Security of information?

I almost hate to ask this question because there’s bound to be a lot of charged emotions on the topic, but I think it’s worth putting out there.

It seems to me that SmartThings is recording a lot of data about us. There are lots of logs with information about our device going on/off, motion sensor, door sensors, presence sensors. This isn’t a bad thing, I’m not saying this is wrong. This data is needed for the system to run after all. But, given the recent info about NSA tapping of ordinary citizens it does make me question: Who has access to this data?

Obviously SmartThings the company has access to this data. I know they have procedures in place to prevent employees from “spying” on customers. I know that in the past when I’ve needed assistant they’ve requested permission to access my data in order to help me troubleshoot. This is a good thing.

But what about beyond SmartThings? Two big question in my opinion:

First: Is SmartThings selling this data? I can imagine this would be potentially good data for marketing purposes, and I don’t actually have a problem with this IF the data is completely anonymous. As long as the data is saying something like: On average, a 40-50 year old man is spending x-amount of time at home. I do, obviously, have a problem if they are selling data that says: On average, chrisb is home x hours a night.

Second: What is SmartThings policy concerning law enforcement agencies? If, for example, the local police are investigating a robbery at the Hello Kitty warehouse and I’m a suspect, what happens if they call up SmartThings and ask for data about my comings and goings? What if they show up with a subpoena? Now, I want to assure you that every Hello Kitty item I own was legitimately obtained in a lawful manner, but it does make me pause a little bit. Am I, by using SmartThings which keeps personal activity data on a cloud (ie, 3rd party owned server), providing a way for government to spy on me?

We take your personal information and privacy quite seriously and invite everyone to read the sections on user submissions in our terms of service and personally identifiable information in our privacy policy. The core section in the Privacy policy that speaks to your question is this.

Will SmartThings share any of the personal information it receives?

We neither rent nor sell your Personal Information in personally identifiable form to anyone. However, we do share your Personal Information with third parties as described in this section:

Aggregated Personal Information that’s no longer personally identifiable. We may anonymize your Personal Information so that you cannot be individually identified, and provide that information to our partners. We may also provide aggregate information to our partners, who may use such information to understand how often and in what ways people use our Services. However, except as described below, we never disclose aggregate information to a partner in a manner that would identify you personally, as an individual.

What is SmartThings policy concerning law enforcement agencies?

We will proactively work to protect your personal information consistent with the terms in our service documents, but obviously adhere to the law. Since every situation is unique, it is impossible to comment on our legal obligations to disclose information.

Hope this helps some.

It’s good to know that SmartThings takes our personal information and privacy “quite seriously”, but I don’t think a Privacy Policy ever stopped a hacker from breaking into a network. It’s bad enough to have your e-mail or Facebook account hacked, but imagine the opportunities of knowing when people are leaving their homes and an ability to unlock their front doors remotely. We, as customers need to know how exactly our private information is protected and how secure the SmartThings network is. Saying “just trust us” is not enough.