This report was supported in part by a grant from the John D. and Catherine T. MacArthur Foundation.

 EXECUTIVE SUMMARY

  • “Smart home” devices record audio and video in the home—and even collect daily schedules and health details.

  • Once collected, this data is less than a warrant or data breach away from police and hacker access.

  • Across the board, smart home devices have superior, privacy-protecting alternatives that perform the same key functions.

  • The law doesn’t protect smart home users. “Do not buy” is the best advice until it does.

I.              INTRODUCTION

While the marketing will feature cozy holiday cheer, gifting so-called “smart” home devices—internet-connected speakers, thermostats, beds, vacuums, and other home appliances—is a bad idea.

Smart devices are a popular holiday purchase,[1] but bringing this technology into a home enables detailed government and corporate surveillance. A smart vacuum like Roomba will clean your floors, but it wants to case the joint it cleans, demanding a detailed floorplan for optimal performance.[2] For smart speakers, full functionality comes at the cost of bugging your home: Apple demands transcripts of user interactions with its speakers,[3] while Google demands complete audio recordings.[4] Once collected, user data is less than a warrant or data breach away from police, hackers, and other actors who don’t have users’ interests in mind.

This home surveillance is needless and avoidable. Every smart home device reviewed below has a superior, privacy-protecting alternative that performs the same key functions. This guide makes the case for getting smart by embracing “dumb” and opting for superior, privacy-preserving gifts for the home.

 

II.            AVOIDING PREDATORY DATA COLLECTION IN THE HOME

A.    Smart Speakers                                                          

A smart speaker activates when it hears its wake word (“Alexa,” “Hey Google”) and responds to user commands, often recording them.[5] Smart speakers’ abilities vary, but they share common functions: playing music, looking up information and making recommendations, placing phone calls, and controlling compatible household devices, like the lights or TV. Beyond these basic functions, users can install apps onto their smart speakers, enabling actions like shopping by voice.[6]

But data suggests that most people don’t use most of smart speakers’ bells and whistles. The most common use of smart speakers is…drumroll…playing music.[7] Other popular uses include checking the weather, searching silly questions on the internet, and controlling other household devices.[8]

Of course, you don’t need a smart speaker to do any of these things, and for each use case there is a better alternative. For the person who likes music, consider a Bluetooth-enabled speaker.[9] It can stream music from a phone, laptop, or online service. Consumer Reports describes its top-rated Bluetooth speaker as “among the very best speakers we’ve ever tested,” with “real magic” in its midrange.[10] By contrast, its top-rated smart speaker has “boomy” bass, “smeared” treble, and a “hazy” and “nasal” midrange.[11] Why bother?

Likewise, for someone who wants to turn their lights on and off on a schedule, plug-in timers are more user friendly than smart speakers. Plug a timer into the wall, plug a lamp or other device into the timer, and set the desired on/off times. The task is complete without any of the hassle, added expense, or compatibility issues of smart speakers. Many tabletop appliances that people use on a regular schedule, like coffee machines, make automated scheduling even easier with a built-in timer.[12] And for the person who would ask a smart speaker a silly question: a Magic 8 ball?

Just not a smart speaker. Smart speakers bug homes by using voice assistant software to “hear” commands and respond appropriately. Once a voice assistant hears or thinks it hears its wake word, it begins analyzing—and often recording—everything. By default, Apple collects up to six months of transcripts from a user’s conversations with Siri; a map of each user’s relationships constructed from contacts, household members, and people named in photos; and a catalog of users’ interests as conveyed by their apps, podcasts, and music.[13] Some voice assistants let users opt out of transcripts or audio recordings, but at a loss of functionality.[14] For example, users can override Amazon’s default setting and refuse to upload their exchanges with Alexa to the cloud, but then Alexa won’t tailor its responses to users—so much for being helpful.[15]

People who use smart speakers to control lights, thermostats, or other devices according to preprogrammed routines are also effectively sharing their daily schedules with anyone listening or reviewing their usage data. “Siri, turn the lights on at 7:00 AM and turn the heat on at 5:00 PM” implies that you get up at seven and don’t return home until after five. “Hey Google, cancel my scheduled actions and turn down the heat” translates to “it’s vacation time.”[16]

You may wonder who is monitoring this data—is anyone listening? It turns out companies can and do share users’ data with government agencies and other private entities. Voice assistant makers like Apple, Google, and Amazon field thousands of requests from federal and state and local authorities for user data. Google received over 47,000 government requests for U.S. user information over its most recent half-year reporting period and granted 84% of these requests.[17] Apple granted 90% of 7,000 law enforcement requests for user account data in the U.S. over the same period, plus thousands of government requests for other information.[18] Amazon received over 3,500 subpoenas, search warrants, and court orders for U.S. user data over the last 6 month period, not including national security requests, which it omits from reporting.[19]

Voice assistant makers like Apple, Google, and Amazon field thousands of requests from federal and state and local authorities for user data.

Apple,[20] Google,[21] and Amazon[22] have also shared their voice assistants’ audio recordings with private contractors, giving them access to excruciatingly sensitive personal, financial, and health details revealed in voice assistant recordings. An Amazon team in Bucharest, Romania monitors Alexa recordings and has eavesdropped on family rows, financial and health discussions, kids and guests speaking, and even couples having sex.[23] Users regularly trigger Apple’s Siri by accident, allowing Apple contractors to overhear confidential medical and legal conversations.[24]

Smart speakers are also entry points that can give hackers control over households and access to personal information.[25] As one cybersecurity specialist put it, “hacking a virtual assistant in millions of people’s homes is what malicious actors dream of doing.”[26] Hackers can configure smart speakers to eavesdrop on household activity.[27] In one high-profile case, a hacker accessed a smart baby monitor and broadcast threats to kidnap the child.[28] This was not an isolated case: there are other accounts of hackers accessing smart monitors.[29]

By contrast, Bluetooth speakers, plug-in timers, and other non-smart devices don’t double as wiretaps and introduce none of these risks. They can’t be hacked from a distance and don’t collect data for malicious actors to abuse.[30]

