We’re now in the thick of the holiday season, and connected devices of all kinds will be gifted, opened and set up by consumers around the world this month. The Consumer Technology Association projected that consumer technology sales will top $400 billion by the end of 2019, pointing to gains in connected devices ranging from smartphones and tablets to smartwatches, smart home products, wireless earbuds and in-vehicle technology.
That means the number of connected devices—which hit 22 billion in 2018, according to Strategy Analytics—will climb even higher. And the new owners of those devices—many of whom have concerns about privacy issues related to those products—will have to ensure that their privacy and security are not compromised by either the devices or third-party applications.
“Companies have realized now that privacy is an important part of their brand and their reputation, and of consumer expectations,” said Omer Tene, vp and chief knowledge officer of the International Association of Privacy Professionals. “It’s not just a regulatory issue where you check the boxes and have your lawyer sign off on paper. The world at large will tolerate a lot more from you if you have a good, solid track record.”
A good place to start, on both devices and apps, is the privacy settings, but the most logical path isn’t always the easiest to navigate.
“Companies are not designing and writing the information about their products with the customer in mind,” said Ashley Boyd, vp of advocacy for nonprofit and Firefox browser creator Mozilla. “It’s very difficult for customers to wade through the language and understand what it means for them on an individual level.”
Making voice assistants more secure
Sometimes, those privacy decisions are not in the hands of consumers at all. Amazon found itself under fire in April following reports that thousands of employees worldwide were listening to voice recordings of people using its Alexa voice assistant and Echo smart speakers so that the devices would better respond to the command of their users.
The backlash was swift and, in May, Amazon added the ability to delete those recordings via a voice command to Alexa. However, the only two deletion options are “everything I said today” and “what I just said,” putting the burden on privacy-conscious users to repeat the step on a regular basis.
Amazon spokesperson Samantha Kruse said the company has taken additional steps to make Echo and Alexa devices more secure. Those include “disallowing third-party app installation on the device, automatic software updates, rigorous security reviews, secure software development requirements and encryption of communication between Echo, the Alexa App and Amazon servers,” she said. Echo devices contain buttons that enable people to turn off the microphones, and all information transmitted between the Alexa app and the Alexa cloud, as well as between the Alexa cloud and devices, is authenticated and encrypted, the company emphasized.
“All of these smart apps need a lot of data to become smart,” said Param Vir Singh, professor of business technologies and marketing at Carnegie Mellon University’s Tepper School of Business. “They want to hear what you’re saying. The data needs to be curated by humans. This is the voice of person X, but that has to be labeled by a human before you can build a machine learning algorithm.”
Boyd said she was heartened by efforts from industry leaders like Apple, Google and Amazon to offer centralized privacy centers with comprehensive, detailed information on products, settings and options, as well as adding security steps such as encryption and requiring users to change their passwords.
Tightening up default privacy settings
For the next step, Boyd and Mozilla are advocating that tech companies tighten up their default privacy settings. The default Apple ID setting on Apple devices, Boyd said, enables sharing data with advertisers, and “third-party data sharing with apps” in general “is pretty Wild West-y.” While users can turn off the settings on their own, Mozilla is encouraging the company to turn them off by default. (Apple declined to comment for this story.)
“One of the big things that we are promoting is the idea of having privacy by default,” Boyd said. “[Consumers] don’t have a bunch of time to lock down each device and understand how each app and each device works in detail.”
Singh said, “All of the platforms and smart apps that are out there have opt-out options: By default, you are in, and you have to go and get yourself out of the system. Right now, the world is moving toward opt-in. I think if one company does this, you will suddenly see the rest of the market move forward.”
The most recent versions of the operating systems that power the bulk of connected devices—iOS 13 and Android 10—included more robust controls over the access third-party apps get to information such as location data. But that depends on the device owner taking the time to find and tweak those settings.
Tene, meanwhile, said that “opt-in or opt-out has always been a thought policy discussion. It’s not clear-cut. I think the default should be set where people expect it to be set.”
For example, Tene said, if people see pop-ups, banners or prompts asking them to opt in, they may find the experience to be intrusive or a nuisance. There are also instances where having to ask for opt-ins wouldn’t be constructive, such as apps like Google Maps or Uber having to request location data.
Additional safety practices
Tech companies have other tips to help users secure their new devices once they are out of the box and connected to the web.
Amazon recommends device owners enable two-factor authentication, which requires users to enter a code sent to their mobile phone before logging in, and installing antivirus and antimalware software. Amazon also suggested that people change devices’ options to connect to Wi-Fi to manual, rather than automatic, and set up voice PINs (personal identification numbers) for shopping via Alexa and other actions that may involve sensitive information, such as banking or smart home-related requests. As a simple rule, tech users shouldn’t download software from unverified sources.
For now, much of the onus remains on consumers, and Boyd would like to see more device owners pay closer attention to the options and settings available to them in hopes of having a positive online ecosystem as a whole.
“We have difficulty explaining how one person’s actions may be contributing to the entire system, even if it doesn’t affect them personally,” she said.
How parents can make kids’ new devices safer
Many of those new devices given as holiday gifts will end up in the hands of kids under 18, and Emily Mulder, program director for the nonprofit Family Online Safety Institute, said parents must step in when it comes to navigating privacy settings.
As soon as those new devices are unwrapped, “parents should absolutely be taking advantage of [privacy settings], especially after updating the newest version of an app,” Mulder said. “It’s wise to do regular check-ins on settings to make sure that you’re in control of the audience that is viewing your or your child’s content.”
Mulder continued, “It’s also important to teach kids early about the basics of safety and privacy, as soon as they start getting devices of their own. Early skills like making strong passwords and not sharing them, even among friends, are vital. Much of the online safety guidance for younger kids is similar to what parents might tell them about the real world: Don’t talk to strangers or give out any personal information, like your full name or address.”
As for what their kids install on those devices, “Kids have a lot of different maturity levels when it comes to applications and content, so the best thing parents can do is research an app’s or game’s rating before letting their child use it,” Mulder said. “They should also research to see what kind of features it has (such as chat or in-app purchases) and set rules around whether their child is allowed to use them. Some of the larger, more recognizable social media companies have kids-only versions of their services, which may be more appropriate for kids under the typical user age of 13.”
When it comes to teens, “A good way to approach safety and security is to discuss it in terms of safety and digital reputation,” Mulder said. “Parents might not be able to technically enforce as many rules for older teens, but they can always educate them about making good choices online and off.”