Yesterday, at the same time countless companies packed the show floor of CES 2019 with all manner of new connected smart gadgets from security cameras to high-tech baby monitors, another high-profile leak of consumer trust came out. The Intercept reported that Amazon’s Ring Doorbell exposed the ostensibly private video captured by its electronic eye to strangers.
Such a breach of trust is hardly a surprise at this point. With Facebook’s constant leaks and continual privacy invasion, and now news that even weather apps sell your location to hedge funds, it’s painfully clear that you shouldn’t trust a major tech company with your data. But more importantly, you shouldn’t have to. And that’s what’s fundamentally wrong with tech.
This doesn’t happen out of nowhere
It’s easy to imagine the Cambridge Analytics scandal or any other major data leak as the result of some aberrant behavior. That one company or another has harvested your data or left it unsecured because that company is specifically and particularly greedy, incompetent, or careless. It’s a belief structure that leads to Facebook and company acknowledging that they “didn’t do enough” and promising to be more vigilant next time, as if that will solve the problem. But the frequency and diversity of these stories reveals a deeper problem: that spying and security leaks are the natural outcome of the industry as it exists.
Marketing and ad sales are a cornerstone of business on the web. That’s how Facebook makes its money, and that structure gives anyone who has access to personal data a strong incentive to monetize it somehow, whether you’re a rogue hacker or a shadowy shell company with nothing to lose, or a nigh-impervious monopoly like Facebook, Amazon, or Google.
Worse yet, the short-term profit motive incentivizes companies that ostensibly do care about privacy and security from doing what’s required to protect it. To stop slurping data is to cut off a revenue stream, and putting money into data security appears on a budget sheet like dumping money into a black hole. To invest in good security is to pay scads of money to make sure that nothing happens.
Companies like Google, and Amazon, and Facebook let us down, but they were always going to. Absent significant changes to the nature of the tech industry or wide-ranging regulation, they always will. The problems arise when we act as though they won’t.
It wasn’t always this way. Before the always-on internet, data was harder to collect and unwieldy to store in mass quantity. Before GPS-enabled pocket supercomputers became a must-have tool, there was just less data around. And before a data-based business was feasible to build, companies made ends met selling hardware and software itself, rather than the data it generates.
Some companies, like Apple with its hardware-focus, still function on this older model and have an incentive to defend your privacy. And it’s telling that Apple has pursued this end by eliminating the need for you to trust them, adding encryption to iMessage and fighting to keep the iPhone as secure as possible, even from Apple itself. That is the exception to the rule, though, and a position Apple might struggle to hold as the hardware well runs dry.
Why should I trust you?
The good news is that in the wake of so many privacy scandals and a growing culture of techno-suspicion, some gadgets are taking a comforting turn towards trustlessness. It’s easy to laugh at how Facebook released its “Portal” home assistant amid the social network’s biggest privacy snafu to date. If you do choose to put Zuck’s little spy in your living room, though, you’ll note that it has a built-in lens cover for its camera to put your mind at ease, at least when it’s not in use.
Google, for its part, has poked at this idea as well, specifically to enable the sale of devices that would otherwise be beyond the pale. Its always-on smart camera doesn’t connect to the internet without your explicit permission. It’s “Home Hub” doesn’t even have a camera.
This progress is good, but it’s only coming in the wake of near universal acceptance of always-on microphones, and before that GPS, and before that ads that track you all around the internet. For years, blind trust (or at least ambivalence) has been built into the very foundation of the tech we rely on today. By its very nature, your smartphone constantly reports your location data to organizations you can’t trust to not to horde it using infrastructure you can’t trust to not spy on you.
This is a problem no lens cap can solve, and where regulation is likely our only hope. Short of fully open-source software that can be audited by anyone who cares to look, we need disinterested parties to investigate these junctures to make sure everything is on the up-and-up before the news breaks that it wasn’t and our data is irrevocably out in the wild. Even then, there comes the matter of trusting the regulator, but that seems preferable to burning down the last 20 years of tech and starting over with a tinfoil hat.
But we’re not even headed in that direction. Even as Amazon’s robot doorbell spills your secrets to strangers, the Everything Store is still experimenting with ways to convince you to trust delivery people to walk into parts of your home. At this point, we probably ought to know better than that.