Friday , November 15 2019
Home / singapore / Nest is getting ready for the smart home’s Cambridge Analytica moment

Nest is getting ready for the smart home’s Cambridge Analytica moment

For years, home automation tech has been a nightmare for security and privacy. Security pros love doing smart home hack demos – often flicking lights on and off from miles away – and the patchwork nature of the devices means a setup is only as strong as its weakest link. The data collected by those devices is often some of the most sensitive data you have, leaving the entire sector under the looming threat of a data breach. But with so many different companies moving in so many different directions, solving the security and privacy problems can seem like an impossible task.

Now, Nest and Google are trying to rein in that system. Nest's first stab at interoperability – a bundle of connections and services dubbed "Works With Nest" – was unofficially canceled in May, and together with the Pixel hardware event, we got a peek at what's lined up to replace it. This is moving to a more tightly controlled system, restricting access to audited partners and tightly limited “routines.” It's part of a broader push to rein in the risks of home automation and preventing the kind of third-party-driven data breach that has hit so many competitors. But along the way, it means tightening Google's control over the world of home automation in a way that competitors may not like.

In a blog post on Tuesday, Google laid out three new ways to get non-Nest code into Nest devices. First, there is a limited set of “home routines” that can perform basic tasks like turning off lights or setting temperatures, which are designed as simple triggers that can be activated without sharing data. There will also be a new developer program that lets individuals reprogram their own nest devices, although executives don't expect that kind of personalized programming to be widespread.

Most of the information flowing to other devices will come through the third option, which Nest calls the "Device Access" program. If you want your security system or your smart home hub to control the Nest, this is how youll do it – and it will mean sharing it.

Everything happens with explicit user permission, but it's still a fraught moment – a chance for a single bad actor to collect and exploit some of the most sensitive data you have. After Cambridge Analytica, it's not enough to leave users to make the decision, so Nest is putting tight restrictions on companies that are allowed to participate in the program. In the post, Google describes those companies as “qualified partners,” but that qualification process is rigorous. Nest executives told The verge that would require annual privacy audits from a third-party auditing firm, an expensive and involved process for something that could be as simple as an API call.

“Some people will complain, but our view is, if you're not willing to guarantee how you're treating consumer data, then maybe you shouldn't be doing this,” Nest GM Rishi Chandra told The verge.

In part, it's an acknowledgment of how sensitive home data really is. These devices can tell when you leave your house, when you fall asleep, and what you cook for dinner. In a fully connected home, it's hard to do anything without leaving some kind of digital trace. And in most cases, that data is spread across multiple companies, leaving lots of opportunities for it to leak out. If that happened in a Nest-connected home, Nest would be on the hook for the fallout privacy – even if users had been given permission to share the data.

“This is the new reality right now,” says Chandra. “We can't put the onus on the user to deal with their own privacy and all their information.”

There are reasons to be nervous about this tightening of permissions. The companies making these devices aren't scrappy startups anymore. They're some of the largest companies in the world, and the competition over who controls what date will be a major struggle in the years to come. Ideally, Google wouldn't be setting the terms for how you can link your own devices. Even Chandra grants that some kind of independent standard akin to ISO certifications would be preferable. But we don't have that standard yet, and without it, cleaning up the mess of home automation means making it harder to play the game.

Dieter Bohn contributed reporting.

Source link