Subscriber OnlyTechnology

Beware your smart Christmas tech gifts in the season of surveillance

Karlin Lillington: Any smart present you give this festive season means your or your gift recipient’s data will be gathered and sent back to the company

It’s that time of year again: the season of surveillance. As you consider the tech gifts you might give this year, you’re making your list and checking it twice, while the tech corporates prepare to find out if you (or your gift recipients) are naughty or nice. And then, monetise that useful information.

That includes data gleaned from unsuspecting children as well as adults, and gathered from inanimate objects like your home, your car, your lights, your music speakers, your heating system, your doorbell, your television, your toothbrush, even, joy to the world, from some sex toys.

By design, the consequences of such purchases remain invisible to most people, when really, by design, we should have our digital details protected by default, and give them up only by informed consent.

As so many privacy and data protection experts have noted, informed consent – as required by the General Data Protection Regulation, for example – is rarely what you are allowed to give, or at least, not without a monumentally tiresome struggle involving endless clicks to read hidden, legalese “privacy policies” (which means it still isn’t “informed”). Sometimes, there are several such policies depending on the service and the divisions of what looks like one company, but is actually several divisions or sub-companies within a parent company (Google or Meta, for example).

READ MORE

Sometimes a company has personal data you never gave them yourself, thanks to the wonder of the one-click “add my contacts” feature of so many social media and other services.

Recently, a post did the social media rounds noting that Meta/Facebook might well have your phone number even if you never gave the company your phone number or gave it and then later removed it (or thought you had). You can do a search within Meta’s labyrinthine settings to see if your number is there (gee thanks, contacts) and remove it. But this isn’t an obvious privacy option. And yes, I found to my surprise that my number was there – now deleted.

Adding a “smart” anything, from a voice-activated speaker to a robot vacuum toy to a new TV to (if you’re feeling especially generous in your gifting) a car, means your or your gift recipient’s data will be gathered and sent back to the company, revealing your TV/online viewing habits, your online buying sprees, your musical tastes, your location, the floor design of your house, and much more.

Many of these devices are always on, waiting for a voice command. It’s well established too that they can pick up random, and sometimes quite personal or intimate, background conversation. And while an Amazon speaker might be an optional purchase – there are still plenty of plain old analogue speakers that aren’t creepily surveilling your conversations, awaiting a trigger word – just try to buy a TV or a car that isn’t “smart”. It’s impossible, unless you go for an old, used model.

You, the new owner of a new smart-something, generally cannot disconnect the data-gathering “smartness” without losing key, or in some cases, any, functionality. Smart for the company, and for the data brokers that package you up as a target audience for online advertisements, but not so smart for all of us, except we so often now have little choice.

And let’s not forget that other perennial holiday gift, the home DNA test kit, for which you, the consumer, pay and the DNA vendor (vending DNA in more ways than one) gets a lucrative jackpot of the most sensitive information that exists about you, to sell on to third parties.

Yet the kits are offered under the guise that you are learning about your ancestry or checking how Celtic or Viking or Neanderthal you are.

But, as usual, you are the product, not the test kit (or the speaker, or the TV). The gift test kit is just the useful data extraction medium, presented to the consumer as if it’s really all about something else, not what it’s actually about. Just like the “free” online services – email accounts, calendars, book reading apps, map apps, oh so many apps – that extract and, in various ways, utilise your data, while leaving you to believe it is “just” a free service.

So few protections are afforded our data, still, despite important laws like the GDPR, which puts us in a far better position than Americans, yes, but has many gaps and is exploited by companies that knowingly push at and well beyond its boundaries.

For example, the Irish Council for Civil Liberties has convincingly argued, with detailed evidence, that the entire data-based advertising brokering system – one of the main funnels into which your digital data is dumped – operates in defiance of the GDPR.

We’re past the time when legislators and regulators internationally, and especially at federal level in the US, should have tackled these problems, and at the very least, ensured proper enforcement of what consumer and citizen-protecting legislation does exist. If that would only happen, we could all joyfully sing a hallelujah chorus.