Recently, smart thermostats have found themselves at the center of a new plan devised by Brussels and Washington to reduce dependence on Russian energy. This plan will see EU members and European and US companies deploy at least 1.5 million smart thermostats into European homes by the end of 2022.
However, there is one major hurdle to overcome: data privacy. Unless device manufacturers can reassure consumers that their data is sufficiently protected and that data breaches are a thing of the past, then this plan may be met with consumer backlash.
What are smart thermostats?
People often, quite understandably, confuse smart thermostats with smart meters. Smart meters help people to reduce their energy usage by displaying how much they are spending each day on gas and electricity. On the other hand, smart thermostats are programmable devices that allow users to regulate temperatures via internet-connected devices like laptops, smartphones, and smart speakers.
When integrated with artificial intelligence (AI), smart thermostats can control themselves by learning from users’ routines and adapting their operations accordingly—for example, by turning the heating on before the user gets up. Smart thermostats save energy by monitoring the environment to ensure that there is no wasted heating or cooling when nobody is home.
Data privacy concerns are still at the forefront of consumers’ minds
Fears around data privacy are widespread. Fueled by high-profile data breaches, individuals are concerned about the hacking of smart devices in their own homes. Smart thermostats do not necessarily collect personal information, but they do learn a lot about an individual’s daily routine—this is what makes these devices convenient but is also what breeds privacy concerns. For instance, they learn when an individual wakes up, goes to sleep, and even when they leave the house, making these devices potentially lucrative targets for hackers and bad actors.
Smart thermostats—like other IoT devices—are vulnerable entry points. Due to their limited computing capabilities, these devices are often designed without any built-in security features capable of defending against threats. The security questions surrounding these devices are a considerable worry for consumers using smart home products.
Improved security could be just around the corner
The US government wants consumers to care more about whether their internet-connected devices are hackable or not. It wants to move beyond increasing cyber defenses in critical industries to trying to change how people think about cybersecurity.
The effort emerged from President Biden’s cybersecurity executive order in May 2021, and it was pioneered by the US National Institute of Standards and Technology (NIST). NIST plans to create a certificate program that verifies that internet-connected devices meet basic cyber standards, such as accepting software patches and allowing users to control what information the devices collect and share about them. Furthermore, the upcoming Matter Internet Protocol aims to align most major smart device manufacturers to improve smart device interoperability, reliability, and security.
The target of 1.5 million devices by the end of the year is steep and is unlikely to be met unless smart home device vendors can communicate these security developments and reassure customers that devices comply with current security standards.