The $129 Nest is a hockey-puck shaped device that aims to save users money by knowing when to raise the temperature inside homes. It uses Google’s Home software and a radar system-on-a-chip to detect if people are physically present, but the extra data scooped up by the thermostat could be a problem, some experts say. “At a minimum, consumers are giving up another layer of personal behavior data that can be cross-pollinated with other data,” Frederick Lane, a cybersecurity consultant, said in an email interview. “It is, after all, a Google product, and it is likely that Google has extensive data about its Nest users.  “The most innocuous situation is that Google would use the data to further hone its advertising. A real concern for any collected data, of course, is unintentional leakage or theft by hackers. The more data that is collected, the greater its value to hackers.”

We Won’t Sell Your Data, Google Claims

Google has acknowledged concerns about the data collected by its Nest line of products. In a statement on its website, the company discusses how it uses the Nest information and says it won’t sell information it collects. “We will only share your device sensor data with third-party apps and services that work with our devices if you or a member of your home explicitly gives us permission,” the website states, “and we’ll only ask for this permission in order to provide a helpful experience from an approved partner (such as an energy utility).” There could potentially be many unintended consequences if the Nest lets people know when you’re home, observers say. Police might be able to use this data to know when to serve a warrant, Paul Katzoff, CEO of WhiteCanyon Software, a cybersecurity software firm, said in an email interview. Or, Katzoff suggested, in the future, a salesman might be able to subscribe to a service that tells them if homeowners are there; California and other states may ask to be allowed to turn down your AC/Heat to conserve energy if you’re not home. In more dire scenarios, “hackers can see who is not home and then rob those homes,” he added. “Pharmaceutical companies can see who is up late at night and target them in insomnia marketing ads.”

Information Vacuum

The Nest is likely to be collecting more data than many users realize, experts say. One of NEST’s big selling points is its learning ability.  “For it to properly learn habits and behaviors, we have to share location data with it,” Steve Tcherchian, Chief Information Security Officer at XYPRO Technology Corporation, said in an email interview. “Not only does the NEST thermostat know the physical location it’s installed, but for it to function properly, it needs to know where you physically are.  “It does this by accessing location data from your phone. For example, it can then determine how far away you are from home so it can turn on your A/C or heater before you get [home].” The Nest isn’t the first internet-connected device to spark concerns, though.  “We’ve seen numerous examples of smart devices where security and privacy were simply ignored,” Paul Lipman, CEO of consumer cybersecurity company, BullGuard said in an email interview. “That’s including Smart TVs that track customers’ viewing habits or even what they are doing while watching TV, smart alarm systems that can be easily hacked and disabled, webcams that can be surreptitiously viewed by anyone on the internet, and smart baby monitors that had their video feeds intercepted.”  The Nest is yet another tradeoff in the information economy. For users who don’t mind giving up some personal data, the smart thermostat could be the right choice to save money on heating bills this winter. For those not dissuaded by privacy concerns or skepticism, the redesigned Nest thermostat comes in a choice of colors, including “snow” and “charcoal,” and is available for preorder now.