Domestic Surveillance: Ambient Behavioral Data Mining
A look at the relationship between privacy, ambient data mining and the risks of data convergence from fragmented metadata to complete contextualized behavioral datasets in the age of domestic robotics.
Domestic humanoid robotics centralize a wide range of behavioral data types into a single integrated system. This differs from the fragmented metadata collection and siloed data stewardship of the domestic technology of the present day. The consolidation of these data streams represents a shift in the ethical landscape of domestic privacy, not due to the amount or types of data collected but in its centralized form as a context-rich, complete dataset enabling behavioral and predictive modeling at an unprecedented scale. The unification of this data exponentially increases the potential for manipulation and the vulnerability of the cybersecurity of adopters.
Humanoid robotics are designed to cannibalize the domestic technology that came before them. Your robot should be able to clean for you, replacing your roomba. It should be able to answer your door, replacing your Ring doorbell. It should be able to adjust the thermostat, replacing your Nest device. It should be able to answer questions for you, replacing Siri. This consolidation is efficient but in this case, would mean that the data collected from your robot would be in one company’s hands rather than four. That means that the LiDAR scans of your layout, the video footage of your guests, the quantitative-time sensitive logs of your daily routine and the ambient collection of your family’s conversations would all converge into the hands of one entity.
The formerly siloed metadata would now be organized into a comprehensive dataset ripe for analysis, predictive modeling, sale and potential exploitation. Rather than one company knowing the fragmented and non contextualized notion that one of their users had a visitor at the door one afternoon or one company knowing that you changed the temperature in your home or one company knowing that there was an additional unidentified voice in the house, now one company would know who the visitor was, where they went in the house, who they spoke to and potentially even what they said. It is not that the data wasn’t being collected before, but that now the data is consolidated and contextualized into a complete dataset. This raises the concern of who has access to and owns this data as well as how they are able to use it.
With such a complete and contextualized dataset, there is an enhanced ability to predict behavior and therefore exploit users of this technology. Perhaps this predictive behavior comes in the form of a fairly accepted and relatively innocuous result like targeted advertising about relevant products. Sure, this could influence your spending habits as a consumer. But let’s say this dataset was sold to an insurance company who could alter the price of your coverage with the information that they have about you raising the cost of your family’s health. Alternatively, the domestic data you’ve gathered could be of interest to future landlords who may opt out of renting to you or adjust the pricing based on past behavioral modeling, placing affordable housing out of reach. Or perhaps the police could request information you may have captured about a local incident and resultantly gain access to a massive store of data about your daily life. The government could subpoena the company storing the data to collect information and a mass of your most sensitive data would be at their fingertips. Or in the worst case scenario, imagine a data breach of the storage and the ensuing full picture that could fall in the hands of a bad actor. The risk to your and your family’s cybersecurity when all of your data is contextualized, identifiable and consolidated is unprecedented.
The threats of exploitation due to the consolidation of data do not end with who may gain access and what they may do with the information. The next step beyond predictive data modeling is the concept of behavioral prompting. The exploitative use of a full picture of your home life to influence your behavior. This transforms the home technology from a recorder of your behavior into an enforcer or shaper of your behavior. The technology for this leap is already developed, patented and deployed by Google. US Patent 20160259308A1 allows for smart home devices to automatically implement home policies and scheduling based on previously observed behaviors. This could mean your domestic robot decides when you eat dinner as a family, or when your home is tidied and dimmed for the evening as you get ready to go to bed. The transfer of these head of household decisions represents a major shift in the role of home technology from assistant to enforcer.
Given the enormous increase in risk of surveillance, exploitation and cybersecurity breaches due to the convergence in home data from domestic robotics, one must know what protections are currently in place to mitigate the downsides of adoption. These protections come not from individual users’ contracts, nor the company’s policies themselves, but from legal and regulatory frameworks set forth by various levels of government oversight with a range of efficacy and breadth depending on where you live. The EU currently offers the most stringent regulation with its GDPR protection. This allows users to access, correct and erase data, maintains strict requirements for data minimization and purpose limitation, and ensures that a legal basis is necessitated for processing. The United States lacks a comparable comprehensive federal data protection law and instead relies on state to state protections like California’s CCPA/CPRA laws which are most similar to GDPR or FTC Protections which require unclear and costly post-hoc enforcement processes against unfair or deceptive practices in trade.
