• 5. Dezember 2015 12:12
  • Sendung vom 05.12.2015, Topic
  • » Kommentieren

Smart home, dumb people?

Wenn die Technik die Privatsphäre erodiert


Popup | MP3-Download | Player einbinden

Es ist kalt – und das Heizungsthermostat streikt. Es weihnachtet – und Onkel und Schwägerin fordern die Wunschliste ein. Kurz: Das Smarthome hat Hochsaison. Nachdem der “mitdenkende” Kühlschrank jahrelang als das neue Ding durch die Medien geschleift wurde, sieht es so aus, als ob das intelligente Zuhause in diesem Jahr tatsächlich seinem Durchbruch feiern konnte. Mittlerweile sind es eben nicht mehr nur die early adopter, die sich ein ferngesteuertes Heizdeckchen im Hasenstall installieren.

Was alles geht hat sich Jochen Dreier vom Internet-Unternehmers Stephan Noller und dem Datenjournalisten Marco Maas zeigen lassen: Mittels Videochat gaben sie ihm eine Führung durch ihre “Sensorenresidenzen”.

Bei aller Begeisterung für die technischen Möglichkeiten: Immer wieder fallen im Gespräch mit den beiden Smarthome-Bewohnern Begriffe wie fragwürdig, bedenklich und gruselig.

Ist es in Ordnung, wenn das Türschloss den Eltern mitteilt, wann die Tochter nach Hause gekommen ist? Und wem verrät es außerdem intime Details? Über die Frage, in wie weit Technik unsere Privatsphäre erodiert, sprechen wir mit dem Critical Engineer und Künstler Julian Oliver.

Das ganze Gespräch gibt es hier zum Nachhören (auf Englisch):

 

Transkript:

 

Christian Grasse: Do you plan anything like “Cyborg Unplug” for the Internet of Things or Smart Homes?

 

Julian Oliver: Yes, well Cyborg Unplug has been in continuous development since last time we spoke. However, what has changed is the landscape of devices that represent a threat to people has also changed throughout. We are now seeing quite a problem in Airbnb communities, whereby people staying at other people’s apartments are finding dropcams and some of the wirelessly enabled cameras being used against them without their knowing.

This has presented quite an interesting new position for Cyborg Unplug as a travellers’ security device. I have since added a lot of other cameras that actually usually known for home security and the like. I had to add to those to the list so that people can at least sweep and scan for them, even if they don’t decide to actually disconnect them.

 

What’s your opinion about smart homes, in general? Will those technologies improve our lives, or are they a first sign of a dystopian post privacy future?

x—held by private people that they have never met, used for all sorts of purposes that they

I think it presents certainly a great deal of whole new challenges for privacy, if we do take privacy seriously. But simultaneously we have to ask ourselves: which kind of smart home do we want to have? Do you want to have a dumb home, or do you really want to have a smart home? The idea that—which is very much a Silicon Valley idea—‘connectedness is always good’ needs to be held in suspicion. We need to ask ourselves: What are we connecting to and why—so we could have a smart home, for instance, that hosts the would-be-cloud in the home itself. There is no reason why we cannot actually serve from home. There could be smart home products, which allow for the data to be stored actually physically at the site. And their person can connect to that home server when they are abroad, if they like, and keep an eye on their home or whatever—activate or deactivate certain features in their home. There is no need for it to all be stored on private property outside of a jurisdiction in which that person pays tax—held by private people that they have never met, used for all sorts of purposes that they have no idea about. The idea that the cloud is a necessary partner—in crime, you might ask—in the smart home industry, needs to be held in suspicion too.

 

 

You say there is actually no need of cloud-services all the time – why is it so attractive anyway?

Well the cloud is purely a fixture of convenience. The idea is that one need not actually store the data locally. One need not necessary take care of it. It is taken care of by someone else, somewhere else. But people don’t think of the somewhere and someone else. When we think of cloud, which is a very patronising children’s book image in itself, we think of this thing that belongs to everyone.

It is up there; it is ethereal; it belongs to another country; it is de-territorialised you could say. But, in fact, what a cloud service is that it is someone else’s computer. So we need to ask ourselves: What are we connecting to, why, and what are we putting onto other people’s computers?

The cloud is attractive in its simplification, but it is not necessarily the convenience that we always think it is. In fact, sometimes it is convenience with quite a significant cost. That cost is not communicated.

What is that cost?

Well, for one thing, the data that is being collected is by no means your data. You see a representation of that data. You might see a distillation of that data almost like a boiled down dehydrated version of it. But, you don’t necessarily know what the black boxes in your home are actually collecting. You might see a representation of your power usage and the different light fixtures that you have used, and the toaster that you turned on, and the oven that you turned on and when.

But there could be a tremendous amount of other information being collected. Microphones could be activated or deactivated without you knowing. We have already seen endless scandals of that sort over the years. More so, that data could be being cross-correlated with your appearance and other contexts—where there are other devices owned by the same companies to chart your movements.

It could be in of interest in an insurance company or potentially to an employer or future employer that would like to have an idea about where you are based, and your movements and pay a premium for that access. Medical information could be freely shared as a company is bought and sold. All that stuff happens in the background. We have no access to it or any updates, status updates, if you like, as to those changes.

 

Chancelor Merkel recently described data as a important resource in the 21 century and warned about a predominance of privacy that could harm the industry. What’s your thought on that?

