Data retention: It seems BORING ... until your TV SPIES ON YOU

It's not just about privacy from advertisers any more

If there's one thing we can thank this whole Samsung privacy brouhaha for, it's casting data retention debates in a whole new light.

As readers of The Register now know, Samsung decided that the best way to process voice commands in its new smart TVs is to send them off to the cloud.

Since it can't distinguish speech meant to command the TV from conversation, the terms and conditions make it clear that everything said in the presence of its SmartTV range gets sent upstream – and any or all of this might land in the hands of partners like advertisers.

This led Vulture South to ruminate on the relationship between the burgeoning Internet of Things world in the context of the data retention debate – what might the mere metadata (as defined by the government) from a connected home yield, when it's filled with stuff that constantly chats upstream to the various cloudy services that are pitched as vital to make the Internet of Things work?

Samsung's contribution to the debate is to remind us all that anything that uses your 'net account will create data that tells others about you.

”We're not interested in your refrigerator”

That is a probable response from the government, but it's irrelevant. Why? Because if the government's not collecting content, it can't tell that the “session” is from your fridge (via your NAT firewall and its one-true-IP-address transiently related to your account).

The metadata will be collected, even if it's just your fridge saying “still four degrees Celsius” to the manufacturer, for whatever reason.

Of course, the refrigerator's pointless chat might not reveal anything particularly important. Except, of course, that it tells anyone who's listening that you have enough money to buy a connected refrigerator, or perhaps an oven driven by an app, or the kind of air-conditioner that lets you turn it on from the office, or a washing-machine that's connected to the lock on your door.

All of which, in the right kind of investigation, might be of interest to revenue-collecting agencies. Catching tax-cheats is surely worth that little bit of freedom that data collection represents, right?

We know when you come and go

What certainly can be revealed by Internet of Things metadata is the comings and goings of a citizen from their home.

That would be quite trivial, since one of the communications going upstream from a net-connected smart home system is the “at home” status of the user.

Sure – the actual state the device transmits in its session to a Google Nest server (or whatever) is part of the content, not part of the metadata.

But we only need two bits of metadata to provide at information at least suggestive of someone's at-home state (and correlation is, after all, what the police say metadata is good for).

For example, if the Samsung SmartTV suddenly ceased communicating with its servers, and the home security system sent a message upstream, one might surmise that the TV was switched off just before someone left the house.

And, thanks to Samsung, the presence of someone in the home can be inferred by just one piece of metadata: your IP address is sending constant chatter off to Samsung's voice-decoding cloud service.

Data, metadata

As Vulture South has repeatedly asserted, the distinction between “data” and “metadata” on the Internet is artificial, arbitrary, and misleading.

What you're watching on TV doesn't really give anybody useful information, compared (as in the home-away example) to the mere fact that you are watching TV.

If you send a Tweet saying that you're spending the evening watching television, the fact that you sent a Tweet is “metadata”, and what you said is “content”. But if your TV is chattering to a Samsung server, the metadata contains the same information.

Right now in NSW, there's a scandal over the illegal use of wiretaps by some members of NSW police on their peers – but that, of course, involved the content of communications.

However, it's also part of a long-term pattern: police all over Australia have routinely misused information to which they have access, and their misdoing has only come to light if it's landed in a court or some other kind of public inquiry.

Vulture South doesn't follow police scandals in other countries, but we wouldn't be surprised if such patterns were repeated elsewhere. Edward Snowden's leaks demonstrated how NSA operatives used their data access for stalking.

And what of the use of so-called “metadata” in civil cases?

We already know that once the data is stored, if there aren't very explicit exclusions in the legislation, it will be subject to civil subpoena.

There's all kinds of civil litigation to which your home habits will be relevant: it could be copyright, family law, debt recovery, and whatever else a cunning lawyer might think of. ®

Sponsored: Balancing consumerization and corporate control




Biting the hand that feeds IT © 1998–2019