Samsung SmartTV an 'absurd' privacy intruder, Ann Cavoukian says
Canada 'falling behind' on regulating internet of things, former Ontario privacy watchdog warns
Samsung's SmartTV won't watch viewers watching it back, but it will eavesdrop — a revelation one of Canada's most respected privacy advocates slammed as "unbelievably outrageous."
Former Ontario privacy commissioner Ann Cavoukian, who devised the "privacy by design" concept that's recognized worldwide as a basis for data protection, said Samsung's voice-controlled gadgets underscore the need to update Canada's regulations concerning Wi-Fi-enabled appliances.
"It's absolutely essential right now because we're falling behind," said Cavoukian, the current executive director of the Privacy and Big Data Institute at Ryerson University.
"With Samsung, it's like all of sudden you have to monitor what you should say in your home — the last bastion of privacy, a place that's supposed to be sacrosanct. Are you kidding me?"
Samsung promises that SmartTV viewers need only "speak into the new Smart Remote's built-in microphone" to command it to find a desired channel or film.
- Samsung SmartTVs may share private talks with 3rd party
- Smart TVs that send data without consent will be fixed: LG
- What's hidden among the Internet of Things?
But as The Daily Beast first reported, one line buried in the South Korean company's privacy policy states that viewers should be aware that "personal or other sensitive" conversations "will be among the data captured and transmitted to a third party" through the voice-recognition technology.
That's a major overstep for privacy advocates, who point out that both U.S. and European Union regulators are already addressing concerns about the so-called internet of things — a term used to describe the growing constellation of wirelessly connected items.
IOT devices such as Samsung's SmartTV and LG's Smart ThinQ Refrigerator, which can send grocery lists to phones or warn consumers about expiration dates, are an exploding tech trend.
The market is projected to hit $7.1 trillion by 2020, according to the IT research agency IDC.
If it's going to be collecting everything you say in your living room, that kind of security vulnerability is a real problem.- Parker Higgins, activist with the Electronic Frontier Foundation
"IOT isn't a fringe thing for a handful of geeks. It's something that's now going to be in your life, and security isn't always up to scratch," says Electronic Frontier Foundation activist Parker Higgins.
Higgins notes that a 12-year-old hacker last year "collected a bounty" from a smart TV manufacturer by finding and reporting a security bug.
In 2013, LG Electronics Inc. confirmed some of its smart TVs were sending information about viewing habits without consumers' consent, and vowed to fix the problem.
"If it's going to be collecting everything you say in your living room, that kind of security vulnerability is a real problem," Higgins said.'
Privacy by design
Last month, the U.S. Federal Trade Commission outlined its internet privacy concerns, which follows on the heels of the EU's data-protection Working Party report late last year.
Both groups encouraged adopting Cavoukian's privacy-by-design principles, in which privacy measures are "baked in" to the technology from the get-go.
"Europe is ahead, and I applaud the FTC for taking a position that's strong, bold, and exactly what is needed here," Cavoukian said.
Canada has not yet announced its policy, though that may change this year, according to the federal privacy commissioner's office.
"I can tell you that our office is currently looking at the privacy issues that can arise from increasingly smart devices, or the internet of things," spokesperson Valerie Lawton said. "We expect to publish a series of research papers later this year."
Better enforcement
That report, Lawton said, could also "inform our advice to Parliament" on future policy and compliance activities.
Canada has a general Personal Information Protection and Electronic Documents Act, which lays out ground rules for how companies can collect, use or disclose personal information for commercial activities.
- Read Samsung's Global Privacy Policy SmartTV supplement
- Samsung smart home system to be built into Toronto condo
- Read the Personal Information Protection and Electronic Documents Act
Organizations would have to explain why they're collecting personal information before or at the time of the collection, obtain informed consent and limit the amount and type of data they gather.
But Mandy Woodland, a technology and privacy lawyer in St. John's, NL, wants to see legislation upgraded before the smart electronics revolution outpaces Canada's laws.
"Privacy by design is a worldwide concept that's happily invented in Canada, so it would be wonderful to have," she said.
"I'd love it if there were better ways of enforcement [and] a better mechanism by which the government could push compliance to particular manufacturers."
Baby monitors
Among the concerns being raised are the potential consequences in bringing home something as seemingly innocuous as a Wi-Fi-enabled baby monitor.
Woodland referred to a Forbes magazine report that said "people would hack into these Foscam baby monitors, and someone would find an individual had hacked it and was screaming obscenities at their baby, which is quite scary."
Samsung is saying that if they don't like it, they can disconnect. How absurd. It's so unbelievably outrageous.- Ann Cavoukian, executive director Ryerson University's Privacy and Big Data Institute
Woodland also worries that smart TVs or other appliances that potentially collect information about patterns of behaviour, such as a smart fridge that logs how much beer someone buys, could end up reporting that information to insurance firms.
Although Samsung sent a statement reminding users that SmartTV's voice-command feature can be deactivated, Cavoukian takes issue with the "listening" mode being a default.
- The iHome expected to be Apple's answer to HAL 9000: Don Pittis
- Jeremy Rifkin sees new economy arising from Internet of Things
Researchers have found that "80 per cent of the time, people will leave it on the default setting" simply because few consumers would read the fine print to learn whether they should opt out, she says.
"Samsung is saying that if they don't like it, they can disconnect. How absurd. It's so unbelievably outrageous," Cavoukian said.
"People expect to guide channels on TV with their voice. What they don't expect is a stupid device that can potentially capture all their conversations. Really, who would even think that?"