Last Christmas, I bought a smartwatch;
But that data you say, you gave it away?
This year, to save me from tears
I'm going to have to actually read this privacy notice, aren't I?
Against all odds, we made it to another holiday season, and perhaps more so than any other year, it's a cause for celebration. This cursed year we've called 2020 has been nothing short of an aggressively malicious lump of coal, and by getting to the holidays, we are one day closer to better times ahead.
It may be a challenge this year, but it is still important we try to get ourselves in the holiday spirit as best we can, and how better to do so than the exchange of material possessions? Communicate with friends and family, you say? Yeah, I guess so, George Bailey. You are the "richest man in town" after all.
Even with the pandemic interrupting the traditional holiday experience, gifts will still be given. Surely among these packages will be plenty of internet-connected technology goodies. In fact, it's a good bet to assume any piece of technology is part of the Internet of Things, as there are an estimated 50 billion IoT devices currently in existence.
It's also safe to wager there are varying levels of privacy and security protections among those IoT devices. How could there not be? We are talking about 50 billion with a capital B. If every single IoT device had impeccable privacy and security controls, I imagine we would be living in something resembling a utopian society. (People keep telling me I'm being "hyperbolic," but I refuse to admit when I'm wrong so I've made the conscious decision to ignore their feedback.)
So when you are shopping for tech gifts to get your loved ones this holiday season and into the new year, it might be wise to do a little research to make sure the devices you buy are safe. Luckily, Mozilla has planted its flag in the ground with its annual "*privacy not included" gift guide, which examines how tech on the market handles privacy and security.
Now there are a lot of devices within this guide that wouldn't surprise you. Mozilla analyzes everything from wearables and smart speakers to video game consoles and tablets. What's truly interesting are the gadgets that wouldn't be traditional sources of privacy-adjacent anxiety. Some of the items on Mozilla's guide highlight just how ubiquitous the Internet of Things has truly become and how these oddball appliances need to be vetted with the same level of scrutiny as a smart doorbell or a security camera.
Take the ikuddle Auto-Pack Litter Box. This strange device connects to an app on your phone. Once your cat performs its bodily duties, it will scoop up the business into a plastic bag 30 minutes after the deed is done, or you can press a button on your phone, and it will do it immediately. As Mozilla notes, though, there is no privacy notice to speak of on the company's website, and it requires users to enter their email address and birthdate while also accessing the camera and phone's location.
That sure sounds like a big wavering red flag, doesn't it? It seems irresponsible to produce a product that requires sensitive data and not tell your customers where it is going or how it will be used, especially at a time when one-third of consumers would Dogness iPet Robot. This time there was a privacy notice, but it only applied to the company's website, not the device itself. The Wickedbone Interactive Gaming Toy For Dogs fared a bit better. It doesn't sell customers' personal information, but Mozilla could not determine if it used encryption and noted users complained about the device needing access to location data.
(Here's another bit of free advice: If any of these devices seem necessary to anyone, that person should not own a pet. Signed, Ebenezer Scrooge.)
Pet toys aren't the only weird gadgets failing to pass muster. The Moleskine Smart Writing Set doesn't have a privacy notice for its device, which seems to be a dicey proposition for a gadget that one would use to potentially write down very important information, and Mozilla wonders out loud why a smart coffeemaker would need access to a phone's microphone, camera and location information.
All of this goes to show you can never take your eye off the ball when interacting with the Internet of Things, but perhaps the road ahead will be an easier one. The U.S. Congress recently passed the Internet of Things Cybersecurity Improvement Act of 2020. True, the law regards government procurement of IoT devices, but, as Thompson Hine's Steven Stransky, CIPP/G, CIPP/US, and Darcy Brosky, CIPP/US, write, the bill has "the potential to create a more uniform IoT security standard across the private sector."
Or perhaps something may come in the form of a more consumer-focused effort to inform the world of IoT pitfalls. Researchers from Carnegie Mellon University
If that makes me a Grinch, I'll be spending 2021 on Mount Crumpit.
Photo by Ben White on Unsplash