Who controls your home?

As homes become more connected and software-based, access and rights control become more salient: Who controls your home?

When our homes become connected and more software-based, it will be software that grants or denies the rights to use and change everything that goes on inside the room. (At least everything that has a digital or data aspect to it.) This suggests that going forward, access and control over the home might resemble access and control over digital media content.

The problem with Digital Rights Management (DRM)

Enter Digital Rights Management: DRM for short. Time for a little refresher.

The world of commercially distributed digital content—movies, music, books—has been shaped by discussions about Digital Rights Management, or Digital Restrictions Management as some critics call it. DRM is a set of technological systems that aim to control who can and who cannot access digital media and under what conditions.

The concept sounds simple enough: Is this paid content? If so, has this user paid and is therefore eligible to consume it?

But it isn't quite as simple. In fact, DRM is highly controversial. Because it works on the premise of restricting access, often it punishes legitimate uses. The files or streams a customer pays for are those with built-in restrictive technologies. In other words, the customer pays for damaged files, whereas a (potentially illegally) downloaded version would usually be free of such restrictions.

If this sounds silly, it's because it is. A label can never predict how a buyer of music or film might want to consume the music they bought—yet often DRM measures restrict playback of a song or movie to certain devices, operating systems, or contexts.

This is so confusing and limiting. Even when someone pays for content legally, their freedom to use it is not guaranteed.1

In What We Buy When We "Buy Now", a paper forthcoming in The University of Pennsylvania Law Review, respected copyright scholars Aaron Perzanowski and Chris Jay Hoofnagle report on an experiment testing what people think they get for their money when they click "buy now" in stores selling digital things (ebooks, games, music, videos, etc). In short, it's not what they think.

So while there is certainly a need to raise consumer's media literacy here, it's also not primarily their fault. The study shows that retailers use misleading language all along:2

"Retailers such as Apple and Amazon market digital media to consumers using the familiar language of product ownership, including phrases like 'buy now,' 'own,' and 'purchase.'

Consumers may understandably associate such language with strong personal property rights.

But the license agreements and terms of use associated with these transactions tell a different story. They explain that ebooks, mp3 albums, digital movies, games, and software are not sold, but merely licensed. The terms limit consumers' ability to resell, lend, transfer, and even retain possession of the digital media they acquire. Moreover, unlike physical media products, access to digital media is contingent-it depends on shifting business models, the success and failure of platforms, and often on the maintenance and availability of DRM authentication systems years after the consumer clicked 'buy now.'"

DRM for the home: Residential Rights Management

Now we have to assume that similar challenges will arise around the connected home. Only there, the effect would be compounded as it would affect on our essential domestic infrastructure.

Let us be blunt: DRM for domestic infrastructure—Residential Rights Management if you will—should under no circumstance become part of our homes.

Rights managements is hard to understand. If you've ever encountered a situation where you needed to assign read/write/execute rights for a personal computer, server or network without proper training, you'll know how confusing this is—even professionals regularly fail at selecting the appropriate permissions settings.

In a connected home, we'd have to work with complex, interdependent access rights to buildings, apartments, rooms, devices, users—all of which are entirely non-intuitive to handle.

With connectivity come power struggles and access & rights management.

Who has root to your home?

Root access3 is what we call full, unfettered access—including the rights to shut out other users, delete all data and install any program.

Who are the parties who have this kind of access to your home? Even at the best of times, scenarios where another entity, person, or organization has control over your home seem problematic. Screw-ups seem both unavoidable and potentially horrendous.

For a little taster of power struggles to come, consider the following scenarios and questions of remotely controlled rights or restrictions management:

  • A renter is late on their payment. Can the landlord shut down services or access until the rent is paid? Potentially non-essential services like air conditioning? Essential services like plumbing? Access to the apartment? Under which conditions?
  • A teenager comes home later than agreed with their parents and finds the door does not unlock. The parents, feeling wronged and slightly vindictive, set up the home's smart lock not to let their kid in after 10pm. And the teenager doesn't have the permissions to override it.
  • An elderly person in an assistive living facility wants to cook a meal. Yet, the oven won't turn on this morning. An algorithm set up by their son has decided to reduce the risk of fire and burns, so the resident's usage rights to the oven were remotely revoked.
  • A malicious landlord wants to get rid off a renter and starts messing with lights and heating. What kind of recourse do renters have if they lose control of the infrastructure they live in?
  • A resident is a diabetic. Can their health insurance track if a diabetic takes any sweet beverage or food out of the fridge? Could the insurance company block access to the fridge? Or could they modify orders for grocery delivery services?
  • A young couple is two weeks late on their mortgage payments. Can the bank shut them out of their homes by taking them off list of authorized users in the smart lock's facial recognition system?4

We chose those pointedly dystopian scenarios for a reason. Many of them begin with a legitimate reason, concern, or gripe—and then they go overboard, leveraging connected home systems in ways that go entirely beyond what's acceptable.

We believe that residents should be in control of their domestic lives. As a rule of thumb, no company or other entity should unilaterally be in a position to shut down services in the home. Nor should companies be able to sweepingly change terms and services, like they currently do on our personal computing environments. The iTunes Terms of Services just changed.

We need to ask ourselves: Who controls—or should be able to control—access to and within a home? Is it going to be the resident, landlord, owner, renter? An insurance, bank, or Airbnb? What are the kind of legal frameworks that can ensure that residents are in charge of their home?

The home is a space that needs special protections.

1. See Cory Doctorow's summary of the study: boingboing.net/2016/05/13/clicking-buy-now-doesnt.html
2. Perzanowski, Aaron and Hoofnagle, Chris Jay, What We Buy When We 'Buy Now' (May 13, 2016). 165 University of Pennsylvania Law Review (2017), Forthcoming. Available at SSRN: ssrn.com/abstract=2778072
3. See Super User on Wikipedia: wikipedia.org/wiki/Superuser
4. We have already seen cases where leased cars won't start if the lease payments are overdue—a truly malicious, out of proportion invasion of privacy and basic rights: boingboing.net/2014/09/25/class-war-meets-the-war-on-gen.html

results matching ""

    No results matching ""