Well to say that data is a resource is instantaneously a generalisation and a dangerous simplification. To say that data is a resource is to liken data to water or air, which is to say that your data is the same as the air, or in the air, or like water, and therefore it belongs to everyone. But in fact, your data doesn’t belong to everyone. But to position data that way…

If someone is to walk up to you on street and ask you your name, you would have every right to tell them to piss off, as we say in New Zealand to tell them to go away. If they were to ask where you were born, your mother’s maiden name, your age, similarly you would feel affronted. You would say: No way do I have to tell you that information. But that is your data.

But when we think about data in the electronic sense, in the digital sense, somehow we forget that it is connected: here we match two people. People hold onto that data. As this cypherpunk’s manifesto, so beautifully put in 1993: Privacy is the power to selectively reveal ourselves to the world. We chose what we give and when, for reasons that we keep for ourselves.

It is an important function in society as we know it—even in our family relationships and relationships with friends—there are things that we will say to some that we will not say to others: We choose. But to generalise data, talk about data belonging to the world like a resource, is to undermine precisely the same things that we enjoy and had enjoyed for centuries.

There is very much a war on privacy at the moment, but this is a war predominantly happening in the communications’ space. Privacy already exists. Privacy predominates already. Privacy is something that we built societies around and with—and human relationships around and with as long as we have had societies.

To say that now that privacy represents a threat, then I would say that the industries that she is talking is about are then a threat. Because we would want to think that we were developing progressively (that is a difficult word: progressively)—that we were developing intelligently and respectfully, as we are adding new industries and economies and ways of communicating here forward.

But to say that industry is threatened by privacy advocates and tolls on utilities, is certainly quite suspect. I would go so far as to say that there is a long history of state powers taking an interest in data collection: since the census we have had that—one of the very early forms of a database. This is something to consider this kind of comment. It is part of a much older history data collection: who is doing what and where: know your populace; know your people.

 

How should devices and services look like, how couldthey be designed or engineeres, to ensure an balance between convenience and security/privacy?

I don’t even think that there needs to be a compromise to convenience while maintaining privacy. As I said before, there is nothing to stop us from serving from home. Virtual private network, for instance, implements the means for you to access a device in your home from outside of your home. So, if we think about building devices to answer your questions that better protect and safeguard our basic rights of privacy, we need to think about ownership versus renting.

Many of the devices that we own now, we don’t actually own. We rent. You know that, because if you are to… unlike with your bike, where if you buy your bike and you need to change the tire, the wheel, the chain or the handlebars or something on your bike, you are allowed to do that. You are not breaching the warranty of your bike. There is not a little wall of lawyers between you and that action.

But something like a smart phone and many of the devices in the so-called smart home, they are not actually, not really owned by the purchaser. In fact, they are arguably in many senses closer to a rental relationship.

So with ownership comes control. Therefore the control of that device needs to be handed over to the owner. Things like remote activation by a company across the Atlantic, remotely activating or deactivating devices in the home: no, that is not ownership.

Firmware upgrades without telling the owner, etc. Data collection, where the data that the thing collects is being hosted elsewhere, and the owner of that device—the supposed owner—doesn’t have access to that data will know that is not ownership. So we need to think how we relate to these devices as consumers and how much control we have over them. I would say that would go right down to the ability to inspect the source code, should we need to.

 

Where do you think it all leads to? Looking back, people seem to are useed to loose control – why should their behaviour change?

Why should they change? Well there is such a thing as negative adaptation. Not all adaptation is positive. I do see an increasing willingness to accept things that we certainly would never have accepted ten years ago. It feels like now you could tell people that the state or state interest or agency necessarily must put up a camera in one’s home, in one’s lounge, or bedroom even—to help protect the security of that home.

It feels like now in just a few years you would see people even accepting that. This is something that we would think of as an absurd science fiction premise or this type of premise.

There is also that story of the frog that is put into water, and the water is heating up very, very slowly—and the frog boils in the water, which may or may not be true. I don’t know. In this case, thinking about this problem, I don’t think people will change until there are stories, for instance of a malware attack on 500,000 homes where people are locked in their homes or ovens are turned on remotely by a hacker, where a house is flooded and someone is electrocuted because of a remote activation of a water pipeline or service or something like that.

Or a smart lock—which I cannot believe that there are wifi-enabled smart locks out there, which is absolutely insane. Jammers are cheap. You can buy Wifi-jammers real cheap. We hear stories of, and there is certainly evidence that will suggest that there is a tremendous, almost black market, in the background of the trading of data in-between companies that collected an insurance agents employee service, career agencies, and the like.

I do believe that that is already shaking people’s lives without them knowing it. But again, it will take something relatively scandalous—just as we are already seeing with automobiles: Volkswagen, of course, recently—even quite scary things: attacks on cars that put the pedal to the floor and send the car crashing into whatever is in front of it. It will take things like that before people will actually step back, because ‘convenience trumps’, as we say in English—‘convenience always wins over common sense’.

But those things will happen…

It is inevitable. There is no precedent in history—in the history of digital technology, in the age of the Internet—to suggest that there was ever a condition of unanimous and continuous safety. The more integrated systems that you add to your environment, the more attack factors, the greater that the attack surface actually increases. By adding complexity, you are adding simultaneously vulnerability. If that ownership is not contained within the very walls of what you call your home, then you are letting other people into your home, whether you like it or not.

 

Foto: flickr cc byandy wright

 

 

Kommentieren