At CES, companies slowly start to realize that privacy matters

Every year, Consumer Electronics Show attendees receive a branded backpack, but this year’s edition was special; made out of transparent plastic, the bag’s contents were visible without the wearer needing to unzip. It isn’t just a fashion decision. Over the years, security has become more intense and cumbersome, but attendees with transparent backpacks didn’t have to open their bags when entering.

That cheap backpack is a metaphor for an ongoing debate — how many of us are willing to exchange privacy for convenience?

Privacy was on everyone’s mind at this year’s CES in Las Vegas, from CEOs to policymakers, PR agencies and people in charge of programming the panels. For the first time in decades, Apple had a formal presence at the event; Senior Director of Global Privacy Jane Horvath spoke on a panel focused on privacy with other privacy leaders.

“At Apple, the way we define privacy is to put consumers in the driver’s seat. They should have control over their data,” Horvath said.

And yet, empowering customers isn’t the best solution, according to FTC commissioner Rebecca Slaughter. “I also am concerned about a universe where the entirety of the burden to protect one’s data lies with the consumer,” she said. “I can’t possibly figure out all the things that are being done with all of my data across different services, and that’s just by the companies with whom I have a first party relationship.”

Horvath answered that by detailing three methods that don’t require any input from the user and improve the customer’s privacy — differential privacy to make it impossible (or at least harder) to identify individual users within a data set, on-device processing for image recognition in photos and randomized identifiers for Apple Maps or Siri server queries.

Facebook’s Chief Privacy Officer Erin Egan defended her company’s practices when it comes to respecting user privacy, but she was met with skepticism from the tech-savvy audience that sometimes chuckled at her answers.

“At Facebook, we have a different business model than Apple. But both our business models are focused on privacy,” she said. “You can offer a privacy protective ad business model and that’s what we do,” she added later in the interview.

Egan also illustrated perfectly the tension between privacy and security, privacy and convenience. People marvel at the wonders of technology, but at what cost?

“As we all know, the landscape is evolving. For example, I got this amazing Ring — it’s amazing! This new doorbell system that I can now… I’m here at CES, it’s a snow day back in DC and I know in a couple of hours my kids will be home and I can see that. That’s hugely, hugely valuable. But the question is — what do people expect?” Egan said.

Facebook’s Erin Egan (left) and Apple’s Jane Horvath (right). Photo credit: David Paul Morris / Bloomberg / Getty Images

The connected home’s slow privacy wake-up call

While Facebook is under under scrutiny following the Cambridge Analytica scandal, many smaller companies have been continuing doing business as usual when it comes to ignoring privacy concerns — and especially manufacturers of connected home devices.

But things are starting to change. Smart doorbell and security camera manufacturer Ring has attracted a ton of bad reports over the past few months.

And it could be the connected home’s Facebook moment.

Motherboard questioned the Amazon-owned company’s security practices as customers don’t have to use two-factor authentication (six-digit verification text message for instance), which means that anybody could connect to their security camera if they re-use the same password everywhere.

Somebody took advantage of that to access a security camera set up in an 8-year-old girl’s bedroom, eventually talking to the young girl via the device’s speaker. If you want to rank bad publicity for a security camera maker, this is at the very top of the list.

And then, there’s Ring’s Neighbors app. The company has signed partnerships with local police to help them request video from Ring users in a neighborhood. Many people think it could lead to a surveillance society.

“For every new product, we have a privacy engineer and a privacy lawyer assigned to work with the team,” Apple’s privacy executive said at CES.

But Ring seems to be lagging behind. The company is just starting to realize that it has to make some changes to ensure users remain in control of their privacy.

“I realized that you need to go one step further as a company whose mission is to make neighborhoods safer. I’m not making someone’s neighborhood safer if I’m not ensuring that they are doing the right things,” Ring founder Jamie Siminoff told me in an interview. Two-factor authentication is now going to be enabled by default, with the ability to disable it later.

When asked about the possibility of switching to end-to-end encryption, Siminoff couldn’t tell me about the company’s current infrastructure design. While video footage is encrypted both in storage and transmission, customers don’t own the keys to decrypt those videos.

It leads to some embarrassing situations. On Wednesday, Motherboard obtained a letter to several U.S. senators saying that multiple employees had improperly accessed users’ video data because they don’t need user consent to decrypt videos.

Other companies are keeping a low profile during the Ring debacle. For instance, August Home also sells popular doorbell cameras. And yet, during a meeting at CES, the company only mentioned its security camera in passing, and indirectly. Arlo only announced a minor upgrade to its outdoor camera. There was no news from Nest, the Google subsidiary that also sells security cameras.

The carefree attitude of smart home manufacturers is now over. But it doesn’t mean that customers don’t want connected devices; it all comes down to the debate between privacy and convenience, once again.

Your neighbor might say “I have nothing to hide.” But they should reconsider that sentence before putting a camera in their bedroom.

CES 2020 coverage - TechCrunch