B.    Smart Thermostats and Smart Meters

Smart thermostats and meters operate hand in hand with smart speakers. Due to interoperability constraints, smart speakers can only control a home’s heat and air conditioning from a distance with compatible smart thermostats. Smart thermostats collect a record of utility usage including useful heating and cooling patterns and other sensitive information. This data poses a serious risk: it captures home and away routines with great accuracy.[31] Indeed, Immigration and Customs Enforcement (ICE) has pursued undocumented people by identifying their home address through their utility records.[32] In 2020, for example, ICE used utility records to locate a man who had done nothing other than overstay his legal vacation.[33] The data available to ICE through smart meters also enables it to pursue individuals by identifying when they are likely to be home.[34]

Some smart thermostats even offer smartphone applications with a “geofencing mode” to track a user’s location and adjust their heat or air conditioning as they enter and leave their home.[35] This is the same tool that allows police, prosecutors and private parties to identify protestors and people seeking abortions based on the location of their mobile devices.[36] In one case, police used geofencing to gather device-identifying information for every person that attended a Black Lives Matter protest.[37] In another, anti-abortion activists used geofence technology to harass visitors to a reproductive health clinic.[38] With “geofencing mode,” home residents voluntarily subject themselves to this policing technology.

There is a simple, equally useful alternative to smart thermostats. Programmable thermostats can adjust heating or cooling according to users’ preprogrammed demands, helping them save energy and money without broadcasting their daily schedules over the internet.[39] A person can’t use a programmable thermostat to monitor their home from afar, but that’s the point: it’s not a surveillance device, and police can’t coopt it for spying.

Though consumers can and should avoid purchasing smart thermostats, it’s important to know that malicious actors can still access data about their household routines through smart meters. As of 2018, more than 50% of U.S. homes used smart meters to monitor electricity usage and convey that data to utility companies.[40] Cities like NYC also monitor water usage using smart meters.[41] Like smart speakers and smart thermostats, these meters reveal home/away patterns and household routines. These patterns can be incredibly granular, ranging from whether someone likes to shower at night[42] to whether guests are staying in the home.[43] In New York, individual water consumption data will soon be made public by law, making it even easier for police and others to track households’ daily patterns.[44]

C.    Smart Vacuums and Mops

Smart vacuums (and mops) are among the worst offenders in the home surveillance arena: they routinely case the joint that they clean. Smart vacuums operate by mapping a user’s home and using that map to navigate around obstacles while vacuuming.[45] iRobot’s Roomba vacuum stores a comprehensive digital floorplan of the house it cleans so detailed that it knows where the furniture is.[46] iRobot additionally collects a range of sensitive personal data of seemingly no use to a vacuum company, including user demographics, age, whether a household includes children, and what apps users keep on their other smart devices.[47] Amazon recently acquired iRobot, adding home mapping to its already Orwellian tracking of individual Americans’ consumption patterns and daily lives.[48]

There are at least two good alternatives to handing one’s floorplan over to vacuum companies. For less than one-fifth of the price of the top competitor, one can buy a robot vacuum that doesn’t collect data, couldn’t share it with manufacturers if it did, and is one of Consumer Reports’ top-rated robot vacuums.[49] Or, for the price of a robot vacuum, one can buy two or more top-rated traditional vacuums and give a friend the gift of vacuuming in privacy.[50] Households that already have Roombas should configure them to operate offline to avoid sharing home maps with Amazon, a major source of data for law enforcement.[51]

D.   Smart Beds

Smart beds collect a surprising amount of health data. Ordinary adjustable beds allow users to control their mattress’s firmness and positioning. A smart bed like Sleep Number will perform these adjustments automatically and provide reports on supposed sleep quality if, in addition to providing one’s age, height, weight, and gender,[52] one allows the company to collect biometric, respiration, and heart rate data.[53] The company shares user data with third party companies,[54] increasing the risk of a data breach that makes confidential health information publicly available.[55]

And reviewers don’t even give high marks to smart beds. They suggest that a well-chosen traditional mattress can better meet a sleeper’s needs at a lower price.[56] Consumer Reports doesn’t recommend any smart mattresses at all for users not specifically looking for an adjustable bed.[57] Sleepers who want smart beds’ key features—the ability to adjust a bed’s firmness, incline, or temperature—can find the same features in an internet-free bed that doesn’t collect, much less share, data that would be protected by law in any proper medical context.[58] The bottom line: choose a good mattress, not one that collects health information.

Home surveillance companies appear to be lining up to collect and monetize sleep data. Amazon recently introduced a health and sleep tracking alarm clock, just in time for the holiday shopping season.[59] An early reviewer described their disappointment with the product, saying its data quality was questionable, its reports were unhelpful, and a lightbulb on a timer could have woken them up just as well.[60] Again: smart devices have equally effective, non-spying counterparts.

E.    Other Home Goods

Vendors present their “smart” offerings as prestige goods, but in truth, internet-connected devices really feature more breakable parts, invasive data collection, and openings for hackers to cause mayhem.[61] Hackers have spammed email accounts from refrigerators, launched cyberattacks from household devices, and stolen email credentials from smart technology.[62] In 2016, a compromised network that included household devices carried out the largest distributed denial of service attack (a type of cyberattack that disrupts internet service) to that point in history.[63] According to IBM, smart tech attacks rose 500% in 2020, and there were over 900 million cyberattacks involving smart devices in 2021.[64] These incidents are expected to double by 2025.[65]

Vendors present their “smart” offerings as prestige goods, but in truth, internet-connected devices really feature more breakable parts, invasive data collection, and openings for hackers to cause mayhem.

Many low-tech devices clearly outperform their spying and unsecured counterparts. A classic water filter beats a Wi-Fi-connected version: half the price, none of the breakable electronic circuitry.[66] Common drip coffee makers will brew a cup on schedule—just like their “smart” counterparts.[67] One connoisseur’s guide to coffee makers extolls the virtues of drip coffee makers, French presses, pour-over cones, espresso machines…everything, it seems, except smart coffee makers, which receive no mention.[68] It seems to go without saying, but refrigerators don’t need internet connections or voice assistants: they will keep groceries fresh just the same, without the bother of technical difficulties or the cost of extra repairs.[69] One reviewer recommended a washing machine despite its smartness—the machine worked well without features knocked out by its spotty internet connection.[70] Ratings for household gadgets, like countertop ovens,[71] suggest that an internet connection adds “smart” branding and nothing else. Dumb outperforms “smart” any day.

