The Future of Digital Spying: Home Edition

Forget about the NSA.

When it comes to tracking your personal information and habits, the refrigerator in your kitchen may soon do a better job than Uncle Sam.

With the rise of the Internet of Things (IoT), the world around us is getting 'smarter,' better connected and feature-rich. This is good news for consumers in a lot of ways; after all, it brings with it far greater convenience, the end of mundane tasks, exciting new possibilities and modes of entertainment. But before we get too giddy about the bright future ahead of us, it might be a good idea to step back for a minute and think about what some of the hidden costs will be.

Such as? In a nutshell, your privacy.

If you think you've got it bad now with phone metadata collection programs and Internet companies scanning the contents of your email, how will you feel when almost every activity within your home, from the contents of your fridge to what you watch on TV and how often you use the bathroom, winds up as data in the server of a company or companies with few restrictions on how it's used?

There's not even a name yet for this new category of highly personal information. So let's call it e-PII - extremely Personally Identifiable Information.

Let's take wearables and fitness apps for starters.

Today, we have laws like HIPAA which are designed to protect patient information - specifically, anything that identifies the patient. Therefore, if you went to a doctor and had her check your pulse, HIPAA regulates how the doctor stores and shares that information. But if a wearable or health/fitness app takes your pulse, the HIPAA rules do not apply. (And, yes, Fitbit is HIPAA compliant, but it didn't have to be - other health/fitness apps and wearables don't have to be either.)

When we consider how much sensitive personal data we're allowing these apps and wearables to gather, from exercise frequency to length/time of run, heart rate, calories burned, sleep patterns, potentially even blood pressure and oxygenation rate (and these are just the known data types they're tracking), the lack of built-in privacy controls should be alarming.

Consider this: in 2015, a report co-authored by a professor of genomics at the Scripps Research Institute found that of the 12 health/fitness mobile apps they reviewed, consumer data was sent to 76 third-party companies. That's just over six companies per app. These findings were confirmed by a separate report by Privacy Rights Clearinghouse, which found that 55% of 43 fitness apps it evaluated shared that data with third-party services.

Most of us still think in 20th century terms when it comes to the devices and products we have today. That is, we still think of them as (a) local and (b) dumb. In our minds, whatever information we are required to enter into them or they happen to gather on us, so what - it doesn't matter. The information won't go anywhere and no one could use it anyway. This mindset clearly overlooks the reality of today's technological environment.

For companies developing these products, the collection and potential marketability of personal information is a key financial driver. Social media companies have really pioneered this business model - after all, why else would Facebook have a market cap of $266 billion (GE's market cap is only 9% higher, even though its total revenue is almost eight times higher than Facebook's), if it wasn't because of the extensive data it collects?

This same model will also start to apply to traditional companies like manufacturers - i.e., the company that sells you your next fridge won't just make money off of the initial sale, it will also keep making money down the road if it can gather helpful data about your habits, preferences and needs.

In 2013, the Financial Times examined how much our personal data is actually worth to advertisers. Not surprisingly, they found that the more intimate the data, the higher the price:

  • Advertisers are willing to pay a mere $0.0005 per person (or $0.50 per 1,000 people) for general information such as age, gender and location
  • However, that number jumps over 300% when you add in something specific the person is known to be shopping for - such as a car or holiday ($0.0021 a person, or $2.11 per 1,000 people)
  • Even better, if you can ascertain something highly personal, like knowing a woman is in her second trimester of pregnancy, or what specific health conditions or medications a person has, that price soars. The pregnant woman's data is now worth $0.11, or $110 per 1,000 people; the person with known medical conditions, $0.26, or $260 per 1,000!

The average home doesn't have a lot of Internet of Things devices yet - but they're coming.

Last year, IDC predicted that the world will have over 29.5 billion of these devices by 2020. And that's just for starters. There are few appliances, electronics and devices today that aren't being configured for Internet connectivity.

Think of all of the potential data points these devices will be able to collect about us. Smart toilets that collect urine samples to analyze health indicators, light bulbs that scan rooms, water heaters that analyze your showering habits, not to mention smart TVs, medical devices, smartphones, WiFi hubs (ever wonder why Google, Apple and Amazon are all so keen on being the access point in your home?) and more.

All it takes for marketers to build a relatively accurate in-depth profile of your life and proclivities is a single zip code. Imagine the power they'll have when they can combine so many entirely new, highly personal data points from the devices in your home. And we're not even considering the potential for extrapolation that will come with the maturation of big data analytics, machine learning, artificial intelligence.

For those who think this type of intimate data collection - while admittedly creepy - is largely unimportant and irrelevant to them, it's important to keep in mind how this data could be used.

To start with, the marketing potential is enormous. In 2013, Facebook partnered with loyalty card companies to track its users' in-store purchases in order to deliver better online ads. Is it that far-fetched that Internet companies would do the same thing with the Internet of Things? For instance, say your smart toilet registers a 55% higher than average flush rate at night. This could be suggestive of prostate trouble, resulting in targeted ads for benign prostatic hyperplasia medications in your web browser, email, TV, and anything else within the home or car that has a screen and runs ads.

But this is actually the least troubling scenario.

What about the possibility that this data could find its way into the hands of insurance companies (health, life, auto, worker's comp)? Or dynamic pricing for the products and services you buy? Employment screens? What about the government?

Even if the company behind the wearable on your wrist goes out of business, the data it collected about you will still live on. Future generations will grow up having their entire lives monitored by various obscure third-party data aggregators and brokers.

It's important for all of us to start thinking about the synergistic potential of the data we're allowing others to collect. Take a single data point like a zip code and you can learn quite a lot about what someone is probably like - take a more intimate detail, like their online shopping habits, and you have an even better idea. Know what they do inside the privacy of their own homes, the state of their physical health, emotional drivers and peccadillos, GPS-tracked movement patterns, online searches and online friends, and combine all of that together - then you've hit the motherload.

Data isn't stagnant, it evolves with us - and it never expires. It's time for us to stop thinking in 20th century terms and realize that with the rise of the Internet of Things, our personal privacy will be put to its greatest test.