by Divina Paredes

The downside of IoT: Kiwis uncomfortable with smart devices listening in

Sep 03, 2019
CSO and CISODigital TransformationPrivacy

A CIO recently says he has attended meetings wherein Siri would pipe in from one of the phones on the table, to say, “Sorry, I did not catch that.”

This is an uncomfortable but increasingly common intrusion into people’s privacy, as attested by the results of the latest Unisys Security Index.

Unisys recently surveyed 1000 consumers across New Zealand and found 40 per cent of those who own a smart device with listening capability say they have received social media posts and ads about a topic they talked about loud.

Just over a quarter (26 per cent) report that while talking aloud, the virtual assistant in their smartphone or smartwatch asked them for more information or to repeat themselves – even though they had not turned it on.

Similarly, 23 per cent say that while talking aloud, a voice-activated, home-based smart speaker had asked them for more information or to repeat themselves. Again, they had not turned on the device.

In both cases, approximately half of the people who have experienced this say it is a cause for concern.

“Voice-activated, command-driven digital assistants embedded in smartphones, smart watches or purpose-built devices such as smart speakers are now common,” says Wellington-based Richard Amer, director for digital government, Unisys Asia Pacific.

“However, in an environment where New Zealanders are very aware of data security threats, many Kiwis are concerned that their passion for Internet of Things devices has made their personal conversations and activity vulnerable to being monitored and used in ways we did not intend.”

The survey did not ask whether some consumers ditched their smart devices after these experiences. Still, some consumers may take a more hardline stance.

‘Many Kiwis are concerned that their passion for IoT devices has made their personal conversations and activity vulnerable to being monitored and used in ways we did not intend’: Richard Amer of Unisys

One technology professional believes it is fine to put a tectonic monitor under the house to send seismic activities.

But this individual refuses to install a voice controlled device inside the home, saying: “I have decided right now, there isn’t a company that has my trust to be in my intimate environment and to be listening, even if passively, to everything I say.”

“I still need sacred space.”

Support for data collection

Meanwhile, the 2019 Unisys Security Index research also found New Zealanders are selective about which situations they deem acceptable for an organisation to collect data from social media, online purchases, smartphones and wearable devices.

Almost half of respondents (47 per cent) support the government collecting this information to identify who is in the vicinity of a disaster.

Yet only a fifth of respondents support the government monitoring an individual’s travel patterns to plan roads and public infrastructure.

Nearly four in 10 (38 per cent) support airports and airlines collecting information to efficiently guide a passenger’s journey through an airport, but only 10 per cent support an employer doing the same to monitor an employee’s location during the workday.

More than a third (36 per cent) of New Zealanders do not support data collection in any of the situations above.

Similarly, public support varies for organisations sharing an individual’s personal information with other organisations.

The highest support is for police sharing information with other law enforcement agencies within New Zealand (72 per cent) or internationally (71 per cent) to solve a crime.

There is also strong support (67 per cent) for doctors sharing a patient’s healthcare history with other healthcare providers the patient uses for a complete view of the individual’s health.

Almost half of Kiwis (47 per cent) support a government-administered proof-of-identity used to confirm a citizen’s identity to access commercial services such as a bank account.

However, only 16 per cent support banks sharing a customer’s financial data with another financial service provider to offer a single point of contact for multiple services.

“The top reason given by New Zealanders for not supporting their data being shared is that they want control over exactly who has access to their personal information,” says Amer.

“This is a clear concern around privacy, rather than one related to the ability of an organisation to secure the data,” he explains.

“If organisations want to gain the public’s support to access and use information from their digital footprint, they must address three criteria: trust in the organisation involved, the purpose given for how the data will be used and the benefit to the individual.”

Consumers take action

Meanwhile, the research reveals actions taken by New Zealanders consumers against the business or government agency responsible for not protecting their data.

More than a quarter (28 per cent) of the respondents say they experienced a data breach in the last year.

The most common types of breaches were email hacking (8 per cent) and various forms of identity theft such as social media profile hijacked (7 per cent), credit card details stolen (6 per cent) and suspicious behaviour in their bank account (6 per cent).

Of those who suffered a data breach, 14 per cent said they stopped dealing with the organisation, such as closing their account, 11 per cent publicly exposed the issue via social media, and 7 per cent took legal action.

“Closing accounts and public shaming drives customer loss and reputation damage – it’s a deliberate move by consumers to make their concerns heard,” says Amer.

“To build trust and public support, government and commercial entities must show they take these concerns seriously not only by securing data from attack, but also how they use that data themselves.”

Sign up for CIO newsletters for regular updates on CIO news, career tips, views and events. Follow CIO New Zealand on Twitter:@cio_nz