Home Automation and the Investigatory Powers Bill

Dec 01, 2016 • SwitchThat Staff

Are you using a home automation solution that stores all your smart home data in the cloud? If you live in the UK, then the Investigatory Powers Bill may affect you in ways you can't yet imagine.

When this Bill becomes law, your ISP will have to retain data about every single website you visit for a full year. This will include information from apps that you use from your phone. The Police (as well as many other approved organisations) will then be able to request access to this data at their discretion, without any judicial process.

If your smart home is accessing the Web on your behalf, e.g. for interoperability between smart devices, or to allow smart devices to add things to your grocery shopping list, or to update cloud servers when your thermostat thinks you are home or away, then an awful lot of your private Internet Connection Records will be available, not just to the police and other official organisations, but potentially also to a hacker attacking your ISP (recall the TalkTalk hack of 2015).

What are the implications of this? Well, potentially it could mean that someone was able to piece together your home occupancy information over the period of a year, as well as your browsing patterns, shopping patterns, etc.

With almost 50 government agencies and organisations soon to have access to your Internet Connection Records, minimising the amount of private home automation data that your smart home transmits will be an essential part of any strategy to protect your privacy and personal data, and to reduce your exposure to online criminals.

If you're concerned about privacy and security then it makes sense to choose a home automation solution that, wherever possible, keeps your data in your home.