America’s Favorite Door-Locking App Has a Data Privacy Problem

Great for landlords. Not so great for you.

Credit: Latch

Latch is on a mission to digitize the front door, offering apartment entry systems that forgo traditional keys in favor of being able to unlock entries with a smartphone. The company touts convenience — who wants to fiddle with a metal key? — and has a partnership with UPS, so you can get packages delivered inside your lobby without a doorman. But while it may keep homes private and secure, the same can’t be said about tenants’ personal data.

Latch — which has raised $96 million in venture capital funding since launching in 2014, including $70 million in its Series B last year — offers three products. Two are entry systems for specific units, and one is for lobbies and other common areas like elevators and garages. The company claims one in 10 new apartment buildings in the U.S. is being built with its products, with leading real estate developers like Brookfield and Alliance Residential now installing them across the country.

Experts say they’re concerned about the app’s privacy policy, which allows Latch to collect, store, and share sensitive personally identifiable information (PII) with its partners and, in some cases, landlords. And while Latch is far from the only tech company with questionable data practices, it’s harder for a tenant to decouple from their building’s door than, say, Instagram: If your landlord installs a product like the keyhole-free Latch R, you’re stuck. The issue of tenant consent is currently coming to a head in New York City, where residents of a Manhattan building are suing their landlord in part over privacy concerns related to the app.

“[Latch’s] privacy policy allows some uses I would urge them to reconsider.”

“Smart locks can be a great convenience and even privacy-enhancing for residents by allowing them to change codes when they wish or to allow one-time entry by a service provider, but they need strict privacy design and information governance to ensure they don’t cause more harm than good,” Jules Polonetsky, CEO of the Future of Privacy Forum, a nonprofit advocating for principled data practices in support of emerging technologies, tells OneZero. “[Latch’s] privacy policy allows some uses I would urge them to reconsider.”

Latch CEO Luke Schoenfelder declined to be interviewed on the record for this article, but in a statement pointed to the fact that the company provides three methods of entry — unlocking through a “door code,” a Bluetooth-smartphone connection, or a physical keycard — as evidence of how it accommodates varying sensitivities to the technology. But he also said in the statement that these different options are “at the discretion of each building’s policy,” so all three methods aren’t guaranteed in every building. And where they are, it’s still difficult to avoid using a smartphone. The door codes are obtained through the Latch smartphone app and keycards require jumping through additional hoops. The Latch website instructs users interested in obtaining one to contact their property manager for their building’s policy on keycards.

In addition to collecting, storing, and sharing information like a user’s age and “profile,” Latch’s privacy policy states the company may receive, store, and process information about users’ location, including general information (e.g. IP address or zip code) and more specific GPS-based information. Latch also captures and stores photos and videos of those who interact with the hardware. The privacy policy gives an example of how the physical systems installed in buildings could record a video clip when a tenant’s guest enters with a code or their smartphone.

And though the privacy policy explicitly states that Latch “may receive, store, and process” a user’s location information, Schoenfelder said in his statement that the app doesn’t actually “capture, store, or use” that info, explaining that some Android devices require GPS to use Bluetooth functionality that Latch relies on. He also said Latch “does not share users’ personal data with third parties for marketing purposes, and we do not make any revenue from data sharing.”

Of course, privacy policies — and a company’s business model — can change, to which Schoenfelder says, “We are currently revising our privacy policy to remove any possible ambiguity and to make our strong record of privacy protection crystal clear.”

“[The privacy policy] gives the impression that it’s there to protect privacy, when it really provides broad leeway about what information can be collected and how it can be used.”

The CEO confirmed landlords can see data regarding access events for systems in common areas. This is one of the main grievances raised in the lawsuit currently unfolding in a rent-regulated building in the Hell’s Kitchen area of Manhattan, where tenants say Latch is tracking them as part of a pattern of harassment by the owners to push them out of their apartments so they can rent them at market rate.

“Once I come into the building using Latch, the landlord is immediately notified,” Charlotte Pfahl, one of the five plaintiffs, told the New York Post.

Additionally, if a building is sold, the new owner “may” automatically receive the data collected. The privacy policy doesn’t explain why this data would be transferred, but goes on to say the new owner “may continue to use your user information (including PII).”

Amie Stepanovich, the U.S. policy manager for digital rights organization Access Now, says the system is “invasive” and that “Latch’s privacy policy fundamentally rejects basic tenets of privacy.”

“The entire system is coercive and carries huge risks for abuse, discrimination, and serious harm, which of course will hurt the most vulnerable populations the most,” she says.

But this is not obvious to tenants. The worrying information about data usage is buried in the company’s 3,000-word privacy policy, which, like many similar tech terms of service, is long, vague, and difficult to read.

“[The privacy policy] gives the impression that it’s there to protect privacy, when it really provides broad leeway about what information can be collected and how it can be used,” Stepanovich says. The policy also explains that while third-party companies are involved, Latch assumes no responsibility for their practices and encourages users to read those third parties’ similarly long, jargon-filled privacy policies. Other than the financial transaction provider, the policy gives no insight into the types of third-party companies that may be involved.

After building an industry on exploitative data practices, tech companies are increasingly coming under fire for how they use customer data — and the lack of transparency around those uses. The issue has been front and center at least since Mark Zuckerberg testified before Congress in April 2018, and now the U.S. Federal Trade Commission announced it plans to investigate technology companies’ collection and use of consumer data. On a recent earnings call, Facebook said it expects to spend between $3 billion and $5 billion to settle the FTC’s ongoing investigation into its handling of user data, which shows how potentially massive such penalties could be. Other tech giants, from Amazon to Google, are also feeling the heat as 2020 candidates make tech regulation a central policy debate.

“Technology is really great at solving some problems, but its use in certain situations carries intolerably high risks, all of which are exacerbated by the fact that the United States still does not have a comprehensive data privacy law that could provide necessary safeguards for the collection and use of data,” Stepanovich says.

Unlike Facebook, Google, or Amazon services, though, Latch represents an opportunity to look at data privacy through something tangible: the barrier between yourself and your home. By forcing you to sign a privacy agreement to open your front door, Latch helps us see how the internet of things has brought bad data policies off-line, normalizing invasive technology. It’s a new perspective on what’s really at stake when we sign that dotted line.