With Roomba's new data mapping feature flooding the news, it's worth discussing the implications of the growing smart home ecosystem and its effect on real estate and new homeownership. When a consumer purchases a previously owned home, they are not thinking about the potential security vulnerabilities, privacy implications and consequences of having a third party or hacker take control of the IoT devices that are quickly becoming standard in the modern household.
Putting the slew of potential data security threats of IoT devices aside, prospective homebuyers are not always thinking about putting in place written contracts containing warranties and indemnities in the event a previous owner retains control of the IoT device in the home. Plus, IoT devices are not regularly patched or updated against malware, if such patches are available at all. Even if they were available, the new homeowner may not know to make those updates. To pile on, typically, the original owner of the IoT device is still registered as the owner after a sale, complicating an already potentially dicey situation.
A 2016 survey from the National Association of Realtors indicates that only 15 percent of clients asked about whether homes contained smart appliances and IoT devices, and more than half the potential homebuyers were unfamiliar with the concept of IoT and how they work. Many realtors are also unfamiliar with IoT technology and privacy and security by design concepts.
Consumers tend to demand maximum features and functionality from product manufacturers, while also wanting to pay the cheapest price for the devices. Such devices are often built by offshore companies, which may not have the expertise to make their devices secure. Given this, it is unlikely that the manufacturer will pay much attention to the need for issuing regular malware updates and patches for IoT devices, and it will be even less likely to develop effective ways to deliver such updates and patches to the device. Luckily, the Federal Trade Commission has recognized one potentially helpful tool in locating IoT security vulnerabilities.
Selling houses that contain connected devices and smart appliances can also create unique security and privacy issues. Security cameras, landscape lighting, thermostats and lights can all retain the original owner’s data. Manufacturers are focused on getting their connected devices onto store shelves and into users’ homes without thinking through the need for privacy and security. There is very little awareness about what happens when the connected device is sold.
It’s worth noting, too, that planned product obsolescence is a potential vulnerability. The practice is nothing new and has existed in manufacturing for at least 70 years. The reason some companies embrace the concept is either as a marketing effort to try to migrate the customers to a newer product, or a deliberate design strategy that ensures the product will break and need replacing on a regular basis, ensuring product turnaround and regular profit streams. Anyone who is old enough to have bought home appliances 40 years ago can easily relate to this; modern appliances currently have approximately one-third of the useful life than they used to. Device manufacturers can also “brick” a device, a move that has potentially dire consequences for homeowners, especially after they have been trained to enjoy the convenience and added features of it.
IoT devices are marketed as enabling new solutions and features that did not exist previously and expand consumer freedom and convenience, but unfortunately, they often seem to limit consumer freedom instead. For example, many smart devices are Wi-Fi connected and enabled, which means that if there is an extended power outage or loss of internet connectivity — unless you have kept your non-smart appliances as a backup — you may not be able to enjoy your morning coffee, be able to lock your door manually, or set your thermostat in the “old-fashioned way.”
In short, some manufacturers advertise the features, benefits, ease of use and convenience of the ever-increasing “smart” features on new IoT devices, while rarely acknowledging the problems and downside arising from owning or reselling such products.
Perhaps there’s a void here that can be filled by privacy professionals, who can evangelize the importance of privacy by design, the ethical design and marketing of IoT devices, and the communications necessary to help ensure homeowners don’t become victims of an IoT hack. The end result could be a large swath of happy new homeowners.
photo credit: ♡✌ Kᵉⁿ Lᵃⁿᵉ ✌♡ Real Estate Photography (109 Santee Street, Asheville NC) via photopin (license)
2 Comments
If you want to comment on this post, you need to login.