By B.N. Frank
IBM recently warned about a flaw in millions of wireless Internet of Things (IoT) modules that can severely compromise medical devices and “wreck” utility “Smart” Meters. This isn’t really surprising – security expert warnings about IoT go back several years and there are countless examples of past and recent hacks (see 1, 2, 3).
Today there seems to be no avoiding the risks and consequences from 5G and IoT technology being installed everywhere, whereas a few years ago people were still weighing the advantages and disadvantages of having an IoT / “smart” enabled home.
From The Atlantic (November 11, 2016):
Home Monitoring Will Soon Monitor You
When the Internet of Things begins to track electrical usage, houses could become more measured—and scrutinized—than ever.
I worry. About my family. My house. My dumb possessions, and my treasured ones. Doesn’t everyone? “Happiness,” Don Draper opines in Mad Men’s pilot, “is the freedom from fear.” Companies sell people solutions to those fears—even if they are contrived ones. Listerine, invented to cure a made-up condition called halitosis. Nike, whose kicks are used for sloth more than athleticism. Apple, whose modernist, glass-and-aluminum shields hide compulsion.
Just as people originally bought mobile phones to protect against hypothetical emergencies, so internet-connected smart devices now often sell comfort from fear. Motion cameras that deter evil babysitters. Recording doorbells that stave off solicitors and burglars. Propane scales that avert cook-out disaster. Sensor-tentacled boxes that warn against flooding.
Individually, such fears and their solutions are harmless at best, vain at worst. But when many people use these products, there are real reasons for concern. When it comes to smart devices, that includes profound security deficiencies—exemplified by the recent botnet attack that used insecure cable boxes and internet cameras to take down DNS services. Yet the total vision promised by the Internet of Things trades the uncertainty of fear for the certainty of scrutiny. To watch everything with gadgets necessitates that they also be able to watch you watching. Even more than you think they already can.
I’m looking at an app called Sense on my smartphone. It displays a live graph of my home’s electrical usage. I flick a light switch on and the graph climbs a little. The data is captured by a power-usage meter installed on my electrical main—a small, red box with a wireless antenna that connects to the internet, and thereby to Sense’s service and app.
Another view shows bubbles representing the individual devices and appliances that are currently using electricity in my house. An HVAC unit occupies the biggest bubble, then the oven (we’re baking cupcakes), then the light. I flip the light switch off, and the light bubble in the Sense app disappears, like magic. My lights and oven aren’t connected to the internet, but now that my electrical main is, Sense knows when I’m using certain devices, for how long, and how much energy they consume in the process.
This type of signal processing is called energy load disaggregation, sometimes also known as nonintrusive load monitoring, and it’s been around since the 1980s. Load disaggregation attempts to separate, or “disaggregate,” the total electrical load in a building into its constituent parts—air conditioning, appliances, lighting, and so forth. Traditionally, load disaggregation has been used to monitor residential and commercial usage and efficiency. But Sense Labs, the Cambridge-based startup who loaned me their device to install in my circuit box, has something bigger and weirder in mind.
Mike Phillips, Sense’s CEO, has a background in speech recognition. His company SpeechWorks, which went public in 2000, developed speech-activated services, largely for automated corporate phone systems. Some of the same approaches that can help computers recognize and understand speech can be applied to electricity, it turns out. Sense does load disaggregation by detecting small changes in the electrical voltage and current at the main breaker to identify the signatures of individual devices. To improve the quality of recognition, signature-detection is aided by machine learning: By sharing the patterns found among all electrical devices detected by every individual Sense-enabled residence, the service can recognize more electrical appliances with greater accuracy and speed.
On first blush, Sense seems like it might be useful only to obsessives: Those intent to connect everything in their homes to the internet just to be able to stroke them on a smartphone, those inclined to micromanage electrical usage in order to reduce their home’s cost and energy footprint, or those who regularly worry about leaving the oven or the iron on.
