Who’s watching who?

Cocoon Labs

Smart home

Many customers I speak to haven’t considered the potential of connected devices to compromise the privacy of our homes.  Indeed I’ve been urged not to write this blog post so as not to draw attention to the issue.  I believe though that the smart home industry must confront the issue head on highlighting not just the problem but the solutions.

Security vendors are compromising privacy

Recently a website published 73,000 live streams from security cameras accessible using their manufacturer’s default password.  Many streams were from cameras made by Foscam, a vendor in the news earlier in the year when a man accessed a Foscam baby monitor and screamed at the sleeping child through it.  This is not a new issue, Forbes showed how traditional alarm vendor ADT’s security systems allow anyone to monitor what’s happening inside your home but the problem is greater when devices are Internet connected.

At Cocoon we take privacy seriously – we don’t expect our customers to invest time configuring security settings and our founding team have a rich information security pedigree.  This is an industry issue though – consumer confidence in the whole smart home market will be affected by security scares so all vendors must play their part.

Privacy requires more than best practice

Avoiding basic lapses is a start but the Snowden revelations showed that even competent companies cannot guarantee to protect their customers’ data from a state intent on accessing it.

Since we launched our crowd funding campaign, we’ve been approached by a number of investment funds.  One approach came (via email) from In-Q-Tel.  We’d not heard of them but their site explains:

“We identify, adapt, and deliver innovative technology solutions to support the missions of the Central Intelligence Agency and broader U.S. Intelligence Community.”

We’re confident our customers wouldn’t want a Cocoon in their home were we associated with an organisation known for covert monitoring.  We didn’t and won’t pursue the matter but customers need a stronger guarantee of privacy if connected devices are to be at the heart of their most personal space.

Data must stay under the customer’s control

It’s not sufficient to ensure only that hackers cannot access data but that sovereign governments acting within the laws of the host state cannot force a smart home vendor to facilitate widespread covert monitoring.  Smart home vendors that care about privacy must design into products technical guarantees that assure customer data stays under the control of the customer.  If the data never passes to the vendor, they cannot leak it.  Contrary to some commentators, we believe this can be achieved whilst enjoying the benefits and ease of use the cloud has to offer.

Cocoon uses public-key cryptography to encrypt video and other sensor data before it leaves the home.  The key to decrypt the data resides only on our customers’ smartphone – they control the phone and with it access to their data.  The data stream passing through our cloud is unreadable to us and the decryption key needed to make sense of it resides only on the owner’s smart phone.  Since we cannot view or access data from customers’ homes, not only can we not leak customer data to hackers, we cannot pass it to anyone – even governments.