Bad business is breaking the smart home — good regulation can fix it

Posted by
Check your BMI
Illustration of a living room full of smart devices that are connected by strings to a marionette handle. The vague language of a contract floats ominously above everything.
Image: Cath Virginia / The Verge
toonsbymoonlight

Business arrangements and opaque contracts have broken the pitch of the smart home. Better regulation can fix this problem.

The smart home is still broken, and surprisingly, interoperability isn’t the issue. The problem is, when it comes to connected devices, consumers are buying hardware that behaves like software. And unlike hardware, which fails in fairly predictable and established ways, software breaks in opaque and surprising ways. It’s hard to classify this disconnect. It can feel like you don’t really own your connected devices or you can’t rely on them. And if we want things to get better for consumers, we need both manufacturers and regulators to step up.

When I buy a connected light bulb, I expect it to behave like a light bulb. When it breaks, I expect it to break in a way that a light bulb would normally break. Maybe the glass shatters when I drop it. Maybe the LED burns out.

But the way connected devices break is completely different. They break, for example, when the smart home controller I use to manage that light bulb stops talking to that light bulb. Or maybe it breaks when the light bulb company goes out of business and stops providing software support. Or, as is the case with Philips Hue, which recently changed its policy to require users to create an account to use Philips Hue bulbs, they break when I decide I no longer want to abide by new terms implemented by the company that made the light bulb.

Another example is my Echo smart speaker. We used to tell Alexa to “trigger dance party,” and our music and lights would turn on in our living room and kitchen. This broke last month, when Alexa stopped supporting its IFTTT integration. Even my garage door isn’t immune to failure thanks to the maker of my garage door opener’s decision to cut off API access to everyone.

The laws of physics versus contract law

Lately, when my smart home fails, it’s because an executive somewhere has decided to change the terms of a business agreement governing how connected devices talk to each other. In the digital world, these sorts of contract disputes are common. Witness the recent fight over access to television programming during the US Open while Disney fought with Charter over cable fees.

But in the physical world, we are used to products that break according to the laws of physics or chemistry, not contract law.

As more devices get an internet connection and there are fewer devices sold without internet connections, the question of how to preserve functionality even as business agreements change will become more relevant. In many cases, the loss of features or functionality represents an annoyance, rather than the death of the product overall, which makes it even more challenging to figure out how to preserve the right of a buyer to get a product that behaves as anticipated.

But we should try. It’s not right that the buyers of Samsung’s Family Hub fridges were originally able to use the Google Calendar feature to manage their day on their appliance and then lost that ability because Google changed its API around the calendar and Samsung took months to update its fridge’s software to account for the change. It’s also not right that I purchased the Chamberlain myQ garage opener because I could connect it to my Google Home app, only to later see that connection break after Google changed how it handles APIs and Chamberlain decided not to support that change.

A Chamberlain myQ garage door controller.
Chamberlain has a history of ending partnerships and integrations that were advertised alongside its smart garage door openers, impacting the functionality for those who already own them.Photo by Jennifer Pattison Tuohy / The Verge

It’s not dramatic, but for those use cases, the device has broken. And there’s no sense of what might break next.

So what can we do about this? There are a few things manufacturers could do, such as treat connected devices like a subscription rather than a one-time purchase, which will help set user expectations. Or manufacturers could set up payments and contracts with partners in advance that ensure a product works for a set amount of time after a user buys it. Another popular cry whenever a smart device dies or gets deprecated by a software update is that these products should all work locally, without having to connect to a remote server somewhere.

Keeping everything on the local network is certainly an option for folks running certain types of networks or those who want to set up their own servers, but that’s not for everyone. We may see some improvements here as Matter gets adopted across the industry because it will bring newer devices into the home that can provide basic functionality locally. But consumers need solutions that will meet the needs of most consumers for most connected products. Think of it as establishing a baseline for good device behavior. And for that to happen, we need to update our laws and regulations.

There are three potential policy options that currently exist or are being considered. The currently available option is for the Federal Trade Commission to use its power to get involved. The second option would rely on the upcoming cybersecurity labeling program from the Federal Communications Commission to create a robust guaranteed minimum support mandate for consumer IoT devices. The final option is some kind of federal right-to-repair law that addresses software and hardware.

Will the FTC save us?