F.    Smart Security Cameras

S.T.O.P. condemns the widespread, growing use of residential surveillance cameras, which are frequently coopted by police to harass Black and Latinx residents.[72] We don’t have a lower-tech recommendation for these surveillance devices, but internet-connected surveillance cameras and video doorbells are the worst of the lot, making police use of civilians’ camera footage especially quick and easy.

Home security cameras generate an unprecedented amount of information of clear interest to law enforcement. A doorbell camera pointed at a household’s door generates a record of every visitor to the home. An indoor security camera can generate the same record, plus a record of what household members or visitors talked about—even when guests have not consented to be recorded. As is the case with voice assistant data, company employees have accessed these recordings without permission,[73] and some companies routinely share recordings with law enforcement.[74] As of 2021, it is estimated that one in ten U.S. police departments have partnerships with Amazon-owned Ring,[75] a group that will soon include the New York City Police Department.[76] Ring’s Neighbors app, which enables users to supply Ring footage to law enforcement, perpetuates unsubstantiated fears of neighborhood crime,[77] at the expense—and safety—of innocent BIPOC people.[78]

Despite advertising and police claims to the contrary, video doorbells open households and BIPOC community members to new forms of harassment. In 2020, 30 people sued Ring after hackers gained control of their doorbells and “scream[ed] obscenities, demand[ed] ransoms, and threaten[ed] murder and sexual assault.[79] In another case, the Los Angeles Police Department asked doorbell camera owners for their footage to identify Black Lives Matter protesters.[80] One news outlet surveyed photos of individuals reported as “suspicious” by video doorbell users and found that most of those individuals were Black.[81] Doorbell footage even invites dangerous vigilantism. In 2022, when a good Samaritan tried to bring a misdelivered box to the right house, the home’s occupant received an alert from his video doorbell, assumed there was an intruder, and grabbed his gun.[82] He opened fire on a bystander sitting in a nearby car, blowing seven shots through the child seat.[83] Everyone survived, by luck, but the danger invited by residential surveillance cameras can’t be overstated.

G.   VPN Routers: Keeping Hackers Out of Smart Homes

For many households, the horse has already left the barn: an estimated 25% of Americans bought “smart home” devices like smart speakers in recent years.[84] For these households, a virtual private network (VPN)-enabled router could be a worthwhile gift.[85] VPNs do two things to make internet activity more private and secure from hackers. First, they mask users’ locations by rerouting internet traffic through a dispersed network.[86] Second, VPNs encrypt internet traffic.[87] Together, these processes make it harder for hackers and other third parties to intercept personal information as it travels across the web.[88]

Many so-called “smart” household devices can’t shield themselves from hackers—but you can defend them from attack by connecting to the internet through a VPN-protected Wi-Fi router.[89] The same VPN router that connects a person’s computer or phone to the internet can protect every device reaching the internet through that router. Protecting your voice assistant-guided visit to BlackLivesMatter.com, the Gay and Lesbian Alliance Against Defamation’s website, or your local temple’s Zoom session can be as simple as using a VPN-secured router.

Using a VPN will mitigate hacking-related risks, but it’s not a complete privacy shield. Some VPNs compile personal and account information and can share them with third parties like government agencies.[90] VPNs also won’t prevent the intended recipient of data from collecting or retransmitting it.[91] Even with a VPN, Roomba can map a home; Sleep Number can compile health information; smart speakers can record audio and information about device use; utility meters can track daily schedules. That’s why we don’t recommend buying or gifting smart devices, even with VPN protection.[92]

 

III.          LEGAL LIMITS ON HOUSEHOLD SURVEILLANCE

U.S. law allows police and prosecutors to access smart device users’ personal data, often with much less than a warrant.

A.    Locally Stored Data is Constitutionally Protected

Under the Fourth Amendment, police and prosecutors usually need a warrant to search a home or a device inside a home.[93] Storing data locally within one’s home rather than on company servers is the safest option for home devices—but that excludes smart products, which by definition broadcast their data over the internet.

B.    The Electronic Communications Privacy Act

The Electronic Communications Privacy Act (ECPA) protects some information that home devices transmit to another person or company. This federal law regulates government access to electronic communications within the U.S.[94] ECPA is divided into three sections, the Wiretap Act, Pen Register Act, and Stored Communications Act.[95] Legislators did not draft any of these sections with smart home devices in mind, but they are flexible enough to apply to them in many circumstances, as described below.

The Wiretap Act protects the privacy of real-time communications, like calls placed using a smart speaker.[96] The law requires law enforcement to demonstrate a reasonable need and probable cause before listening to conversations as they take place.[97] The Pen Register Act guards communications’ secondary data like telephone numbers, IP addresses, or website URLs.[98] Instead of requiring probable cause, this Act lets government agencies compel secondary information by meeting a low standard of showing that the data is relevant to an investigation.[99] Problematically, ECPA allows companies to voluntarily share some information, like the data points protected by the Pen Register Act, with non-government third parties.[100] But this information is all that’s needed to identify a person’s social connections, their interests, and location.[101] Third parties receiving this data can (and in some cases, do) resell it to government agencies and others.[102]

As the name suggests, the Stored Communications Act applies to stored communications, like an email sent from a smart speaker and uploaded to cloud storage.[103] Under the Act, government agencies only need to meet a low bar to (1) compel electronic communications services to produce communications stored over 180 days or (2) compel remote storage providers to produce communications with notice to the user.[104] Courts have made it a bit harder for government agencies to get this data. The Sixth Circuit Court of Appeals requires that government agencies obtain a warrant before compelling emails, and law enforcement agencies typically comply with this rule.[105] Of course, devices can store data other than emails, like the pattern of usage data collected by smart meters or speakers, and this is not clearly protected by the Sixth Circuit’s warrant requirement. Courts should extend full warrant protection to this data, but as it stands, they do not grant it the same protection as emails.[106]

