Look to Design, Not Laws, to Protect Privacy in the Surveillance Age

Screen-Shot-2020-01-30-at-3.40.06-PM
26 May 2020

Raullen Chai is the co-founder of IoTeX, a Silicon Valley company building the Internet of Trusted Things with blockchain-powered smart devices that protect privacy.

Cameras, thermostats, virtual assistants and other smart devices are being installed in our homes at a blistering rate – in 2020, a new smart bulb will be installed in the world every second. Even traditionally “dumb” devices such as beds, mirrors and toilets are now being equipped with WiFi and powerful sensors to make them “smart.” Today, the average American owns eight of these smart devices, which communicate  back and forth with their owner. But if our devices can talk to us about the status of our homes, who else are they talking to?

Tech giants such as Amazon and Google have a history of abusing our digital data and are now penetrating our physical homes and neighborhoods, making it more important than ever to safeguard our data and identities. These tech giants are on a spending spree, acquiring companies like Ring, Nest and Fitbit giving them an inside look at our homes and bodies. With millions of Ring cameras and Echo speakers watching and listening to us 24/7 in our homes, our data and privacy are in jeopardy.

The COVID-19 pandemic has only heightened the need to ensure people can choose how their data is used. In their zeal to slow the virus’ spread, governments and corporations have too often jumped to centralized solutions without considering the impact on our privacy. They’re doing so through apps that hope to track the spread of the virus using everything from Bluetooth signals to location tracking. We may be willing to temporarily sacrifice our privacy to battle the virus, but how do we return to a pre-pandemic state? 

Reactive regulations simply cannot guarantee our privacy.

It’s difficult to rein in relaxed policy and laws once they become normalized, much less consumer technology. Facebook is still a part of billions of people’s lives despite its privacy and data violations, for example. Tech giants are the gatekeepers of our data and the more of it we give up, the more powerful their control over not just what ads we see but the “connections” we are shown, the content we’re suggested and the ways they can shift user behavior. 

Data privacy regulations have begun emerging in recent years, but these reactive measures simply cannot guarantee our privacy. We must proactively build and adopt new technologies with “privacy by design” to reach a human-centered future.

“Privacy by design” is the principle that privacy is a “must have” from the initial design stage of every smart device. By building these devices to protect our data, even if a bad actor oversteps the law, we can shift away from heavily relying on regulation as one of the few means of protecting our privacy. In the future, our privacy will be guaranteed at the technological level, which may sound like science fiction but it’s not. New technologies rooted in trust, such as blockchain and secure hardware, are reaching critical milestones that make them ready for broad-based adoption. 

Even now, while we have to accept certain restrictions and give up certain civil liberties to save lives during this pandemic, we can fight the health crisis without sacrificing our privacy. The solution lies in technology’s ability to offer data sovereignty that facilitates individuals choosing what data they are willing to share with whom and for how long.

Personal and physical

Digital hacks such as identity theft are bad enough. But when the theft or re-selling of data affects the behavior of physical devices, the results can be irrevocable for the victim. Unlike our virtual selves, our physical selves have no “reset” button when a hacker takes control of an autonomous vehicle zooming down the highway. A data leak is not just your Spotify playlists, it’s security camera footage revealing when you leave your house every morning. A password breach is not just exposing the keys to your email, it’s handing over the keys to your smart home. When it comes to the devices we place in our homes, we must be extremely vigilant. When hacking gets physical and knocks us down, there is no safety net to catch our fall.

See also: Citizen App’s New Contact Tracing Feature Raises Privacy Red Flags

The steady growth of the Internet of Things (IoT) also represents an expansion of attack vectors for hackers. Research from SAM Seamless Network found that home security cameras account for 47% of IoT devices compromised by hackers. Smart hubs and network-attached storage (NAS), which commonly connect to other IoT devices, are the second and third most vulnerable devices, accounting for 15% and 12% of global device hacks, respectively. Rounding out the list of vulnerable devices are household staples like printers and TVs. 

The sensitivity of data generated by our smart homes compels us to treat our physical devices differently than our digital apps. If a picture is worth a thousand words, then a recorded video or conversation is worth a thousand keystrokes to hackers. Powering our smart homes with trusted, decentralized technologies can not only allow us to keep our data away from centralized tech giants but makes us captains of our own data destinies.

Not your data, not your privacy

The creep of surveillance capitalism into our homes and neighborhoods is threatening the fundamental right to freedom and privacy for individuals, as well as for society as a whole.

Just look at what Google knows about us today: what we browse (Chrome), whom we email (Gmail), where we travel (Maps), what we watch (YouTube), what we read (News), what we buy (Pay) – and this is just a subset of Google’s vast suite of products. Tech giants have already spied or purchased their way into almost every data type imaginable. Now they are coming for the last two pieces of the puzzle, our home and health data. Based on tech giants’ past actions in the digital world, we cannot expect them to kindly ask us to opt-in and share our data. After all, privacy is the single largest existential threat to surveillance capitalists.

New consumer data privacy regulations – most notably the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the U.S. –have sparked much needed discussion around “who has my data and what are they doing with it?” However, in practice GDPR and CCPA function more as lengthy operational frameworks that allow us to inquire, complain and seek financial damages from corporations that abuse our data. This does not prevent the abuse in the first place. We need to flip the whole paradigm. After all, shouldn’t we own our own data by default? 

Data ownership provides us the freedom to choose whether to keep our data fully private, share it with others or authorize its use by corporations. This is antithetical to today’s centralized models, which operate as data dictatorships, where citizens must ask corporations to delete, transfer, or do anything else with their data. Flipping the model does not mean the services corporations offer today or even the monetization of our data cannot continue. It just means we, the people, will have the ultimate say regarding how our data is used.

Over the past decade we have gradually been coaxed into being complacent with Big Tech holding, manipulating and selling our private data. The only way to reverse this trend is to build and adopt trusted products that protect our data, identity and privacy by default, especially those we put in our homes. The next 10 years will define whether the digital era is owned and controlled by institutions or by the people.

Which side are you on?