HomeKit, Google, Facebook, Privacy and the Internet of Things

June 20, 2014

About a 5 min. read

While there is much that can be said about privacy, security, policy and the Internet of Things (in fact, I’m going to be co-teaching a graduate class at Georgia Tech on this very topic next spring), here I want to focus on one thing:  the invasion of your home and my hope Apple and their partners take privacy seriously.

Internet connected devices that feed continuous information to cloud services are a big deal, in terms of privacy.  Right now, there are little isolated clouds that have access to bits of our information (think Fitbit or Jawbone Up, Loseit or Runkeeper, Cell-tower location, Amazon purchases, and so on).  But these are converging, and very soon will be able to be leveraged to infer unprecedented information about us, information we didn’t even imagine could be collected.  Apple’s HealthKit and Google Fit are going to start consolidating some of this, but most people still feel like that is something they would opt into (or not).

The devices we install in our home are different, because they are not linked to our phone, are not opt-in, and soon it won’t be possible to buy a fridge or thermostat that isn’t “smart”;  our water and electricity usage will soon be monitored as well for billing and to provide “better service.” Researchers at Georgia Tech and the University of Washington (Abowd and Patel, in particular) have already demonstrated this simple information can be used to create an accurate picture of usage of anything that uses water or electricity in the home.   And this, in turn, gives a surprising picture of life in the home.

I will make no secret of the fact that my initial reaction to Google buying Nest last year was to search for a decent alternative to our 3 Nest’s (haven’t found one yet, but the Lyric  looks interesting).  When Facebook bought Moves, I deleted my Moves account and data.  While I use Facebook to keep in touch with relatives and some close friends, I generally do not link other services to it.  I make use of my share of Google services, of course. I use the web and am happy for Google to index the hell out of it;  I’m happy that a search for “Blair MacIntyre” on google.com yields pages and pages of links pointing at my pages, research, interviews, talks and so on.

But I am not happy about giving Google access to this sort of always-on, always-collecting, deeply-personal information about my family and me.  I won’t use Android and I don’t use Chromecast, for similar reasons.  Some say “it’s no big deal, there’s no way to stop this information being collected, it’s not like anything bad can happen”, but I disagree.

Simple put, I’m not willing to hand access to all aspects of my life to companies whose entire business model is based on building an increasingly accurate model of me, and monetizing it.  I’m not naive enough to think Apple is virtuous, but their business is not (yet) centered around monetizing a model of me (rather, it’s centered around locking me into their ecosystem and monetizing me in a much more direct way, though purchase of products and services).   It’s in Apple’s interest for me to trust them, for their ecosystem to be easy to use and tightly integrated, and that is actually reason for hope.

The problem, as I see it, is that all of these connected devices are sending data directly to cloud services.  While convenient (I can turn on the AC at home via the Nest app, yay!), this is a massive data privacy and security problem:  specifically, the data is out of your control as soon as it leaves the house.  What needs to happen is for these Internet of Devices to be connected to personal clouds, preferably in the home, where homeowners have direct and understandable control over what leaves their house.  Right now, this can’t happen because each device is tied to a company who wants to retain control (of you, of the devices, of the services).  But, as the industry matures and consolidates, there is the opportunity for ecosystems to develop that companies need to make their devices work with, rather than going it alone.

And this is why I am hopeful about HomeKit.  Apple is all about low-friction user experiences, and can easily create an environment where companies are incentivized to tie into it’s services instead of developing their own.  There is no reason these services cannot include home gateways (perhaps a future Airport base station, or even a future Apple TV?) that give users the opportunity to control, aggregate, filter or discard their data, as they see fit.  Apple can decide to provide users with guarantees that their data is not shared, that it lives in their iCloud account, and that it will not be looked at without their permission, because Apple doesn’t need that kind of information for their core business:  in fact, their core business can leverage that stance as a reason you should buy into it.

This is also, as you can imagine, why I am not at all excited about the corresponding Google or Facebook ecosystems.

HomeKit, Google, Facebook, Privacy and the Internet of Things - June 20, 2014 - Blair MacIntyre