C.    State Laws

States including Illinois, California, Texas, and Michigan have gone beyond ECPA to require government agencies to obtain a warrant in more situations than required by federal statute.[107] Illinois’ recently enacted Protecting Household Privacy Act (PHPA) prohibits state and local law enforcement agencies from compelling stored household data without a warrant.[108] PHPA applies to “any information or input provided by a person to a household electronic device,”[109] but excludes personal computers, phones, tablets, and internet infrastructure like routers.[110] That means Illinois police cannot access any information provided to household cameras, smart speakers, appliances, and other home goods without a warrant (with few exceptions[111]) unless a user consents.[112] It is not clear how courts will treat the data that users input into a household device but store on an excluded item, like a smartphone, but the law’s language extending its application to “any information or input” appears broad enough to apply to data regardless of input method or storage location.[113] That means the PHPA protects a smart bed or any home device controlled through a phone or computer and any smart home device connected to the internet through a router, even if the device stores data on remote servers.

Almost every state has also considered comprehensive consumer privacy legislation that would give home surveillance device users greater control of their data, but only a handful have adopted it.[114] Comprehensive statutes typically give consumers the right to right to opt out of data-sharing and the right to delete information.[115] These rights do not apply against government agencies and do not prevent companies from sharing information in response to a law enforcement inquiry or legal process.[116] Additionally, it is burdensome for households to exercise their rights under these laws.[117] Despite these considerations, determined households can use these laws to delete their data and reduce the amount of personal information they make available to law enforcement agencies and private parties.

D.   The Federal Trade Commission (“FTC”)

The Federal Trade Commission regulates home surveillance companies that engage in unfair and deceptive business practices. A company might draw FTC enforcement if it does not tell consumers that it will collect their data or if it contradicts its internal privacy policy.[118] The FTC also recently announced that it is considering issuing new regulations that would act similarly to comprehensive privacy legislation.[119] If it does, users of household surveillance technology across the U.S. may be given the right to opt out and delete data.

 

IV.          CONCLUSION

Technology has made home life easier than ever, but don’t fall for the “smart” line. This holiday season, keep your loved ones’ rights, security, and privacy in mind while you’re shopping for them. Instead of buying “smart” tech, imagine how your friends and family will use their gifts. Will they listen to music? Would they like to time their lights or schedule their morning coffee? There’s a perfect gift out there that fits the bill without compromising rights, safety, and privacy. This season, shop smart by choosing “dumb.”

  • [1] Kalyn McKenna, “Christmas Gift Guide 2022: Best Smart Home Gifts This Holiday by Google, Amazon, Ring and More,” CBS News, November 7, 2022, https://www.cbsnews.com/essentials/gift-guide-2022-best-smart-home-holiday-gifts/.

    [2] “Privacy Policy,” iRobot, May 23, 2022, https://about.irobot.com/en-us/legal/privacy-policy.

    [3] Ask Siri, Dictation & Privacy. Copied from a MacBook Pro’s Siri settings.

    [4] Kari Paul, “Google Workers Can Listen to What People Say to Its AI Home Devices,” The Guardian, July 11, 2019, https://www.theguardian.com/technology/2019/jul/11/google-home-assistant-listen-recordings-users-privacy.

    [5] “Alexa History: Listen to, View, and Delete Voice Recordings,” Amazon, accessed November 29, 2022, https://www.amazon.com/alexa-history-delete-voice-recordings/b?ie=UTF8&node=21137870011.

    [6] Nat Levy, “Siri Shortcuts vs. Alexa Skills: How Apple Is Tapping Apps to Compete with Amazon’s Voice Assistant,” GeekWire, June 5, 2018, https://www.geekwire.com/2018/siri-shortcuts-vs-alexa-skills-apple-tapping-apps-compete-amazons-voice-assistant/. Dan Rosenbaum, “How to Add Skills to Your Amazon Alexa,” The Verge, November 19, 2019, https://www.theverge.com/2019/11/19/20972973/amazon-echo-alexa-how-to-add-skills-smart-home-games-sounds.

    [7] Ali Montag, “Here’s What People Actually Use Their Amazon Echo and Other Smart Speakers For,” CNBC, September 10, 2018, https://www.cnbc.com/2018/09/10/adobe-analytics-what-people-use-amazon-echo-and-smart-speakers-for.html. Tawfiq Ammari et al., “Music, Search and IoT: How People (Really) Use Voice Assistants,” ACM Transaction on Computer-Human Interaction 1, no. 1 (January 2019).

    [8] Ali Montag, “What People Use Their Smart Speakers For.” Tawfiq Ammari et al., “Music, Search and IoT.”

    [9] Yara El Deek, “The 8 Best Bluetooth Speakers - Fall 2022: Reviews,” RTINGS.com, September 22, 2022, https://www.rtings.com/speaker/reviews/best/by-feature/bluetooth.

    [10] “Edifier S1000DB Wireless & Bluetooth Speaker Review,” Consumer Reports, accessed December 1, 2022, https://www.consumerreports.org/products/wireless-bluetooth-speakers-34959/wireless-bluetooth-speakers-34960/edifier-s1000db-394129/.

    [11] “Amazon Echo Studio Smart Speaker Review,” Consumer Reports, accessed December 1, 2022, https://www.consumerreports.org/products/smart-speakers-200135/smart-speakers-200137/amazon-echo-studio-399784/.

    [12] Camryn Rabideau, “The 8 Best Programmable Coffee Makers of 2022,” The Spruce Eats, August 1, 2022, https://www.thespruceeats.com/best-programmable-coffee-makers-4768672. “DCC_1500,” Cuisinart, accessed October 25, 2022, https://www.cuisinart.com/shopping/appliances/coffee_makers/DCC-1500/.

    [13] “Legal - Data & Privacy,” Apple, accessed March 3, 2022, https://www.apple.com/legal/privacy/data/en/ask-siri-dictation/.

