Last October New York lawyer Michael Price bought a new TV and what he read in the accompanying paperwork disturbed him.
In “I’m terrified of my new TV: Why I’m scared to turn this thing on” Price described how Samsung’s privacy policy worried him, particularly the way the voice recognition data was handled, “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”
Disgraced former CIA director David Petraeus told a venture capital conference in 2012 that security agencies will track people through their dishwashers and Price pointed out a smart TV listening to a room’s conversations fits Petraeus’ vision nicely.
At the time of its publication at the end of October Price’s story received some coverage among the information security, privacy and internet of things community then sank until last weekend when a tech site picked it up.
At that stage, the story took on a new life with media outlets around the world running stories on how Samsung TVs are spying on customers.
For Samsung the story is was major embarrassment and they were quick to point out they don’t actually collect data.
To be fair to Samsung, they aren’t alone in having products that can listen to their users; almost every voice activated device has this capability and we can expect everything from smartphones to TVs and connected cars to be able to record voice and, through cameras, our movements.
The marketing and social media industries, like General Petraeus, are enthusiastic about the surveillance opportunities of these devices; Facebook’s Share and Discover feature for instance opens the microphone when a user starts typing an update to determine what music is being played.
In the internet of things, it’s not just a smart TVs microphone that’s a potential problem as pretty much every connected device is generating information that can be used by government agencies, insurance companies and plaintiffs to track hapless users.
Collecting this data also presents a range of risks beyond subpoenas from government agencies and angry litigants, for the vendors of smart devices there is also the problem of complying with various privacy rules, securely storing customers data and ensuring their business partners also respect user information.
Samsung tried to manage this risk by adding a ‘don’t say stuff near our TV’ clause in the term and conditions, something that backfired dramatically and illustrates the impossibility of managing risk out of your business.
While companies will struggle with the legalities of capturing massive amounts of customer data, the public in general have to face the risks of allowing everything from their kettles to their cars collecting information on them.
The predicament for users is that turning off the ‘smart’ functions – assuming that is possible – remove much of the device’s functionality so the trade off between convenience, security will be a difficult compromise for many people.
For the Internet of Things industry the task now is to convince the public their devices are trustworthy, stories like the Samsung TV snooping on people isn’t going to help their efforts.