NSA Spying Scandal Sparks a New European Smart Home Platform to Protect Privacy
How data security tensions play into the approaches that Cisco, ABB and Bosch are taking to cloud-connected home automation
Jeff St. John
April 21, 2015
In Germany, a country considering broad new regulations to prevent citizens’ data from being passed through U.S.-based servers, a new consortium is promising a home automation platform that will keep its customers’ data within European borders.
Late last month, appliance maker Bosch, home automation player ABB, and networking giant Cisco announced they’re teaming up to create a technology platform for smart home deployments, starting in Europe. Dubbed Mozaiq Operations, the new consortium is promising to develop cloud-based software and in-home networking for use by appliance makers, home security vendors, consumer electronics manufacturers, automakers and other parties that want support for internet-of-things devices and applications.
But unlike the home automation platforms being built by Google and Nest or Apple for U.S. markets, Mozaiq will operate as a behind-the-scenes, white-labeled platform for other companies. And importantly, the consortium is promising that it will “not own the data of the customer, and [will] not mine the data of the customer,” Dirk Schlesinger, senior director at Cisco’s Internet Business Solutions Group, told me in an interview earlier this month.
“In the European context, that’s extremely important, because there’s a certain amount of apprehension by some to give their customer profiles to some companies,” he said. Mozaiq can also “guarantee that all the data is physically hosted in Germany,” or in specific countries chosen by its partners, he said. “We have to provide these capabilities, otherwise the whole thing won’t fly.”
These distinctions are becoming much more significant in light of Germany’s recent moves to limit data-sharing across U.S. servers and data networks suspected of being monitored by the U.S. National Security Agency.
Last week, German Chancellor Angela Merkel publicly proposed the creation of a European communications network that would strictly limit the transmission of emails and other electronic data outside of Europe. The move is in reaction to the ongoing flow of news reports, based on evidence disclosed by NSA contractor-turned-whistleblower Edward Snowden, that the NSA may be spying on European citizens.
In 2013, for example, the German newspaper Der Spiegel reported that documents provided by Snowden and subsequent investigation showed that the NSA had for years been monitoring the cell phones of European leaders, including Merkel. Further disclosures from Snowden indicate that the top-secret PRISM program has allowed the NSA to collect data from the servers of U.S. companies including Google, Apple and Facebook.
These companies have denied complicity with, or knowledge of, the U.S. government having direct access to their servers or data. Even so, last month a European Commission official warned EU citizens that they should not consider their personal data to be secure if it passes through U.S. companies’ servers.
Merkel’s newly announced plan to discuss a European-only internet with French President François Hollande is likely to be poorly received in the United States. The U.S. Trade Commission has labeled similar proposals from Deutsche Telekom as a “draconian measure” meant to “provide protectionist advantage” to European companies.
Schlesinger declined to comment on specific U.S. companies in relation to these issues. But he did point out that unlike companies that look to home automation as a channel to reach customers with more commercial offerings over time, or to make use of their data for profitable purposes, “we do not have to own the customers, because we’re making our money enabling the home automation experience for other customers.”
“We provide the platform, but we do not provide the applications,” he said. Instead, participating companies will pay Mozaiq for its services, build in-home hardware to its specifications, and then brand the services and manage the customers’ data in the manner of their choosing, he said.
The consortium hasn’t yet named other would-be members of its “partner alliance,” and it does not control how they may choose to manage their customers’ data. But “if you look at the German companies, they say that data privacy is an inherent value” to gaining customers, he said.
Customer data security has already arisen as a key issue for German utilities and retail energy providers. The Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany’s information security office, is overseeing privacy and security aspects of the country’s smart grid rollout, and has put customer data security rules in place as a prerequisite to wide-scale deployment of smart meters and in-home energy data collection devices.
Mozaiq’s architecture calls for an in-home device, or customer premise equipment, that can store and run certain basic functions without access to the cloud-based platform, which also have to meet BSI regulations, Schlesinger said.
Mozaiq hasn’t yet launched a commercial offering. “We do have a small-scale test environment which is up and running, but that’s totally internal, and it has been in a controlled environment,” in an ABB office building, said Schlesinger. “We’re aiming for a large-scale pilot with real households, including mine, starting in September, and then to go with a full-scale implementation starting early next year.”