    [14] Kari Paul, “Workers Listen to AI Home Devices.”

    [15] “Amazon.com: Data Use,” Amazon, accessed March 3, 2022, https://www.amazon.com/b/?node=23608617011.

    [16] “Scheduling Smart Home Actions, Actions on Google Smart Home, Google Developers,” Google, November 7, 2022, https://developers.google.com/assistant/smarthome/develop/scheduling.

    [17] “Requests for User Information – Google Transparency Report,” Google, accessed November 29 2022, https://transparencyreport.google.com/user-data/overview?user_requests_report_period=authority:US.

    [18] “Privacy – Government Information Requests – Apple (US),” Apple, accessed November 29, 2022, https://www.apple.com/legal/transparency/us.html.

    [19] “Amazon Information Request Report,” accessed November 29, 2022, https://d1.awsstatic.com/certifications/Information_Request_Report_H1_2022.pdf.

    [20] Alex Hern, “Apple Contractors ‘Regularly Hear Confidential Details’ on Siri Recordings,” The Guardian, July 26, 2019, https://www.theguardian.com/technology/2019/jul/26/apple-contractors-regularly-hear-confidential-details-on-siri-recordings.

    [21] Tom Fogden, “Google Pays Contractors ‘Cents’ to Transcribe Your Convos,” Tech.co, July 11, 2019, https://tech.co/news/google-home-transcribe-2019-07.

    [22] Jack Morse, “Reminder: Your ‘Smart AI’ Often Involves a Low-Paid Contractor Surveilling You,” Mashable, April 11, 2019, https://mashable.com/article/amazon-echo-humans-listening-recordings-smart-tech.

    [23] Alex Hern, “Apple Contractors.”

    [24] Alex Hern, “Apple Contractors.”

    [25] Dan Goodin, “Attackers Can Force Amazon Echos to Hack Themselves with Self-Issued Commands,” Ars Technica, March 6, 2022, https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/.

    [26] Davey Winder, “Security Researchers Probed 90,194 Amazon Alexa Skills—The Results Were Shocking,” Forbes, March 7, 2021, https://www.forbes.com/sites/daveywinder/2021/03/07/security-researchers-probed-90194-amazon-alexa-skills-the-results-were-shocking/.

    [27] Kevin Murnane, “Amazon’s Alexa Hacked To Surreptitiously Record Everything It Hears,” Forbes, April 25, 2018, https://www.forbes.com/sites/kevinmurnane/2018/04/25/amazons-alexa-hacked-to-surreptitiously-record-everything-it-hears/.

    [28] Amy B. Wang, “‘I’m in Your Baby’s Room’: A Hacker Took over a Baby Monitor and Broadcast Threats, Parents Say,” The Washington Post, December 20, 2018, https://www.washingtonpost.com/technology/2018/12/20/nest-cam-baby-monitor-hacked-kidnap-threat-came-device-parents-say/.

    [29] Jamie Phillips, “Mother’s Horror at Hearing Man ‘Shushing’ Son, Two, via Baby Monitor,” Daily Mail, February 16, 2022, https://www.dailymail.co.uk/news/article-10518765/Mothers-horror-hearing-creepy-man-shushing-two-year-old-son-baby-monitor.html. Dennis Romero, “Stranger Hacks into Baby Monitor, Tells Seattle Child, ‘I Love You,’” NBC News, November 32, 2019, https://www.nbcnews.com/news/us-news/stranger-hacks-baby-monitor-tells-child-i-love-you-n1090046. Hayley Minogue, “Louisville Family Shocked after Stranger Asks Child His Age through Baby Monitor,” whas11.com, August 4, 2020, https://www.whas11.com/article/news/local/louisville-family-baby-monitor-hacked-stranger/417-f803d099-c8f9-4111-9d3e-9629e3e536a7.

    [30] Bluetooth speakers are safe to use with the following caveats: they can be hacked from a very close distance (e.g., by someone inside one’s home), and using a streaming service with a speaker almost certainly involves data collection by the streaming service.

    [31] Naperville Smart Meter Awareness v. City of Naperville, No. 16-3766, 6 (7th Cir. 2018).

    [32] Drew Harwell, “Investigators Used a Private Utility Database Covering Millions to Pursue Immigration Violations,” The Washington Post, March 1, 2021, https://www.washingtonpost.com/technology/2021/02/26/ice-private-utility-data/.

    [33] Georgia DDS, Email to Georgia DDS; B1/2 Visa Overstay by Immigrant, June 2, 2020, GADMV_001230.

    [34] See Naperville, No. 16-3766 at 6 (7th Cir. 2018).

    [35] “How Do Smart Thermostats Work & Other Frequently Asked Questions,” Smart AC Controller (blog), June 22, 2022, https://cielowigle.com/blog/how-do-smart-thermostats-work/. Megan Wollerton, “The Best Smart Thermostats for 2022,” CNET, October 13, 2022, https://www.cnet.com/home/energy-and-utilities/best-smart-thermostats/.

    [36] Alfred Ng, “How Police Are Using Protesters’ Phones Against Them,” CNET, June 16, 2020, https://www.cnet.com/news/privacy/geofence-warrants-how-police-can-use-protesters-phones-against-them/. Charlotte Scott, “Geofence Warrants Are ‘Slippery Slope’ in Texas,” Spectrum Local News, July 20, 2020, https://spectrumlocalnews.com/tx/south-texas-el-paso/politics/2022/07/21/geofence-warrants-are--slippery-slope--in-texas. Meg O’Connor, “Avondale Man Sues After Google Data Leads to Wrongful Arrest for Murder,” Phoenix New Times, January 16, 2020, https://www.phoenixnewtimes.com/news/google-geofence-location-data-avondale-wrongful-arrest-molina-gaeta-11426374.

    [37] Corin Faife, “FBI Used Geofence Warrant in Seattle after BLM Protest Attack, New Documents Show,” The Verge, February 5, 2022, https://www.theverge.com/2022/2/5/22918487/fbi-geofence-seattle-blm-protest-police-guild-attack.

