What to Do When Roomba Sucks Up Your Personal Data

In a recent interview, iRobot CEO Colin Angle mentioned that the maps built by iRobot’s Roomba could potentially be sold to other companies. Naturally, this heightens privacy concerns that have been steadily building around digital data and always-connected devices.

A Roomba on a hardwood floorVacuuming is kind of annoying. The high-pitched whine, the cord getting in the way, the bulky machine to lug around. It’s the very definition of a chore. So what could be better than a handy robot that automatically cleans floors? Well, maybe a robot that doesn’t sell your floorplans.

In a recent interview, iRobot CEO Colin Angle mentioned that the maps built by iRobot’s high-end Roomba devices could potentially be sold to other companies. Angle’s idea is that the smart home works best when it is fine-tuned, and makers of other devices could use the maps generated by Roomba to improve the user experience. Naturally, this heightens privacy concerns that have been steadily building around digital data and always-connected devices.

To be fair, Angle said that iRobot would definitely not share data without the permission of the device owner. It’s not clear, though, exactly how that permission would work. If the data represents a potential revenue stream, there’s not much motivation to make it easy for people to opt out.

While we don’t know exactly how the Roomba situation will play out, it highlights several issues that consumers and IT pros should keep in mind as homes and workplaces become more digital.

  1. Devices need to be selected carefully.

    One of the biggest challenges with the internet of things (IoT) is that vendors who have always built everyday products are now adding intelligence/connectivity to those products. These vendors don’t necessarily have deep expertise in cybersecurity, so there can be unintentional loopholes.

     

    This type of vulnerability came to light last October, when attackers created a botnet out of unsecured devices, including security cameras, to perform a distributed denial of service (DDoS) attack on the domain registration service Dyn.

    Not everyone will have the know-how to evaluate products themselves, but third-party reviews or consultations can help identify devices that may be dangerous.

  2. Consumers need to be aware of their data.

    As technology has made great strides in the past few years, security and privacy have taken a backseat. There has always been tension between security and convenience, and the rise of “free” digital services has drawn people in before they fully realized that their personal data was being captured and sold.

     

    The growing concern over privacy has led many internet companies to become more transparent, but there is still a conflict of interest with the business model, which leaves room for improvement. IT pros should especially pay attention to the devices and services they put into place, making sure that any data captured or transferred is well understood and approved by the business.

  3. Creating a smart home/smart building requires tradeoffs.

    Having a vacuum perfectly understand room layouts is highly efficient, but it may not be necessary. Individuals and businesses need to assess the benefits of their smart devices against the costs involved in maintaining security and privacy.

     

    In some cases, a marginal advantage may not justify insufficient skills. This is particularly true in the short term, when devices promise quick solutions but implications are not well understood. Over the long term, consumers and organizations will build the skills to ensure safe operations.

The story of the data-sharing Roomba, along with countless other security and privacy incidents involving connected devices, shows that road to the connected future has a few bumps in it. With a bit of up-front awareness and an ongoing commitment to education, consumers and IT pros can be sure to have good data hygiene in the digital economy.

Check out CompTIA's Cybersecurity Career Pathway to get the skills you need to secure IoT devices.

Email us at blogeditor@comptia.org for inquiries related to contributed articles, link building and other web content needs.

Read More from the CompTIA Blog

Leave a Comment