Amazon announced its controversial “Sidewalk” platform nearly two years ago, but most of you probably missed the announcement and the uproar it caused as we were consequently distracted by the mother of all distractions in 2020. Now that we are all starting to stumble into the daylight like hermits emerging from a cave, Amazon is taking advantage of our befuddlement and online shopping addictions to roll out Sidewalk for realsies. On June 8th 2021, unless you specifically opt-out, your Amazon devices like Ring doorbells and security cameras, and the various smart-speaker/screen devices like Dot and Echo, will be automatically enrolled in Amazon’s ambitious effort to bring better network connectivity to your neighborhood. But what is it actually doing?
What is Sidewalk and why should you care?
In a nutshell, Amazon is leveraging the absolutely gigantic install base of Echos, Dots, Rings and Tiles to create what amounts to a vast mesh network. Depending on your training and professional interests, your reaction to this may vary from the “Awesome, maybe my Ring doorbell won’t keep falling off the internet,” (average homeowner reaction) to “This seems like a very bad idea,” (average security/technology consultant reaction). If you were concerned about Sidewalk bogarting your bandwidth, according their specs, it should be skimming a very small amount off the top which, unless you are on very constrained bandwidth (DSL is still the only choice in many neighborhoods believe it or not!), should not even be noticeable. From a security standpoint, Amazon seems to have its head on straight, again at least on paper, about how they are keeping the data transmissions encrypted and separate from your data. Huge caveat on this one – just because a bunch of engineers say something is safe now, does not make it so forever, as we have seen numerous network standards get dismantled and abandoned as dangerous flaws are discovered.
The big concern should be what else Amazon will be doing on the Sidewalk network. In case you hadn’t guessed it, they will be gathering data. An absolute monstrous amount of data on thousands and thousands of households, neighborhoods, camera feeds, pet walking routes, delivery times, recipe requests, song playlists, etc. All of it tagged with geolocation and numerous other telemetry points that give Amazon (and its data customers) an absolutely staggering market advantage. Depending on your leanings and privacy concerns, this may be of no big concern, or perhaps you’ve decided that Amazon gets enough of your dollars already and as such are not deserving of any more of your data than you’ve already sacrificed on the online shopping altar. If this is the case, then disabling Sidewalk is as simple as (wait for it) using your Alexa app to turn it off. Yes, this is like using the stones to destroy the stones. At least you can just delete the Alexa app after installing it to turn off Sidewalk. Until our government decides it’s time to regulate business use of our private data, it will be up to the average household to draw the line in the ongoing privacy war. Which side will you be on?
Even if you haven’t read the seminal novel 1984 in many decades, you will surely recall the omnipresent “Big Brother” and the even more haunting reminder/warning that “Big Brother is watching you.” Rather than actually representing a single person (or even celestial being) readers quickly come to realize Big Brother is the result of countless numbers of citizens informing on their family, friends and neighbors in service of the Party “groupthink“. Fast forward to the present, where, believe it or not, Big Brother is watching and listening, but maybe not quite in the way Orwell had originally imagined.
Most of you have come to accept that devices like Amazon’s smart speakers, Echo and it’s petite sibling, Dot, are always listening, ostensibly to be able to snap to action the second you shout, “Alexa!” But what you might not realize (or remember) is that Amazon is recording and keeping a copy of everything the device hears after you speak the trigger word. Depending on how cynical I’ve made you about technology over the years, this may or may not come as a surprise to you, and if you’ve been reading this blog for any length of time, I even wrote about this nearly three years ago. Despite very clearly dancing on knife-edge of child-protection laws in 2016, regulation has not halted or even slowed the proliferation of millions of eavesdropping, smart-devices.
If you are curious about what your own Alexa-powered smart speaker has recorded in your private home or office, have a look at http://www.amazon.com/alexaprivacy. Fortunately for our house, most of these recordings consist of teenagers ironically asking Alexa to play Despacito, our family belting out the lyrics to various Queen anthems, and desperate searches for recipes based on the contents of pantries ravaged by previously mentioned teenagers. More importantly, despite living with someone who is a staunch advocate of privacy and who has made no effort to hide that fact, our family has obviously agreed to give up some of that privacy for the (sometimes meager) convenience and amusement the device offers. We also have a Ring doorbell on our porch and have also opted into sharing some of that video footage (at our discretion) with our neighbors, again potentially sacrificing some privacy in trade for a technologically amplified neighborhood watch.
Each person and family must decide how much privacy they are willing to sacrifice in exchange for security, and keep a very watchful eye for the point at which the sacrifice escalates from privacy to the abrogation of personal freedoms. Though we aren’t explicitly told how Orwell’s Oceania transformed into the nightmarish surveillance state, it’s easy to see how they got there. The seductive lure of convenience and personal gratification is a sure-fire way to gradually erode personal privacy and security without raising an eyebrow, just as sure and slow as a stream carving a grand canyon.
A lot of my friends and colleagues are always surprised that I don’t have more gadgets around my house, especially items like Amazon’s Alexa or Google Home, seeing as I am a long-time customer of both mega-companies and utilize many of their services on a daily basis. Those of you who have been paying attention know that I’m pretty keen on privacy, and have also seen me write on the topic time and time again, mostly because companies like the aforementioned sometimes have trouble respecting our right to privacy. It’s not that I have something to hide, it’s that I am very specific about what I want to share, and that does not include sharing private family conversations with a work acquaintance, which seems to be what happened to a Seattle couple via their Amazon Echo device.
Entre nous becomes menage a trois
What many fail to truly understand is that in order for any voice-activated device to work, it must always be listening to everyone nearby, waiting for its moment to shine. In the case of the incident mentioned above, the Echo device thought it heard its vocal trigger, “Alexa” (or something phonetically similar) woke up, heard another trigger, “Send a message,” which caused to start recording what it thought was a legitimate message, which it then dutifully sent on to the unintended recipient. The couple had no idea their conversation was recorded and were only clued in when the unintentional eavesdropper called them to warn them about the incident.
How many times has your phone (iPhone or Android) self-activated because it thought it heard its vocal cue? Mine does this about 2-3 times a month, mainly because it hears (or thinks it hears) me saying “OK” and “Google” all the time, when in fact, I’m just having a conversation with someone nearby. It’s even self-activated because of audio from a podcast or song, which is really weird and creepy sometimes. Hackers have demonstrated the ability to completely compromise late model devices, and it’s a known intelligence exploit to compromise surveillance subject phones explicitly for the purposes of turning on the microphone as the ultimate audio bug. We carry these devices everywhere, and now they are in our most private spaces. It’s just you and me, and the internet now.