    [38] “AG Reaches Settlement with Advertising Company Prohibiting ‘Geofencing’ Around Massachusetts Healthcare Facilities,” Mass.gov, April 4, 2017, https://www.mass.gov/news/ag-reaches-settlement-with-advertising-company-prohibiting-geofencing-around-massachusetts-healthcare-facilities.

    [39] “Best Electronic Timer Plugs For Home Appliance Control,” Tektouch.net, May 7, 2021, https://www.tektouch.net/tools/best-electronic-timer-plugs.php. Patrick Haynes, “12 Best Outlet Timers In 2022 [Buying Guide],” Unclutterer, March 25, 2021, https://unclutterer.com/best-outlet-timer/.

    [40] Daniel Shea and Kate Bell, “Smart Meter Opt-Out Policies,” National Conference of State Legislatures, August 20, 2018, https://www.ncsl.org/research/energy/smart-meter-opt-out-policies.aspx.

    [41] Albert Fox Cahn and Zartosht Ahlers, “Is Your Faucet Spying on You?,” New York Daily News, June 26, 2022, https://www.nydailynews.com/opinion/ny-oped-20220627-qu65yn4j6jdc5odlax2274sg6y-story.html.

    [42] Alexandria Franklin, “The Fourth Amendment in Your Shower: Naperville, Reasonable Expectations of Privacy, and the Intimate Nature of Electric Smart Expectations of Privacy, and the Intimate Nature of Electric Smart Meter DataMeter Data,” North Carolina Law Review 99, no. 4 (2021), https://scholarship.law.unc.edu/cgi/viewcontent.cgi?article=6848&context=nclr.

    [43] Surya Mattu and Kashmir Hill, “The House That Spied on Me,” Gizmodo, February 7, 2018, https://gizmodo.com/the-house-that-spied-on-me-1822429852.

    [44] Albert Fox Cahn, “Is Your Faucet Spying?”

    [45] “Privacy Policy,” iRobot.

    [46] “How Does My Robot Navigate?,” iRobot, November 19, 2021, https://homesupport.irobot.com/s/article/31056.

    [47] “Privacy Policy,” iRobot.

    [48] Katherine Tangalakis-Lippert, “Amazon’s Empire of Surveillance: Through Recent Billion-Dollar Acquisitions of Health Care Services and Smart Home Devices, the Tech Giant Is Leveraging Its Monopoly Power to Track ‘Every Aspect’ of Our Lives,” Business Insider, April 28, 2022, https://www.businessinsider.com/amazon-empire-of-surveillance-leveraging-monopoly-power-tracking-purchases-2022-8.

    [49] “Eufy 11S Vacuum Cleaner Review,” Consumer Reports, accessed December 1, 2022, https://www.consumerreports.org/products/vacuum-cleaners-28984/robotic-vacuum-35183/eufy-11s-395723/.

    [50] Based on $800+ price tag of the iRobot iRoomba S9+ at the time of publication and the price of most of Consumer Reports’ top picks for canister vacuum cleaners. “Vacuum Cleaner Ratings & Reviews,” Consumer Reports, accessed December 1, 2022, https://www.consumerreports.org/products/vacuum-cleaners-28984/canister-vacuum-28670/view2/.

    [51] “iRobot Privacy and Data Sharing Common Questions,” iRobot, November 19, 2021, https://homesupport.irobot.com/s/article/964.

    [52] Based on Sleep Number smart bed. “Legal Privacy Policy,” Sleep Number, October 20, 2022, https://www.sleepnumber.com/pages/legal-privacy-policy. “Sleep Number Privacy Policy: Collection and Use of Personal Sleep IQ Information,” Sleep Number, October 20, 2022, https://www.sleepnumber.com/pdfs/SleepIQ_Personal_Information_Table_10_20_22.pdf.pdf.

    [53] “Legal Privacy Policy,” Sleep Number.

    [54] “Personal Sleep IQ Information,” Sleep Number.

    [55] Sharyl J. Nass et al., The Value and Importance of Health Information Privacy, Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research (National Academies Press (US), 2009), https://www.ncbi.nlm.nih.gov/books/NBK9579/. “Why Is Patient Confidentiality So Important in Healthcare?,” Text, Charter College, October 27, 2021, https://www.chartercollege.edu/news-hub/why-patient-confidentiality-so-important. “Health Information Privacy – Why Should We Care?,” National Cybersecurity Alliance, November 9, 2017, https://staysafeonline.org/online-safety-privacy-basics/health-information-privacy-care/.

    [56] Josh Chen, “Sleep Number Mattresses: An Honest Assessment,” The New York Times, February 12, 2021, https://www.nytimes.com/wirecutter/reviews/sleep-number-mattress/.

    [57] “Mattress Ratings & Reliability,” Consumer Reports, accessed December 1, 2022, https://www.consumerreports.org/products/mattresses-28948/mattress-28705/recommended/.

    [58] Chen, “Sleep Number Mattresses.”

    [59] Brian X. Chen, “Amazon Wants to Review Your Sleep. (No, Thanks.),” The New York Times, November 30, 2022, sec. Technology, https://www.nytimes.com/2022/11/30/technology/personaltech/amazon-halo-rise-review.html.

    [60] Brian X. Chen, “Amazon Wants to Review Your Sleep.”

    [61] Thorin Kloskowsi, “We Asked Appliance Manufacturers How Long They’ll Keep Connected Devices Secure. Many Couldn’t Tell Us,” The New York Times, August 24, 2020, https://www.nytimes.com/wirecutter/blog/how-long-connected-devices-secure/.

    [62] Thorin Kloskowsi, “Keep Connected Devices Secure.” Eric Limer, “How Hackers Wrecked the Internet Using DVRs and Webcams,” Popular Mechanics, October 21, 2016, https://www.popularmechanics.com/technology/infrastructure/a23504/mirai-botnet-internet-of-things-ddos-attack/.

    [63] Eric Limer, “How Hackers Wrecked the Internet.”

    [64] “Report: More than 1B IoT Attacks in 2021,” VentureBeat, April 25, 2022, https://venturebeat.com/business/report-more-than-1b-iot-attacks-in-2021/.

