Kohler is currently facing criticism after an engineer highlighted potential privacy issues with the company's newly launched smart toilet cameras, suggesting they may not provide the level of privacy Kohler claims. This debate has put the spotlight on Kohler's application of 'end-to-end encryption' (E2EE) and the limitations of using a device that films activity inside a toilet.
In October, Kohler introduced the Dekoda, its first health-oriented product, priced at $599 with an additional subscription starting at $7 per month. According to Kohler's announcement, Dekoda is a toilet bowl attachment equipped with 'optical sensors and validated machine-learning algorithms,' meant to provide 'valuable insights into your health and wellness.' The product is described as offering users continuous, private monitoring of key health indicators through the Kohler Health app, which implements features like fingerprint authentication and end-to-end encryption to ensure user privacy and security.
Most people recognize E2EE from messaging apps such as Signal, where messages are encrypted during transmission and only accessible to the sender and receiver, thereby preventing third-party access, including by the app developer.
However, questions arise regarding how E2EE applies to a camera installed inside a toilet. Simon Fondrie-Teitler, a software engineer and former technology advisor for the Federal Trade Commission, explored this issue. In a recent blog post, he noted that 'Kohler Health doesn’t have any user-to-user sharing features.' Upon inquiring with Kohler's privacy contact, he learned that the other 'end' capable of decrypting the data is Kohler itself: 'User data is encrypted at rest, when stored on the user’s mobile phone, toilet attachment, and on our systems. Data in transit is also encrypted end-to-end, as it moves between the user’s devices and our systems, where it is decrypted and processed to provide our service.'
Ars Technica reached out to Kohler for clarification on whether the above description accurately represents Dekoda's 'E2EE' and if Kohler employees have access to data from Dekoda devices. A Kohler spokesperson replied with a statement that essentially affirmed that data, captured by the toilet camera, is encrypted from one endpoint to another, specifically until it reaches Kohler's servers, where decryption and processing occur. The statement reads, in part: