The 2015 Arkansas murder case that depended on evidence from smart-home devices, made the news again as the judge in the civil case upheld his ruling that James Bates is financially liable for the death of Victor Collins.1 The case against the accused was built on, among other forensics, records from Amazon whose Echo device was installed nearby the scene of Collins’ death, as well as evidence from a so-called smart meter. The smart meter reported inordinate usage of water around the time of death, which led the police to argue that a bloody patio was hosed down.2
A murder investigation is an extreme, but the Internet of Things (IoT) is still a privacy concern for us all, and sometimes a different kind of safety issue. Drive a vehicle connected to internet services? Charlie Miller and Chris Valasek hacked into a Jeep’s infotainment system remotely, and were able to affect the driver’s ability to accelerate, brake and steer.3 And it’s hardly just GM’s problem, self-driving ride-sharing cars’ systems have been hacked recently.
And at work, when products can listen (e.g. smart speakers, computers with microphones and Amazon’s, Google’s and Apple’s devices), you may be opening yourself up to compliance violations, especially if you’re dealing with sensitive information like health records. And some of these products may be as easily hackable as that Jeep seemed to be, so it’s usually best to keep these listening devices away from certain organizations’s discussions.
When we make an IoT purchase or use a service, why not ask, how much convenience is needed? And what is the real cost for that convenience? And remember some of these things, like the Echo and an iPhone, can be shut down or unplugged when not in use.