People say they care about privacy but buy devices that can spy on them anyway

3

Experts explain why people are giving mixed signals about smart tech.

Many of us are in unhealthy relationships — with tech companies.

The makers of some our most omnipresent technology like Google, Facebook, and Amazon have continually jeopardized user trust by tracking or sharing data they weren’t supposed to, either on purpose or through hacks. And yet, incident after incident, we keep them at the center of our digital lives.

A new smart device survey by Consumers International and the Internet Society highlights this seeming contradiction. Some 63 percent of people find connected devices to be “creepy,” and 75 percent don’t trust the way their data is shared by those devices, according to a survey of people in the United States, Canada, Japan, Australia, France, and the United Kingdom.

That hasn’t stopped them from buying these devices, which through an array of cameras, microphones and other sensors, have intimate access to our lives.

Nearly 70 percent of survey takers said they own one or more connected device, which include smart home appliances, fitness monitors, and gaming consoles. For the study, smart or connected devices were defined broadly as everyday products and devices that can connect to the internet using Wi-Fi or Bluetooth, and include things like Amazon’s Echo speakers, Google’s Nest smart lock, and Furbo’s pet camera/treat dispenser. Mobile phones, tablets, and computers weren’t included.

Indeed, sales of smart devices increased 25 percent last year, according to marketing research firm IDC, and are expected to have double-digit growth for the next four years.

A March study from voice-tech blog Voicebot showed that even those who said they were “very concerned” about the privacy risks posed by smart speakers were only 16 percent less likely to own one than the general public.

“People who say they’re concerned with security will do a lot of very insecure things,” Robert W. Proctor, a professor at Purdue University’s Department of Psychological Sciences, said. “It doesn’t match up very well.”

Even pinning down exactly what bothers people about smart devices is difficult, according to Liz Coll, head of digital change at Consumers International. “People use words like ‘creepy’ or ‘it’s like living in The Matrix,’” she said. “There’s not a shared language of what it feels like to be part of a technological society.”

Still, why would people buy and use devices in the presumed privacy of their homes if they don’t trust them? It’s complicated. Here’s what the experts have to say:

People don’t understand the extent of data smart devices are collecting

The amount of data that smart devices collect is vast, but what exactly they’re collecting varies from one device and terms of service to the next.

Consider an Amazon or Google smart speaker voice assistant. It knows where you’re located, what you buy, as well as your taste in music and movies. It knows when you’re home, what your voice sounds like compared to, say, your roommate’s — and, if you’ve paired it with other smart devices, some of what those devices are sensing. In short, it knows a lot about you.

Ostensibly, these data points are used to make your smart device experience better and more personalized. In the wrong hands, it’s a treasure trove of personal information.

“Most smart home devices give first-party vendors a view into the device’s location, performance, operating state, and the frequency which a user is interacting with it, and in what ways,” according to IDC senior analyst Adam Wright. “For third-parties, it becomes a bit murkier,” he said, referring to, for example, what data voice assistant Alexa (third party, in this case) might know about the smart lightbulb (first party) it’s controlling.

Knowing when you turn on your lights or whether you do so with a switch or through a voice assistant might sound like pretty banal data to give up. But even anonymized data can be used with other troves of available information to figure out other personal details about you. The fear is not only that this information could fall into nefarious hands, but that it might be sold, or shared at all.

“I don’t think most people realize even if you have an independent account where your privacy is pretty well protected that if people get multiple accounts they can figure out who you are,” Proctor said. “But trying to understand and convey that to people gets really complicated.”

Usually, the only way to figure out what these devices see and share is to read their terms of service.

“I find that the terms of service agreements are difficult to wade through/ambiguous most of the time,” Wright, an expert on smart devices, said.

A selection from Facebook’s Supplemental Portal Data Policy

“You have to put in a fair amount of effort to go in and understand it,” Proctor said. “If I can’t understand it and don’t know what the risks are, I’m not going to want to do that.”

Even people who are tech-savvy have a difficult time finding and understanding this information, said Steve Olshansky, internet technology program manager at the Internet Society, a nonprofit that, among other services offers tips on smart device privacy. He gave the example of a technologically well-versed friend who was “tearing her hair out trying to find a baby monitor that was good for security and privacy.”

And that’s in the best-case scenario.

“A lot of people are not tech-savvy. They might not know how to find that information. They may not see the privacy terms until at home. They may not understand the 55-page [terms of service], which is meant to be difficult to read,” Olshansky said.

That’s by design.

By the time you get the device home and set up, people are disinclined to return it, even if they find and comprehend privacy flaws they don’t like.

“If you’re unhappy with what your IOT [internet of things] device is doing, are you going to go back to the shop, read the manual, change the settings, complain to a consumer organization or the government?” Coll said. “Or are you going to say, ‘I’m not quite happy’ but just keep using it.”

The tradeoffs are worth it

“A lot of consumers have just decided it’s the world we live in: ‘If I want the benefit and convenience and features, that’s the price we have to pay,’” Olshansky said. “It’s the same way we make that bargain with social media.”

Whether it’s to conserve energy, monitor a baby, or to make sure your front door is locked, smart devices can have a lot of utility.

“Yes, privacy is a concern, but convenience is king — as too is cost savings,” Wright said. “So for many consumers, the promise of enhanced conveniences and reduction in household costs — i.e., connected thermostats, lights [that] can reduce energy consumption — is a big overriding factor that explains why consumers continue to purchase and use these devices despite the privacy risks.”

Coll had a similar sentiment: “Many of these devices offer convenience, make our lives easier, some are fun — people get value and enjoyment from them,” she said. “Sometimes that trumps privacy.”

