The privacy of the smart home has been a point of concern since the concept first came about. Many strides have been made toward keeping the smart home private, particularly with regard to always-listening devices and security cameras. That said, the question must be asked: Is it enough? Smart home technology continues to grow in capability, but in doing so, it gathers ever-more information about the user.
This holds particularly true now that CES 2021 is in the rearview. The previous year was one of increased awareness and focus on personal health, which led to the creation of numerous products that help users stay on top of potential problems.
Two products in particular come to mind: the Wellness Toilet by Toto and the Ettie Smart Video Doorbell. Both of these products collect health information, something that is protected by a slew of various laws and regulations in the mainstream market — but what of the smart home market?
Personal health on the horizon
The Wellness Toilet uses sensors to analyze not only the contents of the toilet but also the user’s skin. It can supposedly measure stress, fitness level, and other bodily conditions. While it is certainly important to know this information — after all, there is a wealth of medical information to be found in fecal matter, no matter how much people prefer to avoid the subject — what dangers does it open the user to?
The Ettie Smart Video Doorbell takes a different approach. It measures the body temperature of visitors when they arrive, warning the homeowner if the person has a fever. It also informs the visitor that their body temperature is abnormally high by flashing a red LED. Again, important health information, particularly at a time when the mere mention of a fever is enough to inspire panic.
If you think HIPAA will protect you, think again. The Health Insurance Portability and Accountability Act applies only to medical professionals and those with access to your personal information — not to devices like the Wellness Toilet or the Ettie Smart Video Doorbell.
Video is one thing, health data is another
Vulnerabilities in your home network might open your smart devices up to unwanted eyes. While it is one thing for a hacker to spy on you through a security camera, it is something else entirely for medical information to become available to anyone with a packet sniffer. In the wrong hands, a person’s medical information can be damaging.
Though it may seem like a bit of a leap, there have been instances in the past that cause these to be valid concerns. A hacker terrorized a family through their security camera. Ring also saw numerous security breaches that caused fear among users. Though many steps have been taken and protections put into place, more are necessary to ensure personal data.
The dangers of compromised health data
The solution lies in encryption, as well as other safety precautions that can be taken. Whether it be an air-gapped system, much more advanced security features, or proprietary technology, the need for security is higher than ever before with health-focused smart technology soon to take over the market. It is one thing for a hacker to look into your home through a security camera, but it is something else entirely for someone to see into your body through health-focused technology.
Think about it: Employers tend to search Google for any stories about potential employees. If you’re applying for a job and your health information is out there, it can disqualify you. Even if the information isn’t particularly damaging, it can sway others’ opinions of you. For instance, if you suffer from a disorder that may make it difficult — but not impossible — for you to do a job, you will drop to the bottom of the list of candidates.
There are other diseases that make people pariahs to the general public. Auto-immune disorders are one example. Regardless of what afflictions you may suffer, it’s not something you want the general public to be aware of, especially if it is leaked and easily found through a Google search.
Ensuring this information isn’t readily available is the bare minimum that companies can do when they have access to your data. Steps can be taken to protect the information, whether through military-grade encryption, restricting access without two-factor authentication, and other security features are all necessary when vital personal information is on the line.