Nest announced the Nest Developer Program which allows the Nest thermostat to act as the hub of communication among other devices in your home, and allow users to control all of their devices using Nest and Google. According to Google’s developers, Nest’s newly released APIs will allow it to interface with Jawbone’s Fitbit, Mercedes Benz automobiles, and Whirlpool appliances, among others. To make this magic happen, Nest will share your data with Google and let you control, well, everything, through Google Now. Some of the synergies appear to be tremendously useful and in certain cases, potentially life-saving. For instance, a home equipped with a Nest Protect (the Nest brand fire/carbon monoxide detector) and LIFX light bulbs can cause lights to flash red when high smoke or monoxide levels are detected. Clearly, functionality that saves lives is hard to critique.
While Nest’s developers sell the convenience of integrating a growing number of devices and sensors, recent data breaches and DDOS attacks have shown that virtually any system can be hacked, including a Nest. Remote automation requires a remote connection, thus using the Internet. How else can your thermostat talk to your Fitbit when you aren’t home? So, if there’s traffic going across the Internet, then there’s a possibility of someone reading, or tampering with that traffic. And while the loss of a credit card number can create financial mayhem, turning over control of your home to hackers can cause untold damage.
What could possibly happen? Maybe a hacker could start a fire by tampering with your clothes dryer, flood your home by attacking your water heater, or commandeer your Mercedes Benz and disable its computer system. Hackers, known to be resourceful, could use the data transmitted to time a home invasion. If your Nest knows where your Mercedes Benz is located, maybe a would-be burglar will know too. A hacker/burglar combination could probably figure out when you leave your home by tracking your car, or determine when you are sleeping by monitoring your heart rate on your Fitbit or when all of the lights and electronics are turned off in your home. These are serious dangers that bring up serious questions.
Even if somehow Google protects these communications so hackers are not able to drink from the growing fire hose of data flowing among your household systems, Google has permission to keep all of your data. As noted by Gilad Meiri – the CEO of Neura – in a Wired interview, “What Google knows how to do best is take data and monetize it.”Adi Kamdar of the Electronic Frontier Foundation also has concerns about Google’s role:
“This poses some clear privacy issues,” he says. “When we start seeing a pressure to share information with Google, that it pressure to give them a lot more information about you than they already have and it’s a lot more information than you necessarily need to give them. Ultimately, what you’re buying as a security solution or an energy solution that could become a source of information for things like advertising.”
As Google is a known source of data for the NSA and other entities that ignore warrant requirements by simply taking data (as explained by Edward Snowden), consumer security concerns are well founded. As home automation systems develop, undoubtedly new forms of sensitive data will need to be protected, and perhaps new consumer protection regulation will be required. However, as officials with Target can attest, privacy concerns are beginning to drive consumer habits. Will Nest’s bold effort to control the home automation market fail as a result of a privacy backlash? Although consumer demand for automation products continues to grow, those conveniences may come at a high price in terms of security and privacy.