Voicebot founder and editor Bret Kinsella thinks the calculation is a bit more thought out.

“I actually think most people are making a rational tradeoff decision,” Kinsella said. “They may have heightened privacy concerns but they understand that the risk is fairly low.”

He added that many people have already made that same tradeoff with their mobile phones, and for good reason: “These things enable features people appreciate,” Kinsella said.

Of course, the tradeoff between consumers and big tech isn’t always fair.

“Google and Apple and Philips [smart lightbulb maker] can benefit more in a relative sense from the data by making millions of dollars more,” Wright said. “But Joe Consumer still gets cheaper services, personalized service, better products, cheaper utility bills, etc.”

Consumers don’t have other options

“If you don’t like it, it’s not always easy to choose an alternative,” Coll said. “Most companies are acting in a similar way,” meaning that whether you pick a Google Home or an Amazon Echo speaker, it will likely collect the same information about you.

The reason for this is what Olshansky refers to as “misaligned incentives.”

“When a security breach happens, a lot of the impacts are born by device owners and wider society,” instead of the device maker, he said.

For example, if a thief is able to access your credit card information by hacking into a smart device, you and your credit card will have to deal with the resulting charges, not the maker of the smart device. Presumably, market forces would punish the smart device company, but that’s only if the market finds out.

That said, a privacy-conscious smart device company would fill a market hole.

“The more consumer IOT there is and the more high-profile hacking and privacy invasions that hit the headlines, there could well be a growing sense of worry,” Coll said. “Companies that are already there [in] thinking how they could be more trustworthy … will be in a leading position.”

“At the moment, no one is standing out in the crowd,” she added.

That hasn’t stopped tech companies — especially those least deserving of consumer trust — from tripping over themselves to declare their privacy bona fides.

We’d be remiss here not to mention Apple, which has long been one of the more privacy-oriented tech companies, an ethos that has stayed constant even as it’s expanded into smart tech.

But, despite its head start with Siri, Apple’s voice assistant has been marred by functionality problems. Its Siri-led smart speaker HomePod has just 2.7 percent of US smart speaker market share, according to a Voicebot study in January. Amazon devices lead with 61 percent market share, followed by Google with 24 percent.

Apple, perhaps due to its commitment to privacy, has also been slow to roll out smart devices compared with its competitors and it’s been very select with whom it partners. The result has been a relatively small selection of Apple smart devices.

Apple’s premium price tag is also a hurdle. HomePod, its sole smart speaker, costs $300. You can get a miniature Google or Amazon smart speaker for $50.

People assume the government will take care of it

“People think: I’m sure there are rules companies have to adhere to,” Coll said. That isn’t necessarily the case. Some 88 percent of people in the Consumers International and Internet Society survey believe that regulators should ensure privacy and security standards; 80 percent said it was the manufacturers’ responsibility; 60 percent put the onus on consumers.

Smart device privacy regulation will take some time — three to five years, Coll estimates — though politicians are becoming more focused on the topic.

Even then, the regulation isn’t certain to be effective.

“With regulators, you’re relying on them to understand what it is they’re trying to regulate,” Olshansky said. “In all fairness, that’s not in their wheelhouse. People working in government agencies don’t fully understand the technology and policy implications.”

Future regulation would likely fall under a number of agencies’ purview, including the FCC, FTC and the Department of Commerce. California last year became the first state to create legislation governing smart devices.

For the most part, we’re currently reliant on companies to police themselves. But the economic incentive to improve privacy and security is cause for some optimism.

“They fear what the implications [of privacy breaches] are or inviting regulatory oversight,” Kinsella said. “Secondly, some of these companies think of it as a competitive differentiator.”

We don’t actually care that much about privacy

People tend to be terrible judges of their own behavior. We tend to behave better in theory than in real life.

“Part of it, I think, is when you give people questionnaires they’re not actually having to do anything — they’re set in a fairly abstract manner,” Proctor said. “It’s easy to say, ‘I’m concerned about security’ or ‘I wouldn’t do this’ but those who are actually in the situation often go ahead and do it.”

Even if we care about privacy, we don’t care enough to do something about it.

Alternatively, some people don’t consider the data these devices may collect — maps of your floors, when you turn on your lights, how warm you keep your house — valuable. Their value lies in the beholder. For Amazon, this trove of information helps them target products and services to users. For criminals, this info could be the key to your home.

Admitting vulnerability is difficult.

“When you unpick it, there’s lots going on. People feel a lack of control, a lack of understanding of who’s in control of what’s going on,” Coll said. “They feel like they should know. They believe there are [privacy] options but they’re not using them.”

And at least so far, most haven’t felt privacy consequences from giving their homes over to smart devices.

Despite widespread fears around privacy, Kinsella said, smart-tech privacy breaches are infrequent, meaning that privacy hasn’t forced its way into becoming a top concern.

“We haven’t seen any wide-scale abuse or issues arising around this,” he said. “If there are widespread privacy violations, someone is doing a great job covering them up.”

But every time we learn of another hack — or that Alexa (or an Amazon employee) is listening when it shouldn’t be — it further erodes public trust.

According to the survey, of those who don’t have connected devices, 28 percent cited a lack of trust in the devices’ privacy or security; 63 percent say they don’t have use for them. As smart devices become more useful and their privacy snafus more numerous, perhaps that sentiment will flip.


Recode and Vox have joined forces to uncover and explain how our digital world is changing — and changing us. Subscribe to Recode podcasts to hear Kara Swisher and Peter Kafka lead the tough conversations the technology industry needs today.