I guess when I tweeted about using a cloud-connected robot that maps the inside of my home in conjunction with an always-on microphone that persistently uploads data over the Internet, I should have expected privacy advocates might be triggered.
Rightly so, as it’s only been in the last couple of years that my home has suddenly become connected to the Internet and the tech giants behind it in more ways than just a laptop and a smartphone lying around. I have two smart assistants – Google Home and Amazon Echo Spot units are found throughout my condo – a PetCube camera that peers into my living room, and more recently an iRobot Roomba i7 vacuum, which I’m reviewing for our Smart Home section on ITBusiness.ca.
I already own the Roomba 690, which is also Wi-Fi connected, but the newest Roomba model bears the distinction of mapping the inside of your home. This data, which I’ve observed to vastly improve the performance of the autonomous robot, isn’t stored locally on the robot but uploaded to iRobot’s servers.
Testing the @iRobot Roomba i7 for our recently launched smart home section on @itbusinessca. Connect with my Google Home so now I can just shout "Hey Google, clean the dining room." and… pic.twitter.com/ExAR6DXbJu
— Brian Jackson (@brianjjackson) November 23, 2018
After I shared the details of my futuristic living arrangements on Twitter, I was flagged to the potential privacy train wreck awaiting me. What data is being sent out of my home? Who will have access to it? What will it be used for?
Were you also able to test how much of the resulting data is sent out of your home, and where it goes?
— Robin Wilton (@futureidentity) November 23, 2018
After some discussion, a communications representative from iRobot reached out and offered to answer my questions. I took him up on the offer and asked for a phone call. He offered to answer questions by email, and so I sent them.
Brian, happy to answer any questions you have on this topic when I’m back at the office on Monday. In the meantime, here's more info: https://t.co/me2MF1VC0P
— James Baussmann (@boz1200) November 24, 2018
Here’s how that went – below is nearly the full text from the exchange. Or you can scroll down for the TLDR.
Roomba privacy Q&A with iRobot
Brian Jackson: This Reuters article details iRobot plans to share data for free with other technology partners that make smart home devices. Since this article was published, has any progress been made in making such a deal? Is iRobot at present sharing data collected from Roomba devices with any third parties?
iRobot: iRobot’s privacy policy already allows customers to share data with third parties for the customer’s benefit, but only if they choose to. For example, customers can currently choose to enable voice control of the robot using Alexa enabled devices or the Google Assistant. The data shared is limited to only the data required to enable the voice control service.
BJ: Consent is an important point of consideration when it comes to sharing user data. Has iRobot thought through how it would collect consent from its users if it were to share that data with third parties? Or does it not view this as necessary?
iRobot: Yes, of course. Our customers invite us into their most personal spaces – their homes – because they trust that our products will help them do more. iRobot takes that trust seriously. And we believe that our customers have a right to privacy in their homes. That belief guides everything we do, including our Privacy Policy.
Regarding sharing data with third parties – which, today, is limited to enabling a Roomba vacuum to work with IFTTT, as well as Alexa enabled devices and the Google Assistant – the customer must opt-in to these services through the iRobot Home App. This opt-in process to unlock third party features and services would be no different in the future.
BJ: I understand the data collected from my i7 model is a map of the inside of my home, including where items like the sofa, bed, and coffee table reside. But can you provide more technical details on how this data is stored on the device, where it’s sent when uploaded to the cloud, and whether that data is encrypted or not?
iRobot: We’ve answered this question in multiple sections below.
On the type of data Roomba products process:
A Roomba robot vacuum does not know “where items like the sofa, bed and coffee table reside.” Roomba vacuums with mapping capabilities can simply show – via Clean Map reports in the iRobot HOME App – where the robot has cleaned. The Roomba i7 is capable of retaining a user’s map of a floor and remembering specific rooms, which are labelled by the user. However, the Roomba i7 robot vacuum does not know what or where the couch is. It simply knows that there is a boundary or an obstruction that it cannot pass, and marks it as such on the map.
On all Wi-Fi connected robots, usage data (e.g. how long did it clean, how far did it go, did it encounter any error codes, is it functioning correctly) can be sent to the cloud so it can be shown on the customer’s mobile device.
iRobot Roomba 900 and i Series robot vacuums build a map of a home as they clean using a combination of onboard sensors, including a low-resolution camera. The low-resolution camera, angled toward the horizon of the room, doesn’t see things like humans do. Instead, the camera perceives its environment as a pattern of light and dark contrast points in its field of view (e.g. between the corner of a windowsill and a wall clock). It uses these contrast points to localize its position on its map, enabling the robot to efficiently navigate and clean an entire level of a home. The Roomba does not take video or transmit any images to the cloud.
