In a TheNextWeb article entitled 'Why the DIY smart home revolution won't work', Martin Plaehn argues that a typical homeowner won't have the necessary skills to install and manage Home Automation (HA) gear:

Unfortunately for most homeowners, the 100 percent self-installed smart home is not, nor will it likely ever be, the reality.

And so, necessarily, these homeowners will need the help of Geek Squad type service providers:

For most installations of network-aware devices and home systems, consumers will want and need professional assistance.

Plaehn cites support for this view:

Consumer technology researcher Michael Wolf argued in a recent Forbes article that physical installation is one big reason why "DIY is the smart home industry's big lie." Wolf concludes that "Grandpa, Mom or even me" will likely need professional help installing "that new intelligent wall switch or smart water valve without electrocuting myself or flooding the house."

Plaehn's viewpoint is somewhat understandable given that he is the CEO of a company that offers these sort of services.

But leaving aside potential biases, let's acknowledge that homeowners will differ in their technical capabilities, interest, or willingness to take on the burden of directly dealing with their HA systems. I shovel my driveway in the winter, some neighbors have a snowblower, others (the chronically lazy if you ask me) hire a plowing service. Likewise, some will surely choose to outsource the burden of HA. Awesome, whatever floats your (autonomous) boat.

We should recognize that having third-party integrators set-up and configure a HA system may have some significant security and privacy implications. Specifically, the installation process may, unless guarded against, lead to the HA system being vulnerable to subsequent tampering through compromised authentication credentials.

As an example, if an installer is setting up a new Nest thermostat for the homeowner, they will need to connect the thermostat to the Nest cloud. Doing so requires that the installer be able to authenticate to Nest servers, but as the homeowner rather than themselves. How will this happen? Will the homeowner provide their Nest password to the installer? Or will the installer ask the homeowner to enter that password into the login screen (and hopefully discretely look away while the string is entered)? If the installer does learn the homeowner's Nest password, then they would be able to subsequently access the homeowner's Nest account and tamper with the thermostat settings. Notwithstanding the assuredly detailed and thorough security check the installation service companies put their employees through, would we be surprised if some disgruntled employee goes rogue?

Similarly, if while setting up a home security system with surveillance cameras, the configuration process leaks (either explicitly or implicitly) the homeowner's account credentials at the corresponding cloud, then there is a risk of those cameras being subsequently 'hacked' and used to give inappropriate visibility into the household.

Beyond the burden of installing individual devices into the home, Plaehn argues that a bigger challenge that must be addressed for Home Automation to achieve its potential is coordinating all these devices (potentially from different manufacturers) to work together:

As homeowners add more and more smart devices around their houses, it's only natural that many will want devices to perform in unison, like musicians in an orchestra. The problem is, there's no conductor to synchronize the discordant sounds, making them perform more like a band warming up than a beautiful concerto.

Of course, this synchronization is not a one-time step to be performed only at the time of installation of some new component (and so conceivably performed by an installation agent). There seems little chance of all useful coordinated behaviors being identified when the installer is in the house. 'Do you want your lights to dim when you watch a movie? You do? OK, I'll set that up. Now how do you like your morning toast?' etc.

Clearly defining the coordination behaviors between different components of the HA system only when an installer is on-premise will miss out on any coordination opportunities made possible as new features are added to the various components. Consequently, some homeowners might want a more long term management solution; i.e., I'll pay you $$ to ensure that my various HA components are always being used in an optimal manner.

What might a more optimal security model for third party integrators management (both initial and ongoing) of HA systems look like? One that:

1. gave to the installation agent only the minimum possible short-lived permissions to initially set-up the system, and did not give to them inappropriate long term access rights;
2. did not rely on the installer impersonating the homeowner as part of the configuration process, but rather relied on the homeowner delegating to the installer specific rights and permissions;
3. gave the integrator constrained remote management capabilities for ongoing enhancements and coordination changes, but still under the consent of the homeowner;
4. allowed the homeowner to revoke any permissions assigned the integrator, for both on-premise operations and long-term management; and
5. did not enable inappropriate correlation of the homeowner's activities at the different HA component providers.

I won't claim to know exactly how the plumbing for the above might work but I do have some ideas. (I do, however, feel completely confident making one claim - you can't build a solution with the above characteristics based on passwords.)

I believe that, as part of the architecture:

• key security operations (initial setup, policy changes) will require that relevant humans will be strongly authenticated;
• standardized authentication and authorization protocols like OAuth 2.0 and OpenID Connect 1.0 will be used;
• identities will be federated between the various HA component providers, obviating the need for the homeowner to establish accounts at each and every one;
• actors will authenticate to resources by presenting a security token on its request;
  the tokens will carry an actor's identity and/or permissions with respect to the requested operations; and
• it will be possible to reach out in real-time to obtain the homeowner's consent/authorization for ongoing management operations.

If I bring in an integrator to help me setup/configure some piece of HA equipment, I want to remain in control over the security of the architecture. I don't want a Geek Squad, I would only consider a *Meek* Squad; i.e., one subservient to me and that has only the security permissions I choose to assign to them.