But Sense Labs is looking beyond parsimony and pathology. Even if the apparent value of disaggregation comes from tracking energy usage, Phillips explains to me, electrical usage can also be a signal for what’s going on in your house. For example, if Sense users see the TV turn on at 4 p.m., they might take it as a sign that the kids are safely home from school. If the oven turns on, they’d know that a spouse actually remembered to put the chicken in the oven. Checking when the garage door opened last night could confirm whether the teenager got home by curfew last night.
From there, Sense eventually hopes to offer home intelligence beyond electrical usage. Some of these functions might take the place of other, more ad-hoc gadgets currently in homes. For example, one common early-Internet-of-Things application is the Wi-Fi-connected moisture sensor. Just drop a device like Twine into the basement and it can send a text message in the event of flooding. But with Sense, the same feat could be accomplished by monitoring the sump pump instead. Sense’s website offers a host of promising applications of the technology, including reporting when the wash is done, or how much television a home has watched in a week. Eventually, it might also switch internet-connected devices on or off.
In practice, however, even synthetic reports, like a wash-is-done notification, are a far away; for now, the app just displays a list of on-and-off events for the various devices it identifies. And that’s if it identifies them at all. Sense begins finding a home’s devices within a few days, and Phillips estimates that a relatively complete set should emerge in a month or so. Yet after about that much time, Sense’s picture of my home hardly feels complete. Only a few lights ever show up, for example, and some devices ghost in and out of existence.
In contrast to the immediate gratification of most internet gadgets, Sense is slow and semi-permanent. The device requires professional installation by an electrician (so as to avoid possible electrocution). Once set up, Sense needs a Wi-Fi signal to operate correctly, but the basements, garages, and other out-of-the-way places where the main electrical panel are housed are not necessarily nearby the home’s Wi-Fi router. Sense tells me that they’re considering a wired option, but homeowners don’t generally wire Ethernet to their breaker boxes, either.
Still, it’s early days for automated consumer load aggregation. The precision of disaggregation available in the Sense service needs time to mature, which it will if more people install the device, allowing the machine-learning backend to bolster the service’s overall knowledge.
* * *
Sense feels like the start of something new and durable among internet-connected devices. Finding that future requires that Sense offers a service compelling enough that consumer will be willing to install the device semi-permanently into their home’s electrical grid. At a time when Internet-of-Things devices have been responsible for nationwide DDoS attacks and drone-enabled, cascading smart lightbulb hacks, security and privacy might offer the greatest obstacles to its adoption.
On the security front, Sense represents a theoretical improvement over standard-fare Internet of Things, which are often poorly engineered for security and installed in large numbers. By moving sensing from individual devices to a single sensor on the electrical main, the possible points of attack are reduced—so long as the Sense itself doesn’t get hacked.
But when it comes to privacy, things are more complicated. After all, Sense listens in on and records every electrical apparatus in the home. That’s a lot of potentially invasive—and valuable—data.
Early adopters of the Nest smart thermostat embraced that device without fully considering the implications of its capacity to monitor presence in the home. When Google bought Nest for $3.2 billion, in 2014, it bought the ability to merge that internal view of the home with everything else Google already knows about its users—their web searches, the places they’ve visited, and so forth. Sense offers a similar opportunity to slurp up live, granular data on everything people do with electricity in their homes—which is most everything, these days.
Nest knows the general patterns of occupancy in a home, but for anyone with smartphone running Google services like Maps, the company probably knew those patterns already. Sense, by contrast, can know when consumers make use of individual appliances, lights, and devices—how often, and for how long. Monitoring the garage door or the oven might seem innocuous, until one considers the fact that big data is already being used for purposes like insurance and loan underwriting. The frequency and time of day of garage use offers new ways to evaluate and confirm a household’s automotive risk, based on how often they appear to be driving and at what times of day. And the use (or disuse) of an electric oven or cooktop or blender or microwave could be used to draw conclusions about a home’s cooking tendencies, and thereby its occupants’ general health.
