When Google closes the Nest deal, privacy issues for the internet of things will hit the big time

Google rocked the smart home market Monday with its intention to purchase connected home thermostat maker Nest for $3.2 billion, which will force a much-needed conversation about data privacy and security for the internet of things.

It’s a conversation that has seemingly stalled as advocates for the connected home expound upon the benefits in convenience, energy efficiency and even the health of people who are collecting and connecting their data and devices together through a variety of gadgets and services. On the other side are hackers and security researchers who warn how easy some of the devices are to exploit — gaining control of data or even video streams about what’s going on in the home.

So far the government, in the form of the Federal Trade Commission — has been reluctant to make rules and is still gathering information. A security research told the FTC at a Nov. 19 event that companies should be fined for data breaches, which would encourage companies to design data protection into their products from the beginning. Needless to say, industry representatives were concerned that such an approach would “stifle innovation.” Even at CES an FTC commissioner expressed a similar sentiment — namely that the industry was too young for rules.

Home appliances, connected home, internet of things

But when a company like Google — which has had numerous run-ins over privacy in the U.S. and abroad — plans to buy a company that makes products equipped with motion detectors that track what’s happening inside the home, it’s time that conversation about privacy and the internet of things takes a step forward.

Let’s start with the idea of transparency in terms of what data is collected and how it’s used.

This Nest blog post doesn’t relieve my anxiety

So far the Nest blog entry answering questions related to the acquisition seems to equivocate on the issue of data privacy, promising that Nest takes is privacy policy very seriously, while also noting that the customer data Nest collects is limited to “providing and improving Nest’s products and services.” This might be heartening to those worried about Google’s reach into their lives; but the second question in a Nest FAQ addressed the issue of how Nest and Google’s products will work together.

The answer is not yet in terms of any product integration. But it seems clear to anyone that isn’t naive that if Google wants to integrate Nest data into its massive stores of information, all it has to do is release a new and improved Nest product and service. And Google could most certainly do that.

As a user of Google Now, the contextual service that tells me when to leave my house to make it to my next appointment in time, I see no reason Google couldn’t also tell my thermostat to cycle down before I actually leave. Or, based on my movements in my home, Google could start screening my calls. If I’m in the bedroom and motionless maybe Google could block the work calls from my colleague Om Malik.

Here’s what the Nest blog post says so you can judge for yourself:

Will Nest and Google products work with each other?
Nest’s product line obviously caught the attention of Google and I’m betting that there’s a lot of cool stuff we could do together, but nothing to share today.

Will Nest customer data be shared with Google?
Our privacy policy clearly limits the use of customer information to providing and improving Nest’s products and services. We’ve always taken privacy seriously and this will not change.

Google’s race to gather data isn’t evil, but it could be a problem

There’s little transparency here, and understandably so given that the deal isn’t done yet. But while Google has taken a lot of steps to be transparent and consumer-friendly with some of its data services — such as its data liberation policies that let consumers move their data from Google services — it has increasingly set off alarm bells as it more closely integrates its multiple services.

Matt Rogers Larry Page Tony Fadell Nest Google

(L to R): Matt Rogers, founder and VP Engineering, Nest; Larry Page, CEO, Google; Tony Fadell, CEO, Nest

For example, the recent news that Google lets other Google+ members send messages to your Gmail account and that it can use your Google+ name and photo in ads seemed to violate all kinds of consumer privacy norms. One can opt out, but the default for something so invasive should be opt-in.

As my colleague David Meyer explained last week, Google’s business is changing, from one that provides a listing of options based on a search term to one that provides an answer to your unspoken or spoken questions. That’s going to require contextual awareness that will deliver great convenience at the price of almost total knowledge about what you are doing at that moment in time.

Nest and the products the company builds could help provide ever more contextual clues to Google that it can use to help make your life better and even save you money. But in doing so we need to hold it, and other companies seeking to enter the connected home market, to a well-defined set of standards around data security and privacy. That means the industry and the regulators need to move past this impasse: where the internet of things is awesome but will also kill you because strangers can hack into your home and control your medical devices.

Already several people have proposed ideas (here’s a good article, or this one) for consumer data privacy and security that involve common sense and a definition of social norms.

Let’s start with that, because as Google moves to close this deal I can guarantee that even if it has no designs on the smart home — and instead wants Nest to better improve its energy efficiency in its data centers — that the data Nest has will be like your child’s forgotten Halloween candy sitting in your cupboard. It’s something you know you shouldn’t touch, but it will ultimately tempt you into doing something you shouldn’t.

Jeff John Roberts contributed to this story.

Home appliances image courtesy of Shutterstock user Maxx-Studio