Many smart home device makers still won’t say if they give your data to the government

A year ago, we asked some of the most prominent smart home device makers if they have given customer data to governments. The results were mixed.

The big three smart home device makers — Amazon, Facebook and Google (which includes Nest) — all disclosed in their transparency reports if and when governments demand customer data. Apple said it didn’t need a report, as the data it collects was anonymized.

As for the rest, none had published their government data-demand figures.

In the year that’s past, the smart home market has grown rapidly, but the remaining device makers have made little to no progress on disclosing their figures. And in some cases, it got worse.

Smart home and other internet-connected devices may be convenient and accessible, but they collect vast amounts of information on you and your home. Smart locks know when someone enters your house, and smart doorbells can capture their face. Smart TVs know which programs you watch and some smart speakers know what you’re interested in. Many smart devices collect data when they’re not in use — and some collect data points you may not even think about, like your wireless network information, for example — and send them back to the manufacturers, ostensibly to make the gadgets — and your home — smarter.

Because the data is stored in the cloud by the devices manufacturers, law enforcement and government agencies can demand those companies turn over that data to solve crimes.

But as the amount of data collection increases, companies are not being transparent about the data demands they receive. All we have are anecdotal reports — and there are plenty: Police obtained Amazon Echo data to help solve a murder; Fitbit turned over data that was used to charge a man with murder; Samsung helped catch a sex predator who watched child abuse imagery; Nest gave up surveillance footage to help jail gang members; and recent reporting on Amazon-owned Ring shows close links between the smart home device maker and law enforcement.

Here’s what we found.

Smart lock and doorbell maker August gave the exact same statement as last year, that it “does not currently have a transparency report and we have never received any National Security Letters or orders for user content or non-content information under the Foreign Intelligence Surveillance Act (FISA).” But August spokesperson Stephanie Ng would not comment on the number of non-national security requests — subpoenas, warrants and court orders — that the company has received, only that it complies with “all laws” when it receives a legal demand.

Roomba maker iRobot said, as it did last year, that it has “not received” any government demands for data. “iRobot does not plan to issue a transparency report at this time,” but it may consider publishing a report “should iRobot receive a government request for customer data.”

Arlo, a former Netgear smart home division that spun out in 2018, did not respond to a request for comment. Netgear, which still has some smart home technology, said it does “not publicly disclose a transparency report.”

Amazon-owned Ring, whose cooperation with law enforcement has drawn ire from lawmakers and faced questions over its ability to protect users’ privacy, said last year it planned to release a transparency report in the future, but did not say when. This time around, Ring spokesperson Yassi Shahmiri would not comment and stopped responding to repeated follow-up emails.

Honeywell spokesperson Megan McGovern would not comment and referred questions to Resideo, the smart home division Honeywell spun out a year ago. Resideo’s Bruce Anderson did not comment.

And just as last year, Samsung, a maker of smart devices and internet-connected televisions and other appliances, also did not respond to a request for comment.

On the whole, the companies’ responses were largely the same as last year.

But smart switch and sensor maker Ecobee, which last year promised to publish a transparency report “at the end of 2018,” did not follow through with its promise. When we asked why, Ecobee spokesperson Kristen Johnson did not respond to repeated requests for comment.

Based on the best available data, August, iRobot, Ring and the rest of the smart home device makers have hundreds of millions of users and customers around the world, with the potential to give governments vast troves of data — and users and customers are none the wiser.

Transparency reports may not be perfect, and some are less transparent than others. But if big companies — even after bruising headlines and claims of co-operation with surveillance states — disclose their figures, there’s little excuse for the smaller companies.

This time around, some companies fared better than their rivals. But for anyone mindful of their privacy, you can — and should — expect better.

Gadgets – TechCrunch

FCC approval of Europe’s Galileo satellite signals may give your phone’s GPS a boost

The FCC’s space-focused meeting today had actions taken on SpaceX satellites and orbital debris reduction, but the decision most likely to affect users has to do with Galileo . No, not the astronomer — the global positioning satellite constellation put in place by the E.U. over the last few years. It’s now legal for U.S. phones to use, and a simple software update could soon give your GPS signal a major bump.

Galileo is one of several successors to the Global Positioning System that’s been in use since the ’90s. But because it is U.S.-managed and was for a long time artificially limited in accuracy to everyone but U.S. military, it should come as no surprise that European, Russian, and Chinese authorities would want their own solutions. Russia’s GLONASS is operational and China is hard at work getting its BeiDou system online.

The E.U.’s answer to GPS was Galileo, and the 26 (out of 30 planned) satellites making up the constellation offer improved accuracy and other services, such as altitude positioning. Test satellites went up as early as 2005, but it wasn’t until 2016 that it began actually offering location services.

A Galileo satellite launch earlier this year.

Devices already existed that would take advantage of Galileo signals — all the way back to the iPhone 6S, the Samsung Galaxy S7, and many others from that era forward. It just depends on the wireless chip inside the phone or navigation unit, and it’s pretty much standard now. (There’s a partial list of smartphones supporting Galileo here.)

When a company sells a new phone, it’s much easier to just make a couple million of the same thing rather than make tiny changes like using a wireless chipset in U.S. models that doesn’t support Galileo. The trade-off in savings versus complexity of manufacturing and distribution just isn’t worthwhile.

The thing is, American phones couldn’t use Galileo because the FCC has regulations against having ground stations being in contact with foreign satellites. Which is exactly what using Galileo positioning is, though of course it’s nothing sinister.

If you’re in the U.S., then, your phone likely has the capability to use Galileo but it has been disabled in software. The FCC decision today lets device makers change that, and the result could be much-improved location services.

Interestingly enough, however, your phone may already be using Galileo without your or the FCC’s knowledge. Because the capability is behind a software lock, it’s possible that a user could install an app or service bringing it into use. Perhaps you travel to Europe a lot and use a French app store and navigation app designed to work with Galileo and it unlocked the bands. There’d be nothing wrong with that.

Or perhaps you installed a custom ROM that included the ability to check the Galileo signal. That’s technically illegal, but the thing is there’s basically no way for anyone to tell! The way these systems work, all you’d be doing is receiving a signal illegally that your phone already supports and that’s already hitting its antennas every second — so who’s going to report you?

It’s unlikely that phone makers have secretly enabled the Galileo frequencies on U.S. models, but as Commissioner Jessica Rosenworcel pointed out in a statement accompanying the FCC action, that doesn’t mean it isn’t happening:

If you read the record in this proceeding and others like it, it becomes clear that many devices in the United States are already operating with foreign signals. But nowhere in our record is there a good picture of how many devices in this country are interacting with these foreign satellite systems, what it means for compliance with our rules, and what it means for the security of our systems. We should change that. Technology has gotten ahead of our approval policies and it’s time for a true-up.

She isn’t suggesting a crackdown — this is about regulation lagging behind consumer tech. Still, it is a little worrying that the FCC basically has no idea, and no way to find out, how many devices are illicitly tuning in to Galileo signals.

Expect an update to roll out to your phone sometime soon — Galileo signals will be of serious benefit to any location-based app, and to public services like 911, which are now officially allowed to use the more accurate service to determine location.

Gadgets – TechCrunch