Own a table saw or a Hitachi magic wand? Your insurer—or your employer—might want to know about that, too. A job candidate who runs a clothes iron regularly might appear more desirable than one who runs a “personal massager” daily. Likewise, a warehouse pick-and-pack runner who spends days off using power tools might prove a less desirable employee than one who unwinds through innocuous television viewing.
The commercial applications of load disaggregation are also plentiful. Imagine if Amazon or Walmart or Google knew not just what consumers search for and buy, but also what ordinary, non-electronic products they already own, and how often they use them. Someone’s porn-viewing predilections could be correlated against their toasting habits. Their sleep patterns—determined by lamp or television usage—could be compared to their proclivity for online impulse purchases. Do people who use electric razors daily tend to buy boxers, while those who do so every other day prefer briefs? Soon Facebook might know and serve the proper ad accordingly.
For now, such granularity is impossible with Sense. But over time, load disaggregation’s potential will improve. And not just because of machine learning, but also because disaggregation could end up getting baked into products—and even the electrical grid itself.
Today, Internet-of-Things devices require individual connections to a home network. That’s part of what makes them hard to manage, not to mention unsecure. But it also allows so-called “smart” devices to be used as dumb ones; the user can always opt out of the wireless features of a kettle or a refrigerator and just brew tea or chill food like usual. But once a load disaggregation hub of Sense’s ilk is installed, basic identification, usage, and data reporting could eventually be accomplished via the electric line itself, and without the consumer even knowing.
I asked my Georgia Tech colleague Justin Romberg, a professor of electrical and computer engineering and an expert in digital signal processing to weigh in. If an ordinary appliance like a blender or a razor wanted to cooperate with a power meter, he explains, it could do so easily by sending a predetermined electrical pulse on the line to signal power cycles or even secondary information about what it’s doing.
It’s hypothetical and would take years to roll out, but if standardized and installed in newly manufactured appliances, the result could be made compatible with a local hub like Sense or, via the electrical main, a remote one elsewhere on the grid from the very outset—chattering away, unavoidably and in secret about how its owner uses it.
So much for “nonintrusive” load monitoring.
* * *
To their credit, Sense’s leadership team is attentive to the privacy concerns their service presents. Phillips admits that gaining and maintaining consumer trust is essential to his product’s success, but he also hopes he’s on the right side of that trust from the outset. The company’s privacy policy prohibits the sale of user data without opt-in permission, and also includes a promise to delete all of a user’s data upon request. Sense does retain the right to use anonymized data in order to improve its machine-learning algorithms.
Of course, technology companies change their policies all the time, and as a venture-backed company in today’s technology marketplace, success likely means acquisition. On this front, Sense’s financial structure might distance the company from the data-greediness of traditional technology startups. In September, Sense Labs closed a $14 million Series A, led by two energy-sector venture firms focused on new terrain for large, traditional companies. One is Royal Dutch Shell’s venture arm, and the other, Energy Impact Partners, is an investment fund capitalized entirely by utility companies. Smart utility meters, which automate billing and help power companies better match supply to demand, have increased consumer suspicion of the monopoly utilities that serve them.
Energy Impact Partners’s managing director, Lindsay Luger, tells me that her fund’s investors want better ways to engage with customers. Homeowners may not care much about their utility companies, but they care about their homes a lot; for most Americans, a home is their most valuable asset. A product like Sense might allow energy businesses to give people new insights into sustainability, monitoring, and automation in their homes. Many utilities are already attempting to facilitate this by subsidizing Nest thermostats, and Sense monitors might soon follow suit.
Of course, that might also entail data collection and aggregation. Luger echoes Phillips’s concerns about data ownership, but also notes that people are getting increasingly comfortable sharing their personal data, especially when the results are beneficial. All of which might be fine if Sense could and would secure and isolate that data from other uses in the long run. But as a startup, the company must eventually contend with its status as a business expressly built to become a financial instrument.
