“Alexa, how secure is my data?”
Smart speakers and other IoT devices are growing in popularity and affordability for consumers, many of whom are now weighing their convenience and novelty against growing data concerns.
New rulings like the European Union’s Revised Payment Services Directive (PSD2) and General Data Protection Regulation (GDPR) are calling for greater transparency and customer interaction from companies, and that call is now reverberating beyond Europe. These directives are exposing just how much data companies really collect through IoT devices — and how easy it is for things to fall into the wrong hands. In one example, Amazon sent more than 1,000 voice recordings to the wrong customer while working to comply with GDPR.
It’s imperative to strike the right balance between data sharing and privacy if customers are to truly engage with IoT devices — at least according to Project Alias designers Tore Knudsen and Bjørn Karmann. In a recent interview with PYMNTS, the pair explained their logic behind creating an IoT-enabled smart speaker that interacts with devices already in users’ homes, and why they want to start a privacy conversation now that data is becoming “the new oil.”
“Privacy is a big reason why we did this, because Alias allows you to block all of the recordings [on the smart speaker] and be sure that it only records when you trigger it,” Karmann said. “So, [it’s] giving [consumers] that control, and feeling of control, into [their] devices.”
Project Alias’ device straddles the privacy and trust divide, Knudsen added, helping customers who have concerns about “putting a microphone into their homes 24/7 … but still want to use voice interaction.”
Data Privacy and the Rise of IoT
Alias is as a “teachable parasite,” according to its creators, and works by speaking to a Google Home or Alexa-enabled offering to prevent smart speakers from listening to what’s happening in the home. That’s similar to being in a crowded café and attempting to listen to a conversation across the room, Karmann said. The code for the solution is open-source and available on GitHub. It aims to create an environment of control for consumers who may feel wary about allowing data-collecting smart speakers into their homes, and was less about preventing said speaker from recording private conversations.
“We took a different approach to it, [so] whether you believe it’s listening or not, we didn’t really care so much about that … Alias was more about the control that you have with these devices,” Karmann said, adding that he and Knudsen are often asked if they believe smart devices are really listening. “We think that products should give you at least the feeling of control on when these things listen or whether they do or not.”
This is especially important as smart speakers and other IoT devices evolve from objects of consumers’ fascination to important parts of their everyday lives, Knudsen noted. Once expensive and limited to one or two companies, the devices are now becoming more affordable and commonplace. Consumers are trying out smart ovens, fridges, fitness bands, IoT sleep aids and health trackers, among other offerings. This makes settling privacy and security questions even more important.
“It’s a very important question to raise right now as IoT products are expanding,” Knudsen said. “We are putting a lot of sensors and devices into our homes that know a lot about us. A microphone in your home that is turned on is a pretty bold thing to do. The control aspect is what we want to bring into this discussion about the future and future devices.”
GDPR and the IoT World
This is especially true in Europe, where device security and data transparency are becoming international conversations thanks to GDPR and PSD2. The former could impact how IoT devices handle data, requiring a new level of data transparency from companies that want to collect it.
“Seeing laws in this area start to take action is also a sign that [data privacy] is something that people are starting to think more and more about,” Knudsen said.
GDPR pertains to how EU citizens’ information can be collected and used worldwide, meaning its data transparency mandates created a global ripple effect. This could largely affect the ways companies and consumers interact and share data with IoT devices. Though consumers may be increasingly concerned about data privacy, they don’t appear to be fully invested in the law itself, Knudsen noted.
“GDPR as an initiative is a really good thing, but my impression is also that most people that are not into technology and privacy in the first place didn’t really notice what it was about,” he said. “[As a consumer,] you just got a bunch of emails from all of your subscriptions saying something updated, and you click ‘OK,’ [but] don’t care.”
GDPR is in its infancy, and its potential effects on data transparency are still unknown. The IoT market is also fairly young, meaning consumers have plenty of time to get used to both new data changes and the devices that connect them, Karmann said.
Data and the Future of IoT
Project Alias’ designers are hoping that the control afforded by their device will help ease consumer concerns over data collection, but the IoT market itself is growing. Much like the smartphone, smart devices are fast becoming a part of daily life, Knudsen pointed out.
“There’s another aspect, which is really how society gets used to these technologies,” Karmann added. “You can see how we’ve taken the phones for granted, [because] they have microphones,” but people are not worried about them the way they are about smart speakers, he observed. “We don’t question these things now, and the next thing will be the home devices. They’ll be the norm, and then another crazier thing will come up, so there’s always going to be this new wave of tech or challenges that we’ll need to figure out. Currently, it’s smart speakers.”
The IoT market’s future depends on consumer trust. Whether that trust will come attached to a white-noise whisperer like Alias, the world will need to wait and see.