WASHINGTON – Personal Web-enabled devices promise to give consumers a more efficient, highly connected lifestyle. But as users introduce these products into their home, with them come a whole new category of privacy breaches, warned Richard Smith, CTO of the Privacy Foundation, in his keynote speech at the USENIX Security Symposium here Wednesday.

While corporations have woken up to the importance of preserving information privacy in the workplace, consumers who bring Web devices such as smart phones, wireless networks, and digital TV services into their homes risk losing control over their personal information, Smith told the audience. This issue is coming to the fore now because the dramatic price decrease for such devices has made them attractive to the consumer market.

The information that consumer gadgets collect – such as what TV programs a viewer watches – can include much more personally sensitive data than corporate information, Smith noted. Couple that with the fact that home users are less informed than IT professionals in the ways that such information can be culled, and some serious privacy concerns arise, he said. "These people are different from folks who work in the world of servers and desktop computers," Smith said about consumers.

Drawing on his personal experience, Smith told of how he first became suspicious of such Web devices. In 1994 he signed up for DirecTV, a satellite-based digital television service. The equipment included a small satellite dish that transmits programming, as well as a receiver that had to be plugged into a phone jack. "I said, 'What is this thing sending back?' " Smith remembered. "Do they send back [information about] what we watch?" Smith concluded that DirecTV probably does not cull information about what a viewer watches, but added that services from TiVo and Microsoft's UltimateTV – to which he recently subscribed – do. "Mr. Gates knows that my wife and I watch LawOrder pretty much nonstop," he joked about his favorite TV program.

In the case of TiVo, the company's privacy policy offers an "opt out" option so that consumers can say they don't want information on their viewing habits gathered. Smith said such a policy is inadequate. "If they're going to spy, why not be more up front about it" and offer an "opt in" policy instead, Smith said. "Some people will say yes, others will say no. But TiVo is making the choice for us with this crazy opt-out option."

Smith offered another example from his personal experience. His wife used a product called SportBrain, a device that is worn on a person to determine how much exercise they get each day (steps walked, calories burned, etc.). The device comes with a transmitter that uploads information to the company's Web site. Users can then check a personal Web page to read their statistics for the day. Also on that Web page are direct marketing offers; running shoes, for example, for a user who often jogs.

According to Smith, this is where the company got greedy. Instead of requiring the device to connect to the company's Web server, it could connect directly to the user's PC. But then SportBrain would lose out on direct marketing opportunities.

Adding insult to injury, SportBrain shut down its Web site and went out of business a few weeks ago, so now his wife is stuck with a "worthless piece of plastic," he said. "The business model was to control us. But when they go out of business, we've wasted our hundred dollars."

Copyright 2001 IDG News Service, International Data Group Inc. All rights reserved.