5 holiday gifts that will scare the data out of you …

Thursday, December 20, 2018

’Tis the season for nifty new tech gadgets. Imagine coming home to a robot-cleaned floor, a personal assistant ready for your every command, and a camera that activates for your pets and visitors. You can wear a watch that provides data about your body or send in a swab of saliva to get your genealogy. Oh, the glory of tech!

The Santa list, however, may really be from the Grinch in disguise. Many hot–ticket, high-tech gifts on wish lists this holiday season come loaded with data-gathering technology that is collected and sent back to headquarters. Consider these five holiday gifts that will literally scare the data out of you — and tips for what you can do to protect yourself:

  1. iRobot’s Roomba 980 is a self-cleaning vacuum cleaner that has the brain power to map out a home’s floor plans, while it stealthily vacuums your floors. It operates using a vision localization sensor and a low-resolution camera to search for furniture and other obstructions in your home. Combined with tracking sensors, it maps out the space of your home and relays a Clean Map Report back to a custom mobile app. When connected to the Internet, the map may be relayed back to iRobot or devices such as Amazon and Google to enable voice control. iRobot claims on its FAQ page that it does not currently sell data, but the privacy policy “allows customers to share data with third parties for the customer’s benefit.”

TIP: If you don’t want your Roomba to map out your home, you can opt out of Clean Map Reports on the home app and toggle off the Clean Map Report. If you prefer to delete any data already received, iRobot will delete upon a customer request. As a bonus tip, if you choose to use the Clean Map Report, avoid posting the report on social media; because, if you do, everyone will have a perfect layout of your home.

  1. Amazon’s Alexa and Google Home are table-top digital voice assistants that use speech-recognition technology to listen to your voice and provide instant responses based on input requests. By default, Alexa and Google Home always listen to your conversations, but they do not record until they hear keywords such as “Alexa” or “Hey Google.” After hearing the keywords, the devices begin recording. The assistants can also be linked to thousands of smart home devices that are voice activated, including voice-enabled shopping. All of the requested data is sent back to the device companies, enabling Amazon and Google to understand trends and customer patterns.

TIP: The assistants are linked online via your home network. In addition to enabling firewall protections on your network, create a separate Wi-Fi network for your assistants and your other technology. Choose a keyword that you are unlikely to use in daily conversation, which will prevent the assistant from accidently recording unwanted conversation. Delete your old recordings by logging into your assistant account. You can also toggle a mute button that will prevent the assistant from listening. Users should review the privacy settings and also turn off “shopping,” if that feature is not desired.

  1. The Nanit Sleep System baby monitor, and many other baby and pet monitors, use cameras to record babies, pets, and whatever else enters camera view. The video is relayed to a monitor or phone, connected via a home network. Video monitors are a great way to look at your baby, pet, or activities in your house. The downside is that they are also gateways into your home for hackers who, if in the system, will have full control of your video, audio, and other devices on the network.

TIP: Consider monitors from reputable companies with security features that reduce the risk of outside hacking. Digital monitors are generally more secure than analog devices based on built-in secure coding; but you will want to update the software in the monitor regularly, because the company will provide security patches. Like the voice assistants above, you will want to secure your home network with a strong password and enabling encryption.

  1. Fitbit and other fitness watches and trackers collect personal data about your body and provide real and over time readings of your heart rate, sleeping patterns, step counts, calories burned and other personal data. Fitbit collects that data and provides users summaries of that data on the device and via accounts. Fitbit’s privacy policy provides that it may share non-personal information that is aggregated or de-identified to third parties. In May of 2018, Fitbit partnered with Google’s Cloud Healthcare API in order to “integrate further into the healthcare system,” such as connecting user data with electronic medical records.

TIP: Understand the data that is uploaded to Fitbit and its partners, as well as how that data could be used, by reviewing and understanding Fitbit’s privacy policy. Fitbit offers options to connect to Facebook or Google, which will transfer additional information about you to Fitbit. You can turn off sharing services by removing Fitbit’s access to that data.

  1. 23andMe is a saliva-based DNA kit that provides customers information about their health and ancestry data. At signup, customers may check a box to consent to participate in medical research. In July of 2018, GlaxoSmithKline invested $300 million in 23andMe, claiming the data gathered via DNA tests could provide insights and discover novel drug targets.

TIP: Consent is important with 23andMe. 23andMe offers a range of options related to the use of your DNA. You can opt in or opt out of open sharing, which makes information available to DNA relatives. These are in the Manage Preferences section of your account settings page. Make sure to review the options before checking the boxes. Consider the implications of using your full name as your display name, as well.

New tech devices bring us into a new world of connectivity. As you put together your holiday gift list, examine the data implications associated with the technology, and take steps to protect yourself.

William D. Schultz is an intellectual property attorney at Merchant & Gould’s Minneapolis office whose practice focuses on internet law, District Court litigation, and post-grant proceedings. His background in web development and online business, and as an entrepreneur, gives him a real-world industry perspective when working with clients. Will can be reached at wschultz@merchantgould.com or 612-336-4677. www.merchantgould.com.


View Article on Minnesota Lawyer Here: https://minnlawyer.com/2018/12/20/5-holiday-gifts-that-will-scare-the-data-out-of-you/