Walmart and Amazon want to see inside your house. Should you let them?
The war for the e-commerce shopper is fought on the battlefield of convenience. One-click ordering, same-day delivery, automatic toilet paper refills: There’s no pain point so small someone won’t pay to do away with it.
Although shopping online may be hassle-free, getting those orders delivered can be tricky. To solve that problem, Amazon.com Inc. and Walmart Inc., the two largest retailers in the U.S., are now offering to send delivery people inside your house to safely deposit your packages indoors and your groceries inside your fridge.
To calm fears that delivery people might get up to no good, both companies are promising to let you watch the deliveries happen live on video. There’s one catch: Amazon and Walmart get to hang on to that video too.
Sound like a good deal?
With little formal accountability or transparency on how these companies store, process and monetize the video and audio recordings of your home, privacy experts are concerned that consumers could be signing up for more than they realize.
“The surveillance society we have tiptoed into is going to need a set of social norms that are today still awkward and unclear,” said Jules Polonetsky, chief executive of the Future of Privacy Forum, a nonprofit that studies privacy issues around new technologies. “If we don’t set some of those lines, it’s likely to have negative repercussions.”
Those risks include having sensitive home data — including voice and video recordings and codes for the front door’s smart lock — hacked and released online, or having the same private data subject to search by law enforcement.
More prosaically, with the advent of computer vision analytics, which offer the ability to extract consumer insights from millions of hours of video, the companies behind these smart-home services could use imagery from your living room to improve their ad targeting or as raw material to train their computer vision algorithms.
“It’s certainly not the case that any of these companies are out to do something malicious,” said Jeremy Gillula, tech policy director at the Electronic Frontier Foundation. “But you don’t have to be malicious to invade someone’s privacy.”
The business case for providing these services is clear. The two largest retailers in the country are offering in-home delivery programs — Key by Amazon and InHome by Walmart — to woo customers who don’t want to have valuable purchases or perishable groceries left on their porches, prey to package thieves or raccoons.
The cameras involved are pitched as security measures. To receive in-home Amazon deliveries, customers need to buy a smart lock and an Amazon Cloud Cam to point at their door. When the delivery person drops something off, the customer receives a notification enabling them to watch the delivery in real time or after the fact from the Cloud Cam’s point of view.
In Walmart’s case, the delivery person wears a proprietary body camera, allowing the customer to livestream the delivery process from their point of view or review the footage later.
Basic security concerns have already arisen with the programs. Within weeks of Amazon’s rollout of Key in 2017, security researchers found a way to hack the camera and freeze the image, allowing a delivery person to wander the house undetected after a drop-off. Amazon quickly patched the security hole, but it was an illustration of the fact that almost any networked hardware can be vulnerable to attack.
But even when the system is working properly, the question of what the companies do with all that video footage remains.
Amazon has a standing policy of responding to legal demands from law enforcement, which often come with gag orders preventing the company from informing its customers that their data are being turned over. According to its latest transparency report, the company gives at least some of the data requested to law enforcement in more than 75% of cases. Amazon has been subpoenaed for recordings made by its smart devices in the past. In late 2018, it was ordered by a judge in New Hampshire to turn over Echo recordings, but it’s unclear whether the company complied.
According to an Amazon spokesperson, the company is not using customer video footage to improve product recommendations or ad targeting. (Amazon is the third-biggest player in digital advertising, after Google and Facebook, and has been rapidly growing its market share.) The spokesperson also noted customers can delete footage of their homes whenever they please.
Yet any footage that goes undeleted “may be used to help improve Amazon’s services, for example, by improving our computer vision algorithms,” the spokesperson said. In April, Amazon acknowledged it was sending clips of speech captured by its Echo devices to workers in four countries who transcribed the clips to help improve the devices’ speech-recognition accuracy.
Walmart — which is rolling out its service in Pittsburgh, Kansas City and Vero Beach, Fla., this fall — said it was too early to say how the footage would be stored and processed. But the fact that Walmart owns the in-home recording device, in contrast to the customer-owned Cloud Cam, could lead to even less accountability for how footage of customers’ homes is used.
“For these companies, it would be very difficult to resist the temptation of ‘Look, we have all this video inside people’s houses,’ ” Gillula said. “Let’s use it to train AI to recognize specific products we can recommend.”
In fact, Google last year filed a patent application laying out a system that would do exactly that.
Featuring smart speakers and cameras, Google Home competes with Amazon’s smart home suite. But, unlike Amazon, Google depends on advertising for the vast majority of its revenue.
It’s unclear whether Google is using your home as a data mine to improve its ad targeting, but in its patent, Google engineers described how that would work in detail. In-home cameras and audio sensors would look at the objects in your house, create a detailed profile of your tastes and potential desires, and then serve up ads and content that fit that profile.
In one of the patent’s example scenarios, a smart video camera sees that you have a paperback of “The Godfather” on your bedside table, then feeds that information back to a local processing hub. Some light profile-crunching later, and a notification pops up: “I noticed you have a copy of ‘The Godfather’ by your bed. The movie based on this novel is showing tonight at 9:30 PM on Channel 5.”
In another scenario, the smart home profiles its resident humans directly. The cameras see that a 15-year-old boy holding a basketball (“a middle son”) walks into the living room and turns on the TV, and clocks his age, gender, and that there’s a basketball in the picture. Then, the TV knows to show ads for a local basketball camp, the newest “NBA2K” game, or when the next Clippers game is on.
For all the chills this scenario might induce in the surveillance-averse, researchers who have been watching the smart home market grow don’t see any signs that privacy concerns are slowing down adoption.
“I would think more people would be concerned about it than they are,” said Frank Gillett, an analyst at Forrester. A report that he co-wrote in May predicted that 70.8 million U.S. households would have smart speakers in their homes by 2023, and found in an online survey that only 39% of respondents had privacy concerns about the technology.
If Amazon and Walmart merely wanted to offer their home-delivery customers peace of mind and convenience without adding to their already voluminous data stockpiles, it would be simple enough for them to do so. Gillula pointed out that any of these companies could encrypt the video in such a way that only the customer has the ability to view the delivery footage, not the companies themselves.
“It’s important to realize these companies have the technical capabilities to make sure only you have access to this video,” he said. “But chances are they will choose not to because they want access too.”
Follow me on Twitter: @samaugustdean