Privacy in the Smart Home - Why we need an Intranet of Things
Classical home automation used to be easy: You installed your devices at home (or probably rather had them installed by an electrician), wired things up and started using it at home. But then came the smartphone era: The consumer got used to the fact that everything is controllable through an app from anywhere in the world. This expectation did not stop at Smart Home products either, through which a new product category - the "IoT gadgets" - was born.
A very common scheme of how these products work is the following:
- You hook the device(s) up to your local network, either through wifi or ethernet cable.
- The device(s) use your permanent Internet connection and create a connection to a specific cloud server to which it sends all its data and listens for commands.
- A free smartphone app connects to the cloud service, lets you configure and control your device(s) and displays you nice colorful charts and diagrams.
There are some obvious drawbacks of such products:
- They only work when your Internet connection is available.
- There is an app per product, you cannot easily achieve over-arching integration.
- You depend on the availability of the cloud server - if this is shut down (e.g. because the company went out of business), you cannot use your device anymore.
These points alone should be reason enough to consider such products as nice gadgets, but not as a serious (meaning permanent and reliable) part of your house.
But there are even many more subtle drawbacks:
- You are not the owner of your data; everything is sent to the cloud server, if you wish it or not. What happens with the data is not decided by yourself, but by the cloud service. You will only receive results of the data mining processes, be it as "smart" actions being triggered or as a colorful time series chart. I always thought of this as a no-go and wondered that other people did not mind this fact. With the acquisition of Nest by Google the public awareness seems to have increased a lot, though. Google is now seen as Big Brother in the smart home, people consider not buying Nest products anymore and even the tabloid press contemplates about privacy in the smart home.
- Even if you have full trust the cloud service company, the NSA affair should have shown you that your data is sniffed and stored in dubious places around the world. People who say that they do not care about being spied on as it is done by "the good ones" should definitely read "1984" - after all, in this novel the surveillance is also only done by the "good ones"...
- Every device that creates a connection to a cloud service is a potential security risk. Most of these devices are embedded systems and many lack the possibility of receiving firmware updates for vulnerabilities. There are already many examples where such systems have been hacked - e.g. for heating systems or IP cameras. Bruce Schneier sees this as one of the major challenges for the Internet of Things in the coming years.
Now what is the solution to all these problems? Well, I like to call it the INTRANET OF THINGS - all your devices should be in your LAN, hidden behind a firewall and locally controlled. All data needs to stay in the local network in the first place and only the user should decide whether it should be shared with somebody else. For remote access, there should be a single channel into your house, not one per device.
An Intranet of Things protects your privacy and reduces vulnerability risks
A solution that allows you to create such an Intranet of Things is openHAB - the open Home Automation Bus. When starting this project 6 years ago, I took the perspective of an end user and not of a company - this is why data privacy is one of the top priorities since its beginning. It is good to see that this discussion is gaining momentum now.
The latest version openHAB 1.4 has just been released - it can now integrate more than 60 different smart Home technologies and protocols into a single solution. Just to name a few, this new release brings support for INSTEON, Netatmo, Pioneer AV receivers and MAX!. New native apps for Android and iOS are available as well. To cater for secure remote access, we have furthermore just started a private beta of a new service: my.openHAB will provide you the ability to connect to your openHAB over the Internet, securely, through commercial SSL certificates, without a need for making any holes in your home router and without a need for a static IP or dynamic DNS service. It does not store any data, but simply acts as a proxy that blindly forwards the communication.
The Eclipse SmartHome framework, which is derived from openHAB, is also a perfect fit for building smart home solutions that follow the "Intranet of Things" idea. We are close to having the first binary builds available of Eclipse SmartHome and work on openHAB 2.0 will start shortly after (as it will be based on Eclipse SmartHome).
So if you are considering to invest in a smart home solution, I hope that this post has brought some important aspects to your attention - let's hope that the IoT does NOT bring the loss of all privacy, but that we will in future see smart homes that fully respect your privacy! If you like the idea of an Intranet of Things, start building one yourself and spread the word!