This is part one of a four-part series examining how automation will change Canadians’ lives, for better or worse.
The robot future has already arrived at the home of Daniel Nieto.
They’re fully in control, with no need for human input, and Nieto says the home is better for it.
Well, when it comes to the thermostat, anyways.
Nieto, a tech executive living in Toronto, Ont. has smart devices throughout his home where he lives with his wife and nine-year-old son.
While the smart assistants are a great help for playing and discovering new music or helping his son with a homework question, he says the real bang for his buck comes with the thermostat, which tracks hot and cold spots around the home and can regulate temperature accordingly.
This means Nieto is using his furnace more efficiently, he says, which is both more environmentally-friendly and drives savings on his yearly gas bill. The first year he switched his home over to a smart thermostat he saved $200, and Nieto says it’s only gotten more cost-effective since.
On top of that, he can’t remember the last time he’s had to adjust the thermostat manually.
“After a few usages, you don’t have to set the temperature in and of itself. It actually does that for you because it learns with the data that it gathers around the home,” he says.
But that data gathered by the voice-activated assistant, smart appliances and other conveniences baked into the modern home concerns some privacy and robotics experts who say Canadian policy isn’t ready for the robot revolution — even if consumers are already signed up.
How robots are getting to know you
Matthew Johnson is director of education at MediaSmarts, a non-profit that encourages critical thinking in media use and consumption.
He tells Global News that the danger inherent with smart devices is not necessarily in Alexa knowing what temperature you like to keep your living room.
Rather, he tells Global News it’s in the “bundling” of often innocuous bits of information through your interactions with the device that can create a “profile” that’s of value to the providers of the technology.
While concerns about the listening capabilities of smart devices are more common, William Melek, director of the RoboHub at the University of Waterloo in Ontario, says few users are likely aware of the subtle ways this technology can learn by performing tasks.
He gives a hypothetical example of a Roomba, the popular automatic cleaner from iRobot, which struck a deal to be acquired by Amazon earlier this year.
A smart vacuum cleaner like that can pick up more than just spilled Cheerios from the floor as it sweeps through the area — it can learn the pathways of your house to better navigate and create a “very rich map of the environment,” Melek says.
“I’m not saying that the company does that, but … if this data falls into the wrong hands and then you already have a map of the interior of somebody’s house knowing exactly where the entrance points are, where the exits are, where basically any expensive items maybe are located,” he says.
Global News reached out to Amazon asking about the planned privacy protections for the Roomba when the company’s acquisition of iRobot closes but did not receive a response by publishing time.
Canada's privacy legislation 'lagging behind'
“I think the policy is still behind, lagging behind in this area. It hasn’t kept up with the pace at which the technology is evolving,” Melek says.
Canada’s current privacy legislation, shorthanded as PIPEDA, was introduced in 2002. Among other things, this legislation governs how businesses have to handle their customers’ personal information.
Since that time, the technological landscape has undergone tectonic shifts, according to Ann Cavoukian, former three-term privacy commissioner of Ontario and the executive director of the Global Privacy and Security by Design Centre.
“We’re so behind,” she tells Global News. “Can you imagine how much has changed in the last 20 years in terms of technology? It’s been enormous.”
Cavoukian holds up the European Union’s General Data Protection Regulation (GDPR) as the “gold” standard in privacy regulation these days, with many countries updating their own legislation to keep pace with the EU since it was introduced in 2018.
Canada is on the cusp of adopting its own updated privacy framework in the form of Bill C-27, which was introduced by the Liberal government this past spring but is just now going through readings in the House of Commons.
Cavoukian is glad to see the feds moving forward to update PIPEDA, but while there are signs of progress in the legislation, it “doesn’t go far enough,” she argues.
Especially concerning to her are regulations over artificial intelligence (AI), which underpins smart devices like Amazon’s Alexa and Google Homes.
What Canadian regulators need is the ability to go “under the hood” of AI and audit exactly how consumers’ data is being used after it’s been collected and where it’s been sent, Cavoukian says. Without this visibility into how smart devices in the home work, she argues Canadians can’t have confidence that their information isn’t being abused.
“The potential harms in terms of personal information and usurping someone’s privacy are considerable,” she says.
“The thing with smart devices — and believe me, I’m a big tech fan, but you always have to know what’s going on — you can’t just take for granted that that which you intended is actually taking place.”
Cavoukian innovated a concept called “privacy by design” during her time as Ontario’s privacy commissioner, an idea that has since been adopted in the EU’s GDPR, but not in her home country. This idea sees tech developers include privacy controls for consumers at the very beginning of the design stage, rather than tack it on to comply with specific regulations after the fact.
A spokesperson from Innovation Minister Francois-Philippe Champagne’s office acknowledged in a statement to Global News that current privacy legislation is not equipped to cover technologies, like smart devices, that did not exist when PIPEDA was first introduced.
But the minister’s office said that part of Bill C-27, the Artificial Intelligence Data Act (AIDA), will take a “risk-based approach” that looks to “mitigate the risk of harm throughout the lifecycle” of a AI-powered tech like smart devices.
“AIDA is a powerful tool to prevent harms occurring due to AI and AIDA’s conception of harm aligned with the Canadian Human Rights Act and other relevant Canadian statutes,” the spokesperson for Champagne said Wednesday.
“By introducing AIDA, the government is aiming to establish a two-pronged framework to ensure that Canadians can trust the systems they interact with every day.”
Beyond tighter regulation on AI specifically, the most glaring omission in Bill C-27 according to Cavoukian is the lack of enshrining privacy as a human right — something other jurisdictions have made commonplace.
“Privacy is all about personal control,” she said. “Let’s not lose that.”
Taking an ‘active role’ in your privacy
While he’s an eager adopter of smart devices in his home, Nieto isn’t blind to the privacy concerns.
He’s taken a few steps to make sure his family’s exposure to privacy worries is as limited as possible.
In addition to using guest profiles separate from his family’s usual accounts to sign up for and log into the devices, they’re also strategically placed away from bedrooms and in more crowded areas of the home where sensitive conversations are less likely to occur.
“There are steps that … we can take to protect and safeguard those things that are precious to us,” Nieto says.
Johnson says that Canadians like Nieto are waking up to the dangers of passive data collection on privacy security.
“We’ve seen an increasing awareness of the ways that having one’s data collected can lead to it being out of your control,” he says.
Strategies like putting smart devices into more crowded areas like Nieto has done are “absolutely” ways to mitigate the privacy impact of this technology, Johnson says, but it’s hard to ensure that everything you say in the space won’t be sensitive.
He says a good habit is to request your own data be deleted from servers that host your devices. Do this every six months for most devices, he recommends, but more sensitive data collectors like smart speakers should be purged every month.
Like Nieto, he adds that setting up smart home devices on separate Wi-Fi networks and using guest accounts can make it so that if one piece of tech is compromised, the access doesn’t spread to sensitive information.
And while the smart functionality might be convenient for some, Johnson recommends seeing if you can turn off the “smart mode” on devices that you’re not using for internet, thus preventing the data from ever leaving your home.
“It is an area where people need to be, I think, more conscious, not just of the risks, but of all of the different ways that the things in our lives are collecting data about us and the things that we can do to limit the impact of that data collection,” he says.
— with files from Global News’ Anne Gaviola