On that front, Sense has an advantage that both impresses and terrifies. Most supposedly “smart” devices are really dumb and stupid. Dumb because they facilitate an Internet of Things You Don’t Really Need—connecting gadgets to the internet mostly complicates tasks that worked perfectly well already. Just ask the guy who spent 11 hours trying to make tea with a Wi-Fi kettle. And stupid because, despite having microprocessors that can do general-purpose computing, these devices mostly act like fancy buttons and data relays.
Factor in the security woes of smart devices, and the Internet of Things looks foolish, too.
Worse, the alternative to idiotic smarts in devices might not be intelligence, but shrewdness. No matter how earnest and well-intentioned businesspeople like Mike Phillips and Lindsay Luger might seem, those good intentions can’t close the Pandora’s box a service like Sense opens. More than ever, a product’s social and ethical implications must be evaluated in relation to the possible consequences of its likely future use.
Luger says that her firm doesn’t go into investments with specific exit strategies in mind. “Build a great company, and an exit will find you,” she tells me. She points out that lots of industries might find Sense’s business an appealing target: Utility companies, her firm’s capital base, offer an obvious acquisition target. But she admits that Google and Amazon are possible suitors as well, along with insurance and manufacturing companies that might be interested in real-time data from their appliances. Which suggests that any future of widespread, residential load disaggregation is likely also a future of constant scrutiny.
If that future becomes too dystopian, owners could always hire an electrician to remove the Sense device from their panels. But things are never so simple, particularly when curiosities become standards. How easy is it to search the web without Google, after all, or to connect with friends without Facebook, or to network without LinkedIn? Consumers have already proven willing to hand over personal data for cash or discounts. Insurance is following suit. Soon, drivers might not be able to get auto insurance without connecting a networked device to their vehicles’ on-board diagnostics port. Or health insurance without a fitness tracker. Or a loan without a full-access social media disclosure. Or, perhaps, utility service without a whole-house load disaggregator.
Add to that the uncertainty about how technology companies and the government will cooperate under a Donald Trump presidency, and all of that information about what ordinary people do starts to look less like a fair exchange for free services, and more like an unplanned entry into a society of total surveillance. It may seem quibbling to bring up such matters in the context of a $250 energy monitor that few will buy initially, run by apparently well-meaning folks with innocuous intentions. But it always seems that way, until it doesn’t anymore.
The terror of a truly smart gadget like Sense is the same as its promise: that it really is the future, and furthermore that its arrival is inevitable. That’s something to think about when plugging in or turning on an appliance. Eventually, soon even, the tiny electrical load it draws will reach past the blender or the light bulb, out above the house and up into the cloud, where it will replicate onto the ledgers of federal agents and commercial advertisers and corporate actuaries, and remain forever.
Become an Activist Post Patron for $1 per month at Patreon.
So, not really a glowing endorsement back in 2016…
In 2020 – opposition to 5G, IoT, and additional “Smart” technology is WORLDWIDE due to unwanted surveillance as well as health, environmental, and safety risks. In fact, cities worldwide AND entire countries have taken action to ban, delay, halt, and limit 5G installation AS WELL AS issue moratoriums.
Activist Post reports regularly about 5G, IoT, and other invasive and unsafe technology. For more information visit our archives and the following websites:
- 5GCrisis
- 5GFree
- 5G Space Appeal
- The 5G Summit
- Environmental Health Trust
- Physicians for Safe Technology
- Stop 5G International
- Wireless Information Network
Subscribe to Activist Post for truth, peace, and freedom news. Send resources to the front lines of peace and freedom HERE! Follow us on SoMee, HIVE, Parler, Flote, Minds, and Twitter.
Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.
Be the first to comment on "FLASHBACK 2016: Privacy Invasion and Security Risks from Internet of Things (IoT) Eclipsed by Current Events"