Padlocks

Published: 18 November 2020

Based on true events, this is a lighthearted look at how much of our data we are willing to give up for convenience and novelty.

The following is based on a true story, but names have been changed to protect people’s privacy.
 
Colin needed a new padlock for his shed…
 
Over time the existing padlock had gotten rusty, old and creaky (a bit like Colin) to the point where it was almost impossible to insert the key, although it had until now provided many years of reliable, non-intrusive service.
 
It was raining (hard) and a bit cold outside. As so many of us do these days, Colin opened the Amazon app on his phone and began to browse through the thousands of padlocks available to the discerning consumer.
 
Being a bit of a tech fanboy, Colin quickly became distracted by the new ‘Smart’ padlocks. Bluetooth, app controlled, fingerprint sensor so no need for that pesky inconvenient key, £35 and here in 4 days - What’s not to like?
 
Four days later and the parcel duly arrives from ‘the most customer centric company on the planet’.  It’s not quite Christmas, but Colin still tore apart the wrapping like a small child and opened the box.
 
This thing looked impressive.  Sturdy, waterproof, stealthy and very shiny, but how did it work?  Colin prodded it a few times then decided – finally - to read the very poor instructions, obviously written by someone whose first language wasn’t English.  ‘To get started, use the barcode scanner on your mobile (Android or iPhone – what happened to Windows Mobile?) to download the app from the store and register your new padlock’. OK he thought, here goes.
 
App installed, Colin then began the registration process.  First Name – check.  Surname – check.  Email address – er check.  Allow location services – why? Yeah, whatever.  Authorise access to my contacts – hang on a minute, nope..  The contacts request was apparently so Colin could share his “padlock experience” with his ‘friends’ – WTF?
 
The app still successfully connected to the padlock, but Colin then needed to enable the fingerprint feature by registering (scanning) the fingers and thumbs he wished to use to open it.  He continued to plough through the scanning procedure until it knew (and could identify him) by three of his digits. He saved the settings and tried it out with his thumb for the first time and yep, the lock popped open.  Cool huh?  (Actually, it wasn’t completely reliable and sometimes Colin had to open the app to override everything if the padlock failed to recognise his fingers – but it was cheap right?).
 
His mind began to whirr.  What had he done here exactly in the name of convenience?  Further rudimentary research quickly showed that this padlock was available from many suppliers under different brand names, but he’s pretty sure it’s manufactured in the same factory.  In China. 
 
Colin (who also had quite a responsible job) began to sweat as he realized that he’d just told some large random Chinese organisation his name, email address and location.  His responsible job had given him some insight into how spyware could install itself on personal devices, without detection and was then very capable of trawling through all the ‘stuff’ he kept on his phone.  And he’d also given away some of his most intimate biometric data - a scan of his fingerprints.  Oh shit.
 
He thinks he’d better just open the app again and check their privacy statement.  Nothing.
 
The conspiracy theorist in Colin’s head runs riot, worrying about how the third world war might be won (he liked war games) – when everyone was asleep, the Chinese army would of course magically open all the sheds, grab their weapon of choice, creep into bedrooms and strim, prune and mow the country to death.
 
In all seriousness he begins to think about the privacy and trust implications. Was there an enforceable agreement with China to respect the significant privacy laws which exist in the West?  Even if there is, would this manufacturer know and respect them?  If not, where would ‘trust’ lie? Perhaps with Apple, because they allowed the app to be available from their store.  Apple definitely carried out some due diligence, right?  Hmm…
 
Colin considered sending it back but slapped his head as he realized that he’d already given away all his data.  Colin was sure it’ll be fine though.  Absolutely nothing to worry about. What an idiot.
 
So when you open your ‘Internet of Things’ device(s) this Christmas, please just pause and contemplate before giving your private data to that connected app.  Be careful out there or prepare to be strimmed.  Don’t be a Colin…