouTube on your refrigerator? … That’s what the TV is for.”
Like many “smart” appliances of the time it was just frivolous extravagance marketed as innovation. But after three years and a $3.2 billion acquisition by Google, the “connected-home” is starting to generate a lot of excitement again. With the success of Nest Labs, hardware entrepreneurs and large corporations alike are dreaming up new plans to blanket your home in sensors.
The products are finally becoming practical. However, before these technologies become mainstream the industry will need to address a major issue: Can they convince consumers that these devices are secure and non-invasive?
Three days after the news about Nest Labs reports emerged that researchers had discovered the first large-scale cyber attack involving the “Internet of things.” In this case, Internet-connected televisions, speakers, routers — and at least one fridge — were used to send hundreds of thousands of malicious e-mails. Like news in the past that U.S. Chamber of Commerce had its thermostat compromised by hackers in China, or that a Forbes editor was able to hack into the home automation systems of complete strangers, the attack served as yet another reminder that there are consequences to bringing computer vulnerabilities into every corner of the physical world.
Cyber-security expert Bruce Schneier thinks we have reached a crisis point with embedded systems. He wrote, “The industries producing these devices are even less capable of fixing the problem than the PC and software industries were.” Many of these products simply aren’t designed with security in mind, and many of the companies involved aren’t ready to acknowledge the scope of the problem. A couple in Texas who recently had their Internet-connected baby monitor hacked had to complain to the media before the manufacturer would take the vulnerability seriously enough.
To their credit, it seems that some in the industry are finally taking these problems more seriously; there are several corporate efforts underway to address these issues. But the real turning point could be the competitive pressure added by Google joining the fray. The technology giant can shift the focus of a conversation like few others can. Google can apply their security team’s talent and scale in a way that companies like Comcast CMCSA +0.5% or Honeywell are just not able to.
For some entrepreneurs in the field Google’s entrance is a welcome development. Divya Sornaraja is the founder of Pith Inc; her company has recently developed an add-on for chairs that helps people to improve their posture by gathering information about how they are sitting and alerting them when they are at risk of back pain. When they’re on, her devices take in a continuous stream of sensor data, even though only a small subset of it is needed for analysis.
Although security challenges have not become a major issue yet, she is trying to be responsible by getting ahead of the problem and being direct with users about what information is collected. She explained, “we definitely would want to do more about it, but given a startup’s bandwidth, we are doing all within our potential to give the best privacy for our users.” If Google were to set standards and take the lead, it could give her team guidance on how to handle these issues. Most people are just curious about how her product works — but she’s being asked more frequently about whether the device can reveal to a boss or anyone else when somebody was sitting at their desk.
Regulation protecting consumers may be productive down the line but right now it is far too early for that. The industry should take the lead in empowering their users. Entrepreneur Limor Fried laid out a sensible proposal in The New York Times for an Internet of things “bill of rights” centered around openness, data ownership, privacy, and being able to delete the information these devices collect. If the industry can credibly establish trust, we can see if these devices will really live up to the potential of making our homes safer and more efficient.