Post by bill van Post by Bob Post by Questor
Your Roomba May Be Mapping Your Home, Collecting Data That Could Be Sold
"High-end models of Roomba, iRobotâs robotic vacuum, collect data
as they clean, identifying the locations of your walls and
furniture. This helps them avoid crashing into your couch, but it
also creates a map of your home that iRobot is considering
selling to Amazon, Apple or Google."
So they can burglarize you?
Always follow the link if you're going to ask questions based on
assumptions that you wouldn't make if you'd followed the link and
read the story.
It's a lightweight piece written for the New York Times; it's not up
to the standards of the NYT's own reporting. I suspect it's part of
an online thing featuring a lot of freelance copy. The story suggests
ways marketers could use data about what's in your living room to try
to sell you high-end stuff. They know you're high-end -- or at least
mid-end -- because you own a Roomba.
Nothing in the story about burglary, and the stuff about marketing is
guesswork with little to no attribution. The only thing from Roomba
is a carefully worded statement to the effect that a decision to sell
Roomba data or not has not been made, and if it is made, it won't be
for a few years. That probably means they're thinking about it and
that they're awaiting legal opinions about whether they could be sued
or charged with anything.
I think the salient point of the story is that newer Roomba models have sensors
that are mapping rooms and the data is being sent over the Internet and
collected by the manufacturer, iRobot.
Lightweight freelance reporting or not, anyone who has been paying attention the
last few years knows that computer intrusions and data exfiltrations have been
occuring so regularly that they -- as with mass-shooting events in the U.S. --
are now reported on as routine, entirely expected events: "oh BTW, here's
another story about thousands (or millions) of peoples' personal data being
exposed on the Internet." Many of these incidents have occurred at high-tech
companies who are presumed to have lots of the kind of people who should know
how to prevent this. Of course iRobot's executives pledge that they value their
customers' privacy and will protect that data. As the old saying goes, that
promise and fifty cents will buy you a cup of coffee. It's not so much about
if that data gets released into the wild, but when.
As for people who cannot imagine how such data might be mis-used, I say they
need a better imagination. Or again, pay attention to the news. I have seen
cases of supermarket club card data, auto toll transponder hits, and even
medical device telemetry being used against the people who generated that data.
I know that some of the potential threats being speculated upon seem unlikely,
but if enough Roombas are in use, then probably there is somebody, and perhaps
many somebodies, for whom those circumstances apply.
Even if iRobot decides not to sell the data at this time, things may change
quickly in the future. If the company's financial situation deteriorates, or if
the company is acquired or goes bankrupt, that data will be seen as nothing more
than another asset to be sold, customer privacy notwithstanding. U.S. citizens
have essentially no legal protection in this regard, and the only effective way
to control one's personal information is to prevent companies from collecting it
in the first place.
Yes, nothing has happened with this data, nothing is happening now, and perhaps
nothing will ever happen. But the potential is certainly real. I probably
would have been dismissed as a conspiracy nut if, two years ago, I had said the
CIA can hack into smart TVs and spy on people. And yet today it's known to be
true. It's a mistake to dismiss the possibilities for abuse of the data iRobot
collects as merely far-fetched speculation.