From Microsoft’s Kinect to Amazon’s Echo, gadgets have evolved to the point where they are ready and waiting to receive and understand our every command, but does their ability to “hear” us mean they are actually always listening?
The Electronic Privacy Information Center (EPIC) posted a letter to the Federal Trade Commission and the Justice Department requesting an investigation into “always-on” technologies and consumer devices with concerns on that point, The Washington Post reported late last week.
The group would like regulators to take an in-depth look at the privacy implications that may surround devices with voice controls, which essentially always remain on.
In its letter, EPIC explained: “Americans do not expect that the devices in their homes will persistently record everything they say. By introducing “always-on” voice recording into ordinary consumer products such as computers, televisions and toys, companies are listening to consumers in their most private spaces. It is unreasonable to expect consumers to monitor their every word in front of their home electronics. It is also genuinely creepy.”
The group urged the agencies to examine whether always-on technologies actually violate the Wiretap Act, state privacy laws or the FTC Act. EPIC insisted that the FTC and the Department of Justice conduct a joint workshop on “Privacy and Law: The Implications of ‘Always-On’ Consumer Devices” to address questions and concerns from consumers who engage with the technology.
EPIC’s letter also points to some concerns with specific companies and their always-on devices.
It calls attention to Google’s Nest Cam, which EPIC said “records and stores 30 days of the footage that it collects from inside the homes of consumers,” noting that the company has not provided enough information to consumers on how it analyzes the data it receives.
The letter also identifies Samsung’s Internet-connected SmartTV as a major threat to privacy.
“When the voice recognition feature is enabled, everything a user says in front of the Samsung SmartTV is recorded and transmitted over the Internet to a third party regardless of whether it is related to the provision of the service. Samsung has conceded that it does not encrypt all of the communications it sends to its third-party, voice-to-text processor,” the letter stated.
“Many consumers were shocked and in disbelief that Samsung’s SmartTV voice recognition software involves recording and transmitting their personal communications,” EPIC added.
EPIC filed a formal complaint with the FTC concerning the Samsung SmartTV earlier this year on the grounds that Samsung’s recording of private communications is an unfair and deceptive trade practice, violating the FTC Act, the Children’s Online Privacy Protection Act, The Cable Act and the Electronic Communications Privacy Act.
In recent months the FTC has taken a keen interest in the heightened security risks posed by the Internet of Things (IoT), which is already impacting the daily lives of millions of Americans through the adoption of health and fitness monitors, home security devices, connected cars and household appliances, among other applications.
“The only way for the Internet of Things to reach its full potential for innovation is with the trust of American consumers,” FTC Chairwoman Edith Ramirez said earlier this year. “We believe that by adopting the best practices we’ve laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized.”
Key suggestions for companies developing IoT devices include building in security at the outset (rather than as an afterthought), training employees about the importance of security, fully vetting the capabilities of outside service providers, advocating for multilayered security strategies (“defense-in-depth”) and monitoring connected devices throughout their expected life cycles.