If a user agrees to having their map data viewable on their mobile device, then the map that the Roomba creates during a cleaning job is sent to the cloud where it is processed and made visible to customers in the iRobot Home App after a cleaning job is complete. These reports show total area and duration a Roomba 900 or i Series vacuum cleaned — for up to 30 cleaning jobs. Leveraging Dirt Detect – an iRobot patented feature only found on Roomba vacuuming robots – Clean Map reports also provide 900 Series users with information about where the robot encounters higher concentrations of dirt or debris. If a customer chooses to send map data to the cloud, Dirt Detect events are stored in the cloud and sent to the App when the Clean Map is rendered.
On encryption of the data:
All the data collected from iRobot products as per the Privacy Policy is handled with care and high levels of security. The data is encrypted both in transit and at rest. Data access is controlled strictly and limited only to authorized iRobot customer service personnel to do their job and help improve your product experiences.
Data in transit: All iRobot connected products communicate with the iRobot cloud service using robust encryption. Currently, iRobot use AES 256-bit encryption and Transport Layer Security (TLS v1.2). Data encryption is augmented through strong identity management. All iRobot connected products have identities when they come out of the factory and those identities are validated upon each new cloud connection.
Data at rest: Within iRobot’s cloud (built on top of AWS), customer data is stored encrypted. Customer data has multiple encryption keys which are rotated on a regular basis to reduce the risk of the data being compromised even in the event of a key exposure.
Mapping data: Maps that can be accessed in the iRobot Home App are pulled from the cloud when accessed in the app. The maps are sent from the robot to the cloud over encrypted transmission. The iRobot Cloud presents a certificate, which is verified by the Roomba, to prevent ‘man-in-the-middle’ attacks. Once the maps are uploaded to the cloud, they are processed and encrypted using a unique key protected in the cloud infrastructure. That unique encryption key is unique per map. In other words, no two maps share the same encryption key. Furthermore, the maps are associated with the specific Roomba vacuum that created the map. And the iRobot Home app can only request maps related to the Roomba vacuum to which it has been paired.
BJ: Has iRobot ever suffered a breach of user data related to its Roomba devices or other smart home devices? Or has it seen attempts by hackers to access such data?
iRobot: No. The landscape of security threats is ever evolving, as is the security at iRobot. iRobot continuously trains, researches, and exercises processes that improve the maturity of the company’s overall ability to identify, react to, isolate and resolve security issues within our company and our products as quickly as possible. Additionally, we actively promote and sponsor private bug bounty programs and collaborate with the broad security research community to supplement our own security efforts.
BJ: Does iRobot comply with GDPR? If so, who is its appointed data protection officer?
iRobot: Yes, iRobot has taken substantial measures to enhance security and privacy to ensure the company is meeting GDPR requirements. Our DPO is Mazars LLP, located in the U.K.
TLDR – main points
For me, as a Roomba user, the key points of what I’ve learned from this comes down to:
- iRobot has taken measures to adhere to strict privacy compliance standards and has a sophisticated approach to encrypting data throughout its lifecycle.
- The only third-parties that it is sharing information with at present are Google, Amazon, and IFTTT. I’ve opted into two out of three of these services, as I haven’t thought of a good IFTTT script for it yet.
- If a hacker ever did unlock the treasure trove of data from iRobot’s cloud, they’d see a representation of my condo’s floor layout that’s about as good as the one you see in real estate listings. They’d also be able to tell how much of a slob I am if they got access to the patented Dirt Detect events, which isn’t exactly blackmail material.
The sort of rigorous questions posed by privacy professionals around smart home technology are important to ask. Never before have people willingly placed hardware with such powerful surveillance capabilities in their private domiciles. The track record of large firms suffering huge data breaches of private information makes it important to demand that personal information is only stored when absolutely necessary, used only for the purpose it was originally intended by the owner, and that consent is collected before collecting personal information.
For now, I haven’t heard anything that will cause me to do away with the modern conveniences of my automated robotic cleaning device. I’ll happily continue to live in the future I used to imagine when I was a child. But I’ll keep an eye on out for the turn towards surveillance dystopia, with a little help from vigilant privacy advocates.