By Praveen Kannan and Anna Strokolyst The Hotspot Shield team believes the internet should be open and secure …
Our lives are increasingly connected to the internet: from our thermostats to our doorbells, to our security cameras to our vacuums, to our refrigerators and our virtual assistants like Alexa. These devices are recording data every second—data we’ve never had to think about before.
But how is that data being used? Are, for instance, government agencies seeking that data to spy on you? And are the makers of these devices handing it over?
These are all questions we, as users, need answering. But, according to TechCrunch, the companies being asked are not willing to tell you.
There’s a document called a Transparency Report that’s imperative for companies who handle user data. That report declares how many demands or requests a company gets from the government to hand over that data, including requests which arrive with subpoenas and warrants. It’s an important document to publish because it legally proves whether a company is using your personal data against you.
For instance, we at Hotspot Shield publish an annual Transparency Report (which you can read here). It states every request, every subpoena, every warrant—and most importantly, what we did about it.
For us, we do not store any identifiable user data whatsoever, so even if a government comes knocking, we have nothing to hand over—so the number of times we’ve cooperated with governments seeking our users’ data is precisely zero. And we never will.
Our Transparency Report is a legal way for us to prove that.
As a consumer that is trusting us with their privacy, that’s an important thing to have. We’re not just asking you to trust us that your data is safe, we’re legally proving it with a Transparency Report.
Surely smart home tech makers should do the same?
At the end of the day, our IoT devices know what temperature our house is set to; when we leave in the morning; when we come home; what we say to our family around the dinner table; who we invite into our home; what car was parked on our driveway; what room we’re in at what time of the day; whether we’re walking in the hallway in our underpants, and so on.
This data is especially useful for law enforcement. Police have used an Amazon Echo to solve a murder, and Nest’s surveillance footage helped convince gang members to plead guilty to identity theft. A Fitbit’s data was even used to charge a 90-year old man with murdering his stepdaughter.
I know what you’re thinking: “If I’m not a bad guy, why should I care? I have nothing to hide.”
The problem, however, is that while you might have nothing to hide, this info in the wrong hands can be used against you. Smart home devices are especially vulnerable to hacking, and it goes without saying that you don’t want a hacker to be able to access your interior security camera or your smart doorlock.
It’s also your private information, and online privacy is a basic human right. Plus, it’s easy to confuse ‘secrecy’ with ‘privacy’. You may not have secrets, but it’s highly unlikely you’d let a complete stranger read your personal emails or texts, right? So privacy is important.
It is, therefore, crucial to know what the makers of these devices are doing with your data—and more specifically, who they’re sharing it with.
Most smart home tech makers do not publish a Transparency Report, and many do not even respond to comments about how their data is shared as it relates to governments. Nest, for instance, is practically the only IoT company with a Transparency Report, but it’s woefully vague.
Google won’t talk about its Google Home product’s data; Apple has no Transparency Report, although it does say that its HomePod’s data can’t be traced back to an individual user anyway.
The long and the short of it is this: With an estimated 20 billion smart home devices on the market by 2020, we have no idea if these products will be used for government surveillance. And regardless of your stance on surveillance, users have a right to know.
In our industry, only a handful of VPN companies—Hotspot Shield, Cisco, and Avast—published Transparency Reports. And, according to those reports as verified by independent security auditor AV-Test, only Hotspot Shield refused to hand over any user data to government agencies.
Will companies in the smart home industry follow suit and share what they’re doing with your data? Only time will tell. For now, just be aware that your devices could, in theory, be used by the government to spy on you. Whether that’s something you’re comfortable with is an entirely different story.