The home is often considered the last bastion of privacy and the Fourth Amendment guarantees people the right to be secure in their houses against unreasonable searches and seizures. But today, the government is not the only entity seeking to invade homes to obtain information—technology companies like Amazon and Google are making an aggressive push into homes with devices like Amazon Echo, Google Home, and Apple HomePod. We are entering an always-on, always-connected world. A generation of always-on devices, capable of watching and listening to everything we do, is entering the consumer electronics market. These devices promise to make daily lives easier, safer, and more enjoyable, but they also bring powerful surveillance tools into our most private spaces.
Privacy and security issues associated with always-on, alwayslistening, and always-watching devices are demanding increased attention. After examining the current state of government regulation and the rapid technological development of always-on devices, this Article argues that existing legal regimes are not sufficient to protect consumers. The Federal Trade Commission (FTC), for example, can only protect consumer privacy through sector-specific privacy laws that give the FTC oversight authority or by invoking its Section 5 “unfairness and deception” authority. Moreover, existing laws like the federal Wiretap Act or state one- and two-party consent laws do little to protect consumers from always-on device privacy intrusions. While sector-specific legislation like the Health Insurance Portability and Accountability Act (HIPAA) and the Children’s Online Privacy Protection Act (COPPA) offer stronger protection in certain situations, these laws are not comprehensive solutions to the challenges posed by always-on devices.
This Article, developed as part of a collaborative effort between lawyers and data scientists, identifies three major gaps in the current law. First, when and how law enforcement agencies may access sensitive always-on device data is not clearly defined, giving always-on technology the potential to erode Fourth Amendment privacy rights. Second, consumers often lack control over what data always-on devices may collect and what happens to that data once it is collected. Finally, there is insufficient recourse for holding always-on service providers legally accountable for refusing to take data security seriously. This Article proposes model legislation to address these gaps. This proposal enhances consumer control and transparency, regulates law enforcement access to information captured by always-on devices, and requires service providers to adhere to industry security standards or higher security standards set by the FTC. The Article provides a new analytical context to view policies that will increase consumer confidence, protect privacy, and prevent disastrous, costly data breaches as we move towards an always-on, always-connected world.