    [65] Matthew Giannelis, “The Impact of IoT on Cybersecurity,” Tech Business News, July 7, 2022, https://www.techbusinessnews.com.au/the-impact-of-iot-on-cybersecurity/.

    [66] Ry Crist, “Brita Infinity Smart Water Pitcher with Amazon Dash Filter Replenishment Review: Brita’s Smart Pitcher Buys Its Own Replacement Filters from Amazon,” CNET, August 15, 2016, https://www.cnet.com/reviews/brita-infinity-preview/.

    [67] Camryn Rabideau, “The 8 Best Programmable Coffee Makers of 2022,” The Spruce Eats, August 1, 2022, https://www.thespruceeats.com/best-programmable-coffee-makers-4768672. “DCC_1500,” Cuisinart, accessed October 25, 2022, https://www.cuisinart.com/shopping/appliances/coffee_makers/DCC-1500/.

    [68] “The Best Ways to Make Coffee, According to Baristas,” Bon Appétit, February 6, 2019, https://www.bonappetit.com/story/favorite-ways-to-make-coffee-at-home.

    [69] Mike Prospero, “What Is a Smart Refrigerator, and Is It Worth It?,” Tom’s Guide, March 26, 2019, https://www.tomsguide.com/us/what-is-a-smart-refrigerator,review-6307.html. Markkus Rovito, “6 Pros and 6 Cons of Buying a Smart Fridge,” SlashGear.com, February 1, 2022, https://www.slashgear.com/6-pros-and-6-cons-of-buying-a-smart-fridge-01709939/.

    [70] Thorin Kloskowsi, “Keep Connected Devices Secure.”

    [71] Michael Sullivan, “The Best Toaster Oven,” The New York Times, December 9, 2021, https://www.nytimes.com/wirecutter/reviews/the-best-toaster-oven/. Marguerite Preston, Sarah Zorn, and Winnie Yang, “The Best Waffle Maker,” The New York Times, December 1, 2021, https://www.nytimes.com/wirecutter/reviews/best-waffle-maker/.

    [72] Willmary Escoto Esquire, “Why We Don’t like Amazon Ring,” Access Now (blog), December 15, 2021, https://www.accessnow.org/amazon-ring-privacy-review/.

    [73] Dani Deahl, “Ring Let Employees Watch Customer Videos, Claim Reports,” The Verge, January 10, 2019, https://www.theverge.com/2019/1/10/18177305/ring-employees-unencrypted-customer-video-amazon.

    [74] Drew Harwell, “Ring, the Doorbell-Camera Firm, Has Partnered with 400 Police Forces, Extending Surveillance Reach,” The Washington Post, August 28, 2019, https://www.washingtonpost.com/technology/2019/08/28/doorbell-camera-firm-ring-has-partnered-with-police-forces-extending-surveillance-reach/.

    [75] Lauren Bridges, “Amazon’s Ring Is the Largest Civilian Surveillance Network the U.S. Has Ever Seen,” The Guardian, May 18, 2021, sec. Opinion, https://www.theguardian.com/commentisfree/2021/may/18/amazon-ring-largest-civilian-surveillance-network-us.

    [76] “The NYPD Announces It Will Join Ring Neighbors,” The official website of the City of New York, November 2, 2022, http://www1.nyc.gov/site/nypd/news/p00065/the-nypd-it-will-join-ring-neighbors.

    [77] Matthew Guariglia, “Ring Changed How Police Request Door Camera Footage: What It Means and Doesn’t Mean,” Electronic Frontier Foundation, June 7, 2021, https://www.eff.org/deeplinks/2021/06/ring-changed-how-police-request-door-camera-footage-what-it-means-and-doesnt-mean.

    [78] Paula Garcia-Salazar et al., “The Spy Next Door” (The Surveillance Technology Oversight Project (S.T.O.P.), November 30, 2021), https://www.stopspying.org/thespynextdoor.

    [79] Kari Paul, “Dozens Sue Amazon’s Ring after Camera Hack Leads to Threats and Racial Slurs,” The Guardian, December 23, 2020, sec. Technology, https://www.theguardian.com/technology/2020/dec/23/amazon-ring-camera-hack-lawsuit-threats.

    [80] “Los Angeles Police ‘Wanted Amazon Ring BLM Protest Footage,’” BBC News, February 17, 2021, sec. Technology, https://www.bbc.com/news/technology-56099167.

    [81] Caroline Haskins, “Amazon’s Home Security Company Is Turning Everyone Into Cops,” Vice, February 7, 2019, https://www.vice.com/en/article/qvyvzd/amazons-home-security-company-is-turning-everyone-into-cops.

    [82] Evan Greer and Anna Bonesteel, “The Dark Side of America’s Doorbell Camera Obsession,” NBC News, November 1, 2022, https://www.nbcnews.com/think/opinion/amazons-ring-doorbell-videos-make-america-less-safe-crime-rcna55143.

    [83] Evan Greer, “The Dark Side.”

    [84] Smiljanic Stasha, “Smart home statistics: 2021 Update,” Policy Advice, September 29, 2022, https://policyadvice.net/insurance/insights/smart-home-statistics/.

    [85] Vladimir Popescu, “5 Best VPNs for Alexa to Boost Home Security [Good for Echo Too],” VPNCentral, October 14, 2022, https://vpncentral.com/vpn-alexa-echo/.

    [86] Michael Grothaus, “How to Protect Your Privacy with a VPN,” Fast Company, September 18, 2020, https://www.fastcompany.com/90282668/the-one-thing-you-should-do-to-protect-your-privacy-in-2019.

    [87] Michael Grothaus, “How to Protect Your Privacy.”

    [88] Michael Grothaus, “How to Protect Your Privacy.”

    [89] Popescu, “5 Best VPNs.”

