Smart Lock Vendors Under Fire For Collecting Too Much Private Data

from the brave-new-world dept

Like most internet of broken things products, we’ve noted how “smart” door locks often aren’t all that smart. More than a few times we’ve written about smart lock consumers getting locked out of their own homes without much recourse. Other times we’ve noted how the devices simply aren’t that secure, with one study finding that 12 of 16 smart locks they tested could be relatively easily hacked thanks to flimsy security standards, something that’s the primary feature of many internet of broken things devices.

One such vendor, Latch, has increasingly had its products used by landlords eager to simply access to their properties and sell the technology as an advantage. That hasn’t gone over all that well in New York City, where some residents have sued their landlords over the use of the locks, which many residents found cumbersome and difficult to use. Latch at the time reached out to us to note this shouldn’t be a major obstacle, since users have the option of a smartphone app, a door code, and a physical key card to access their properties.

But there’s another issue that has popped up regarding these products: the amount of data many smart locks are collecting and doling out to property managers. Privacy experts, for example, say the company’s terms of service are overly broad, allowing the sharing of too much data with valued partners and landlords:

“Smart locks can be a great convenience and even privacy-enhancing for residents by allowing them to change codes when they wish or to allow one-time entry by a service provider, but they need strict privacy design and information governance to ensure they don?t cause more harm than good,? Jules Polonetsky, CEO of the Future of Privacy Forum, a nonprofit advocating for principled data practices in support of emerging technologies, tells OneZero. ?[Latch?s] privacy policy allows some uses I would urge them to reconsider.”

Latch says it’s currently reviewing its privacy practices and revising its privacy policy “to remove any possible ambiguity and to make our strong record of privacy protection crystal clear.” (Update: Latch told Techdirt the company never captures, stores or uses GPS location data of users, and does not share users? personal data with third parties for marketing purposes or monetize that data.) The problem, of course, is that with few privacy guidelines and many napping regulators, there’s not much really ensuring that smart lock companies (any companies, really) are following through on their promises. And as company ownership (especially in startup culture) changes, these policies can shift on a dime. In some cases that can even result in your product not working if its servers get shut down.

Many of these issues have also popped up increasingly in the realm of smart electricity meters, which can provide utilities with an unprecedented amount of detail regarding your daily habits, ranging from which appliances you most frequently use, how long you’re home, and when you’re not. The EFF has argued that this data should be protected by the Fouth Amendment, given 65 million of the devices have been installed in the United States over the last few years — 57 million of them in consumer homes.

It’s again a good example of how while everybody fixates on Facebook’s (admittedly terrible) privacy practices, it’s just one small part of a much larger problem that will soon go from bad to absurd. With your cell carrier, ISP, smart locks, electrical utility, and every IOT device in your home collecting data on every single move you make, it’s not hard to envision a future where every step you take is monitored and monetized (and often poorly secured), with little serious recourse for consumer rights. It’s a problem that’s still not taken particularly seriously, despite the threat of looming privacy legislation perched just over the horizon.

Filed Under: , , ,
Companies: latch

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Smart Lock Vendors Under Fire For Collecting Too Much Private Data”

Subscribe: RSS Leave a comment
Kevin (profile) says:

"Smarthome" is not synonymous with IoT

Not all "smarthome" devices are inherently connected devices with their own IP address and cloud connectivity. For your own property you could choose a Zigbee or Z-Wave lock, and your privacy is as good (or bad) as the privacy of your Z-protocol hub. Even manage your smart devices using a non-internet connected solution if you choose.

Tenants, however, don’t get a choice.

Inherently these landlord-issued "smart" locks, like all smart devices, serve their true owner (Latch and, to a lesser extent, the landlord), rather than the tenant.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...