New proposals for legal protections for homes adopting domestic robotics must account for multi-person consent, data convergence, and the methods of how the data is collected, which is to note that it is passively observed in the “privacy” of one’s own home and not explicitly given. The potential data ownership models span three general forms: Corporate Ownership, Sole User Ownership and Robot as Agent. With the corporate ownership model, the company producing the robot stores and analyses the data on the company’s own servers and uses that to better train future models. However, the user would likely have to sign away their rights under the terms of service. In the sole user ownership model, the owner controls the robot’s memory which presents an asymmetry in power and control over other members of the household like spouses or children. In the robot as agent ownership model, the robot is an autonomous data holder programmed with its own set of immutable rules. This presents a number of other ethical issues when it comes to the robot withholding, sharing or deleting data based on predetermined protocols. The ultimate formula will likely wind up being a combination of these three, dubbed shared domestic data stewardship. This is the only conceivable option that will protect all members of the household, yet it will likely take decades of refinement and dozens of legal precedents to hone.
In the meantime, adopters should look to work with companies guided by ethical design principles in order to protect themselves and their data. These principles include the following:
Privacy by design so that the robot defaults to local processing rather than storing data on the cloud in addition to the absence of passive data retention without explicit consent.
Individualized permissions to account for the different subjects and their comfort levels and protections as secondary users, guests or minors.
Transparent memory controls which offer users the ability to see, edit and delete the data they have generated while interacting with the robot.
Adaptable and user friendly mechanisms for pausing or restricting observation during private or sensitive moments inside the house.
The early adopters will set the tone for the privacy standards and ethics of data collection and management when domestic robotics enter the mass market. It is imperative to encourage data privacy protections of users from both sides: the governmental oversight regulating use and the ethical design of the robots themselves by producers. While these robots will not collect any new data that your current smart home devices don’t already gather, the consolidation and contextualization of this data represents an enormous shift in the privacy landscape and the design and regulation surrounding that increased risk must reflect its significance.
Works Consulted:
Cox, J. (2018, December 20). Amazon Sent 1,700 Alexa Voice Recordings to the Wrong User. Vice Motherboard. https://www.vice.com/en/article/xwajxa/amazon-alexa-voice-recordings-wrong-user-gdpr
Duhigg, C. (2012, February 16). How Companies Learn Your Secrets. The New York Times. https://www.nytimes.com/2012/02/19/magazine/shopping-habits.html
European Commission. (2021). Proposal for a Regulation Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52021PC0206
European Parliament and Council. (2016). General Data Protection Regulation (GDPR). Regulation (EU) 2016/679. https://eur-lex.europa.eu/eli/reg/2016/679/oj
Google LLC. (US Patent US10114351B2). Smart-Home Automation System That Suggests or Automatically Implements Selected Household Policies Based on Sensed Observations.
Hern, A. (2019, July 26). Apple contractors ‘regularly hear confidential details’ on Siri recordings. The Guardian. https://www.theguardian.com/technology/2019/jul/26/apple-contractors-hear-confidential-details-on-siri-recordings
Nissenbaum, H. (2010). Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford University Press.
OECD. (2019). Recommendation of the Council on Artificial Intelligence. https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449
Pole, A., et al. (US Patent US201600261932A1). Monitoring and Reporting Household Activities in the Smart Home.
Thompson, S. A. (2022, December 19). The Secret Scandal Behind the Roomba Images. MIT Technology Review. https://www.technologyreview.com/2022/12/19/1065007/roomba-images-leak-privacy-ai-training/
UNESCO. (2021). Recommendation on the Ethics of Artificial Intelligence. https://unesdoc.unesco.org/ark:/48223/pf0000381137