Smart Homes and Policy: What is a Smart Home?

Fueled by changes in affordability and accessibility of interconnected devices, the last decade has seen the rise of the smart home and smart home industry. These devices, able to communicate with each other and the world around them, open the door to exciting new possibilities for convenience, efficiency, and safety. However, the growing ubiquity of smart home devices also has important implications for privacy and cybersecurity. This blog will explore the technological developments, market dynamics, and cybersecurity issues that inform policy considerations for the smart home industry.

The Internet of Things and the Smart Home Industry Today

Smart homes are houses or apartments that are equipped with devices that can communicate across a network. These can include Internet-enabled lights, cameras, locks, appliances, and speakers. When combined, these devices allow for new possibilities for efficiency and convenience resulting from automation. For example, smart homes could help consumers save energy by automatically reducing thermostat temperatures while members of the household are away. This is accomplished using WiFi communication with a household member’s smartphone and GPS data to identify when they are away from the home. Alternatively, upon detection of smoke, a smart smoke detector could automatically alert the fire department and send a notification to a household member’s phone if they are away.

These smart devices are part of the broader category of the internet of things (IoT). These devices are physical objects that contain sensors and processing power that can connect with other devices and share data. Beyond applications in the home, other IoT devices include internet-connected cars, smart glucose monitors, or Bluetooth-enabled trackers like Apple AirTags.

With a wider range of devices becoming available and steady downward trends in price, mainstream adoption of smart home devices in the near future is projected to be highly profitable and common. Forecasts have the global smart home industry grow from $88.4 billion in 2020 to $172 billion by 2026 as more households begin to adopt various technologies. Many consumers are familiar with low-cost, accessible smart speakers like Amazon Echo or Google Home, but the adoption of other smart devices like lights and sensors has occurred at a slower pace due to prohibitive costs and difficult-to-use interfaces. With these products becoming more accessible, this broader range of smart devices may see widespread adoption.

Cybersecurity and Privacy Implications

For all their promise of increasing efficiency and convenience, smart homes also introduce new risks with the data and information that they produce. With smart devices ranging from thermostats to ovens to toothbrushes, data from a fully connected household is immensely powerful. If this seemingly innocuous data is combined with other sources like browsing and purchase history, whoever possesses such personally identifiable information (PII) data may be able to infer sensitive information like health status, lifestyle, and financial situation from the user. Further, the data could be employed for uses far beyond simple product recommendations or optimization. Recently, health insurance companies have intensified efforts to purchase and collect user data in an effort to further tailor insurance costs to an individual’s risk profile. In combination with rich data about users’ lifestyles and behaviors generated by smart homes, these efforts could have important implications for the quality, availability, and cost of healthcare that users receive.

Given the significance of the data produced, ensuring the security of both the devices themselves and the cloud services with which they may communicate will be critical. As more consumers adopt smart home technology, many of whom may not be knowledgeable about the potential for cybersecurity threats, the potential for large-scale hacks or leaks skyrockets.

Though nearly all smart devices claim to employ some form of security, the methods employed vary widely in protection and method of implementation. The last several years have seen a multitude of attacks against smart devices, most frequently cameras, ranging from smaller-scale spying incidents from individual actors to massive, coordinated breaches of hundreds of thousands of devices and the systems used to power them.

One reason for the lack of security in many smart home devices is the need for computational power and development effort. Technologies like encryption and mutual authentication can help to ensure that devices remain uncompromised by malicious actors, but advanced implementations are computationally expensive and can require additional development knowledge and time. With the current state of the market, many consumers are purchasing smart home devices for the first time and have no brand loyalty, so as a result, the price is often the prevailing factor in deciding which product to purchase. Therefore, many manufacturers choose not to invest in the development time or hardware required to make devices more secure.

The Matter Standard and Policy Considerations

In response to these issues, new standards like Matter promise to simplify the buying process for consumers. Currently in development and scheduled to release later this year, Matter is a smart home standard led by the Connectivity Standards Alliance and its 220 member organizations. As the next blog in this series will discuss in further detail, the standard aims to unify the market by providing a singular security and interoperability protocol that allows devices of differing types and manufacturers to interact seamlessly. If successful, the standard could fundamentally alter the currently fragmented market by increasing compatibility and simplifying the process of setting up and using smart devices while potentially lowering costs through increased competition. For less-tech savvy consumers, lower prices, a simplified user experience, and assurances of long-term compatibility might increase their willingness to purchase a smart home device. Though the standard does have the backing of the industry’s largest firms, including Amazon, Apple, Google, Samsung, and Phillips, the success of implementation and adoption remain to be seen.

Relatively little legislative action has been taken to regulate security for smart home devices specifically. At a federal level, the passage of the Internet of Things Cybersecurity Improvement Act of 2020 imposed baseline security requirements, established by the National Institute of Standards and Technology, for IoT manufacturers contracting with the federal government on their devices. While the requirements do not apply to most consumer devices, the intent is to use the government’s power as a large buyer to try and push the industry to adopt more secure standards. Other federal legislation has been proposed, like the Cyber Shield Act, which would create a voluntary cybersecurity certification program for IoT devices. At a state level, both California and Oregon have passed legislation requiring stricter security requirements for smart devices, and other states such as New York, Kentucky, and Virginia are considering similar bills.

Conclusion

Fueled by rapid growth and technological improvement, the smart home industry seems poised to continue its expansion. The industry’s current state is one of fragmentation, though the rollout of the Matter standard later this year may mark a turning point for interoperability. Even with these advances, addressing security and privacy risks remains a critical step for the industry, as adoption continues to expand and generates massive amounts of valuable new user data. Further study and consideration of these topics remain important for informing policymakers and the public about both the risks and benefits of smart home devices.