Kohler’s Smart Toilet Cameras Claim E2EE Despite Data Access
▼ Summary
– Kohler faces criticism over privacy concerns with its new Dekoda smart toilet, which uses cameras and claims to have “end-to-end encryption.”
– The $599 Dekoda attachment uses optical sensors and machine learning to analyze health data, requiring a subscription starting at $7 per month.
– True end-to-end encryption typically means only the sender and recipient can decrypt data, as used in apps like Signal.
– A software engineer revealed Kohler’s encryption means data is encrypted until it reaches Kohler’s servers, where the company can decrypt and process it.
– Kohler’s statement confirms the data is encrypted in transit and at rest but is decrypted on its systems to provide the service.
The privacy claims surrounding Kohler’s new smart toilet camera are under intense scrutiny, raising significant questions about data security and the true meaning of end-to-end encryption for a device that films inside a toilet bowl. The company’s Dekoda health product, a $599 toilet attachment requiring a monthly subscription, uses optical sensors and machine learning to analyze waste, promising users private health insights through a dedicated app. Kohler’s marketing emphasizes features like fingerprint authentication and end-to-end encryption (E2EE) to assure customers of their privacy and security, a claim that is now being challenged by experts.
Typically, consumers encounter E2EE in messaging platforms like Signal, where data is encrypted during transmission and can only be decrypted by the intended sender and recipient, locking out even the service provider. Applying this concept to a camera inside a toilet presents unique and troubling questions. Software engineer Simon Fondrie-Teitler, a former FTC technology advisor, investigated these claims, noting the Kohler Health app lacks user-to-user sharing features. His inquiries to Kohler’s privacy team revealed a critical detail: the company itself is the other “end” capable of decrypting the data.
According to email exchanges published by Fondrie-Teitler, Kohler clarified that user data is encrypted at rest on the user’s mobile phone, the toilet attachment, and on Kohler’s own systems. Data in transit is also encrypted end-to-end as it travels between the user’s devices and Kohler’s servers, where it is then decrypted and processed. This interpretation of E2EE differs markedly from the common understanding, as it allows Kohler employees access to the decrypted information. When pressed for confirmation, a company spokesperson provided a statement essentially arguing that data is encrypted from one end (the toilet) until it reaches the other end (Kohler’s servers). This admission confirms that, contrary to the strong privacy implications of the term E2EE, Kohler retains the technical ability to access and process the sensitive health data collected, a fact not immediately clear from their promotional materials.
This situation highlights a growing concern in the Internet of Things (IoT) sector, where marketing language can obscure technical realities. For a device collecting deeply personal biological data, the distinction between encryption in transit and true end-to-end encryption where the service provider cannot decrypt is paramount. The backlash serves as a cautionary tale for consumers, emphasizing the need to look beyond buzzwords and understand exactly who can access their data when it comes to connected health devices in the most private spaces of the home.
(Source: Ars Technica)
