Smart Lock Vendors Under Fire For Collecting Too Much Private Data

from the brave-new-world dept

Like most internet of broken things products, we've noted how "smart" door locks often aren't all that smart. More than a few times we've written about smart lock consumers getting locked out of their own homes without much recourse. Other times we've noted how the devices simply aren't that secure, with one study finding that 12 of 16 smart locks they tested could be relatively easily hacked thanks to flimsy security standards, something that's the primary feature of many internet of broken things devices.

One such vendor, Latch, has increasingly had its products used by landlords eager to simply access to their properties and sell the technology as an advantage. That hasn't gone over all that well in New York City, where some residents have sued their landlords over the use of the locks, which many residents found cumbersome and difficult to use. Latch at the time reached out to us to note this shouldn't be a major obstacle, since users have the option of a smartphone app, a door code, and a physical key card to access their properties.

But there's another issue that has popped up regarding these products: the amount of data many smart locks are collecting and doling out to property managers. Privacy experts, for example, say the company's terms of service are overly broad, allowing the sharing of too much data with valued partners and landlords:

"Smart locks can be a great convenience and even privacy-enhancing for residents by allowing them to change codes when they wish or to allow one-time entry by a service provider, but they need strict privacy design and information governance to ensure they don’t cause more harm than good,” Jules Polonetsky, CEO of the Future of Privacy Forum, a nonprofit advocating for principled data practices in support of emerging technologies, tells OneZero. “[Latch’s] privacy policy allows some uses I would urge them to reconsider."

Latch says it's currently reviewing its privacy practices and revising its privacy policy "to remove any possible ambiguity and to make our strong record of privacy protection crystal clear." (Update: Latch told Techdirt the company never captures, stores or uses GPS location data of users, and does not share users’ personal data with third parties for marketing purposes or monetize that data.) The problem, of course, is that with few privacy guidelines and many napping regulators, there's not much really ensuring that smart lock companies (any companies, really) are following through on their promises. And as company ownership (especially in startup culture) changes, these policies can shift on a dime. In some cases that can even result in your product not working if its servers get shut down.

Many of these issues have also popped up increasingly in the realm of smart electricity meters, which can provide utilities with an unprecedented amount of detail regarding your daily habits, ranging from which appliances you most frequently use, how long you're home, and when you're not. The EFF has argued that this data should be protected by the Fouth Amendment, given 65 million of the devices have been installed in the United States over the last few years -- 57 million of them in consumer homes.

It's again a good example of how while everybody fixates on Facebook's (admittedly terrible) privacy practices, it's just one small part of a much larger problem that will soon go from bad to absurd. With your cell carrier, ISP, smart locks, electrical utility, and every IOT device in your home collecting data on every single move you make, it's not hard to envision a future where every step you take is monitored and monetized (and often poorly secured), with little serious recourse for consumer rights. It's a problem that's still not taken particularly seriously, despite the threat of looming privacy legislation perched just over the horizon.

Filed Under: data collection, privacy, privacy policy, smart locks
Companies: latch


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 3 May 2019 @ 6:45am

    Duh

    This just in...Scientists determine that yo butt IS yo crack...more at 11pm.

    If it's online, it's hackable.
    (Man is not perfect, and nothing man makes is perfect, but that's another story for another time.)

    Could it be that [sh]IOT devices are porous on purpose?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 May 2019 @ 7:46am

    used by landlords eager to simply access to their properties

    *simplify
    I thought I'd had a stroke, trying to read that sentence.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 May 2019 @ 10:02am

      Re:

      I thought that standard rental agreements included words about not entering residence without prior coordination. Has this changed and why. Abusive landlords are quite common.

      reply to this | link to this | view in chronology ]

      • icon
        stderric (profile), 3 May 2019 @ 7:32pm

        Re: Re:

        I thought that standard rental agreements included words about not entering residence without prior coordination.

        "I contacted the doorknob two days ago and we arranged for it to let me in at 10 this morning."

        reply to this | link to this | view in chronology ]

  • icon
    Kevin (profile), 3 May 2019 @ 11:50am

    "Smarthome" is not synonymous with IoT

    Not all "smarthome" devices are inherently connected devices with their own IP address and cloud connectivity. For your own property you could choose a Zigbee or Z-Wave lock, and your privacy is as good (or bad) as the privacy of your Z-protocol hub. Even manage your smart devices using a non-internet connected solution if you choose.

    Tenants, however, don't get a choice.

    Inherently these landlord-issued "smart" locks, like all smart devices, serve their true owner (Latch and, to a lesser extent, the landlord), rather than the tenant.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.