    [90] Amer Owaida, “7 VPN Services Leaked Data of over 20 Million Users, Says Report,” WeLiveSecurity, July 20, 2020, https://www.welivesecurity.com/2020/07/20/seven-vpn-services-leaked-data-20million-users-report/. Katie Rees, “Can Governments See Who’s Using a VPN?,” Make Use Of, April 21, 2022, https://www.makeuseof.com/can-governments-see-vpn-use/. Katie Teague, “Protect Your Amazon Echo Privacy While Working From Home: 7 Simple Tricks,” CNET, February 26, 2022, https://www.cnet.com/home/smart-home/protect-your-amazon-echo-privacy-while-working-from-home-7-simple-tricks/.

    [91] Dana Vioreanu, “6 Things A VPN Hides and Protects And What It Doesn’t,” CyberGhost Privacy Hub (blog), November 16, 2021, https://www.cyberghostvpn.com/en_US/privacyhub/what-does-vpn-hide/. Maile McCann and Rob Watts, “What Is A VPN Used For? 9 VPN Uses In 2022,” Forbes, October 17, 2022, https://www.forbes.com/advisor/business/software/why-use-a-vpn/. Bertrand Mathieu, Iman Akbari, and Raouf Boutaba, “Encrypting or Classifying Internet Traffic: Do We Have to Choose?,” Hello Future (blog), September 2, 2021, https://hellofuture.orange.com/en/encrypting-or-classifying-internet-traffic-do-we-have-to-choose/.

    [92] “Does A VPN Encrypt Text Message? Hint: Stop Using SMS & MMS,” Data Overhaulers (blog), accessed October 20, 2022, https://dataoverhaulers.com/vpn-encrypt-text-messages/. Wayne Rash, “When to Use a VPN to Carry VoIP Traffic,” PCMAG, May 20, 2020, https://www.pcmag.com/news/when-to-use-a-vpn-to-carry-voip-traffic.

    [93] U.S. Const. amend. IV.

    [94] Electronic Communication Privacy Act, Pub. Law 99-508, 100 Stat. 1848 (1986).

    [95] Pub. Law 99-508, 100 Stat. 1848.

    [96] Pub. Law 99-508, 100 Stat. 1848.

    [97] 18 U.S.C. § 2518.

    [98] 18 U.S.C § 2312.

    [99] 18 U.S.C § 2312 (a)-(b).

    [100] Sharon Bradford-Franklin, Greg Nojeim, and Danaraj Thakur, “Legal Loopholes and Data for Dollars: How Law Enforcement and Intelligence Agencies Are Buying Your Data from Brokers” (Center for Democracy and Technology, December 9, 2021), https://cdt.org/insights/report-legal-loopholes-and-data-for-dollars-how-law-enforcement-and-intelligence-agencies-are-buying-your-data-from-brokers/.

    [101] Josephine Wolff, “Newly Released Documents Show How Government Inflated the Definition of Metadata,” Slate, November 20, 2013, https://slate.com/technology/2013/11/dni-patriot-act-section-215-documents-show-how-government-inflated-metadata-definition.html.

    [102] Bradford-Franklin, “Legal Loopholes.”

    [103] 18 U.S.C § 2703.

    [104] 18 U.S.C § 2703.

    [105] Orin Kerr, “Fourth Circuit Deepens the Split on Accessing Opened E-Mails,” Reason, March 21, 2019, https://reason.com/volokh/2019/03/21/fourth-circuit-deepens-the-split-on-civi/.

    [106] The Seventh Circuit has ruled the Fourth Amendment applies to smart meters. However, it also ruled that a local government utility did not need a warrant to view smart meter data. Jamie Williams, “Win! Landmark Seventh Circuit Decision Says Fourth Amendment Applies to Smart Meter Data,” Electronic Frontier Foundation, August 21, 2018, https://www.eff.org/deeplinks/2018/08/win-landmark-seventh-circuit-decision-says-fourth-amendment-applies-smart-meter.

    [107] SB 178, 2015 Regular Sess. (Cal. 2015-2016). Mich. Const. Art 1 Sec. 11. 5 ILCS 855/ Protecting Household Privacy Act. Bob Sullivan, “Don’t Mess with Texas Email: State Law Ends Some Warrantless Email Searches,” NBC News, June 18, 2013, http://www.nbcnews.com/business/consumer/dont-mess-texas-email-state-law-ends-some-warrantless-email-flna6C10370211.

    [108] 5 I.C.L.S. 855/10, /45.

    [109] 5 I.C.L.S. 855/5.

    [110] 5 I.C.L.S. 855/5.

    [111] 5 I.C.L.S. 855/15.

    [112] 5 I.C.L.S. 855/5.

    [113] 5 I.C.L.S. 855/5.

    [114] International Association of Privacy Professionals (IAPP), U.S. State Privacy Legislation Tracker, last visited November 8, 2022, https://iapp.org/resources/article/us-state-privacy-legislation-tracker/. Some states also have targeted consumer privacy laws. Caroline W. Hudson “California Governor Signs Law Prohibiting Smart TV Makers from Using Voice-Recognition Without Consumers’ Consent,” CaseText, October 15, 2015, https://casetext.com/analysis/california-enacts-privacy-legislation-regarding-smart-tv-voice-recognition-features.

    [115] IAPP, U.S. State Privacy Legislation Tracker.

    [116] IAPP, U.S. State Privacy Legislation Tracker.

    [117] Hana Habib et al., “An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites,” SSRN Scholarly Paper (Rochester, NY, August 1, 2020), https://papers.ssrn.com/abstract=4181896.

    [118] Alexander Reicher and Yin Fang, “FTC Privacy and Data Security Enforcement and Guidance Under Section 5,” Antitrust and Unfair Competition Law 25, no. 2 (2016), https://calawyers.org/publications/antitrust-unfair-competition-law/competition-2016-vol-25-no-2-ftc-privacy-and-data-security-enforcement-and-guidance-under-section-5/.

    [119] “FTC Explores Rules Cracking Down on Commercial Surveillance and Lax Data Security Practices,” Federal Trade Commission, August 10, 2022, https://www.ftc.gov/news-events/news/press-releases/2022/08/ftc-explores-rules-cracking-down-commercial-surveillance-lax-data-security-practices.

Social Media Graphics