The FTC’s superpower when it comes to keeping connected devices from breaking in unanticipated ways comes from its ability to stop unfair and deceptive acts or practices. This is the stick that the FTC used in 2016 to investigate Google when it said it would shut down the Revolv hub only 18 months after Google purchased the device maker.

For buyers who spent $300 on the smart home hub, Google shutting down the product represented a total loss of their investment. The FTC weighed in, and while it allowed Google to shut down the Revolv hardware, it also issued some questions via a blog post for manufacturers to consider when building a smart product. Frustratingly, seven years later, most companies still don’t have a public-facing answer to these questions.

n general, the FTC looks at three things when considering whether to go after a company: Is the practice causing harm? Is it unavoidable? And is it outweighed by countervailing benefits to consumers or to competition?

This is where this particular policy falls short. Is it harmful when a software calendar stops working on your fridge? Is it deceptive to sell people a $50 garage door opener in February that contains the label “Works with Google” on the box, only to pull that functionality a few months later? What if the manufacturers of the garage door opener take the label off the packaging going forward? What if they promise such interoperability and then never grant it, as Ring did for years related to HomeKit?

Or, in the case of Signify, the company behind the Philips Hue brand of lights and home security accessories, is it deceptive to sell a product to consumers and then, years later, ask them to provide new information in order for their products to keep working? Is it unfair to hold a buyer of your product hostage in search of an email address?

For the FTC, these myriad examples are irritating, but few rise to a level that makes it worth the agency’s time or attention. But for owners of smart home technology, this is a death by a thousand cuts, as their products behave in ways that break functionality in their homes or ask more of them than they are willing to give.

And when considering whether the harmful or unfair practice is unavoidable, one could argue that consumers have chosen to buy a smart product and could otherwise avoid such uncertainty. Caveat emptor still applies.

Rethinking right to repair

So, the FTC may not be the best option for consumers going forward. But the right-to-repair movement may provide some hope. Most current right-to-repair laws focus on hardware, ensuring that buyers of connected devices have access to the physical tools and diagnostic software to fix a product.

But Kyle Wiens, the CEO of iFixit and a champion of the right-to-repair movement, says that software will likely be a focus of future right-to-repair efforts. He points to issues such as companies that stop their security updates after a certain point, leading to the end of life for products, or software parts pairing, where a company ties hardware and software together so a buyer can’t replace hardware without the risk of breaking their device after new software updates.

“For the future, there should probably be a fundamental right to disconnect from the internet for anything that we buy,” says Wiens. The idea is that every connected device will retain some core functionality, even if the manufacturer decides to stop supporting security updates or shuts down. This may help in use cases such as Revolv or even Hue lights, but so much of the value of connecting something to the internet is the ability to establish relationships with other devices or web services.

Right now, three states have hardware-centric right-to-repair laws, but a federal law that addresses the ways that software can be used to stymie repairs and surprise users when software agreements break would help.

Paper over the issue with a label

And finally, over at the FCC, there is an effort to create a cyber label for consumer connected devices focused on ensuring that these products are secure. The FCC is in the middle of a rulemaking process where it is trying to figure out what a label should look like, what it means, and how consumers might interact with it.

As part of that process, the FCC asked about listing a minimum supported lifetime as part of a label. This minimum supported lifetime would guarantee security updates for a connected device for a set period of time.

f this supported lifetime also included assurances about keeping a device’s initial APIs connected (barring the death of a participating company) and its features intact, that might assure users that their fridge would connect to their calendar for at least a few years after they purchased it. It’s hard to justify adding software assurances to a cybersecurity labeling program, but there is a lot of value in forcing manufacturers to disclose to consumers how precarious the features and functionality of their connected devices are.

Creating a legal obligation to share how long a device stays secure or how long a manufacturer is willing to invest in cloud services and engineering time to keep the device running as expected is an essential element missing from today’s connected device market. And this isn’t an issue that only harms consumers who buy smart products. It limits the market.

I’m not entirely sure we have the political will to step up and protect buyers of smart devices right now. But I am sure that manufacturers are seeing the value of adding connectivity to cars, appliances, and smart home products. So we need to start thinking about how an internet connection changes what we’re buying and not just how it works, but also how it breaks. For many consumers, absent a set of rules to ensure a bit more certainty in their connected devices, it probably makes sense to stick with dumb products.