Your Christmas Present May Be Spying on You
The drawbacks of the latest smart "everything" include data collection.
-- T’was the night after Christmas, when all through the house
Every stripe of device with no need of a mouse
Sent oodles of data to that Cloud in the Air
While their owners slept soundly, with nary a care…
When it comes to gifts from the Internet of Things department, there’s no jolly guy in a white-trimmed red suit with a bag full of presents, no magic reindeer clip-clopping on the roof. In fact, it’s far more likely that you’ll never discern the pitter-pat of digital feet when you connect that IoT gift to your WiFi — whether it belongs to members of a marketing team, cyber thieves or your garden-variety voyeur.
You know what I mean here. I’m talking about the new smart everything: televisions, various household help such as thermostats and water heaters, garage door openers, alarms, lights, medical devices, fitness wearables and baby monitors with many more connected devices coming early and often to a store near you.
You’ve hopefully heard this before with regard to your Facebook account and other social media sites, but it bears repeating: Whenever you are offered something free of charge or for a negligible fee, assume that you are the product. Often you are unwittingly pitching the product to acquaintances who are likely to buy the same thing — this goes for all those products that ask to share information about your new acquisition on social media upon registration — or you are helping the service that you just subscribed to (by purchasing their device) to perfect itself.
More From Credit.com: SPAM in the Fridge: Hackers Target Home Appliances
In a perfect world, this would be…well, perfect. In the real world, IoT is still in the Wild West stage of its evolution. Indeed, smaller companies are rushing IoT products to market in a mad dash to beat bigger brands that have more at stake when it comes to security and therefore roll out new products and services with more deliberation and caution. As a result, you can’t always be so sure that your data is going to be safe. Over the past few years, we’ve learned the hard way that there is no such thing as too safe or secure when it comes to cybercrime, and there are a whole host of organizations out there — both big and small — that are doing a miserable job of protecting you.
Just this year, a fitness wearable sold by Jawbone collected data about users’ sleeping patterns after an earthquake in California and published it. The data was anonymized but still many users protested because they didn’t realize that the product’s privacy policy allowed Jawbone to do that. A similar device called FitBit transmitted information about users’ sex lives. Both information gushers were enabled by untoward privacy policies unread by early adopters and users’ false assumption that these products came with privacy controls set tightly as a default. FitBit stopped tracking sex activity, Forbes reported, while Jawbone said its privacy policy is really clear and the company doesn’t share individual data without consent, Re/Code reported. The rule here should be as follows: Assume you need to set your own long and strong password, and that every shred of your personal information is being passed along to third (and fourth and fifth) parties, and to set your permissions accordingly.
More From Credit.com: Your Webcam Could Be Spying on You… & You Can Stop It
The fact is that few of us know much about the Internet of Things, but that doesn’t stop us from wanting it in our homes and on our bodies. But as we snatch up connectable products with reckless abandon this Christmas season, the number one issue we face is the protection of our privacy and the security of our data.
The market for IoT products is snowballing. There are as many connected devices out there as there are human beings on the planet, and while estimates vary wildly, the lowball projection for 2020 is 25 billion IoT devices (the upper range is double that number). That’s three to six IoT devices per person on the planet.
More From Credit.com: What Is Credit Monitoring?
This year, on Christmas day, a record number of products that connect to the Internet will be turned on and start conversing with the companies that manufactured them. If the lucky owners of this holiday season’s latest crop of IoT products only knew the downside of the seamless convenience promised (but not always delivered) by web-enabled products, they might be as sleepless as every child was on the night before Christmas.
Any opinions expressed in this column are solely those of the author.
Adam Levin is chairman and co-founder of Credit.com and Identity Theft 911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.