Will Your Black Friday Deals Spy on You Afterwards?

So with all the camping out in front of the stores and BIG electronic deals that will be given away next week, this article “LG Smart TVs logging USB filenames and viewing info to LG servers” already had caught my eye once this week and then again when my good friend and colleague Joel Rothman also pointed it out yesterday. So it got me thinking, are we as consumers still a part of the data sharing problems AND are brands still doing enough to protect the users of their products?

g6WzfIFh

But to set the tone first, you heard us talk about this week the FTC held a workshop this week to address “The Internet of Things”.  Here is a good rundown of what was said. The Internet of Things  is ability of everyday devices to communicate with each other and with people and is becoming more prevalent and often. Connected devices can communicate with consumers, transmit data back to companies, and compile data for third parties such as researchers, health care providers, or even other consumers, who can measure how their product usage compares with that of their neighbors.

Our good friend and blog co-author Ben Isaacson did a great post yesterday titled You Are Not the Product, I am in which he touched on having clearer notice, consent, and choice from users when they use your products.

The above article about LG’s smart TV’s talks about a user who bought a A smart TV, sometimes referred to as connected TV or hybrid TV which wikipedia describes as a “trend of integration of the Internet and Web 2.0 features into television sets and set-top boxes, as well as the technological convergence between computers and these television sets / set-top boxes” and the TV began to report his watching habits to the manufacture without his consent and knowledge.

Now, we all know that these new devices have a higher focus on online interactive media, Internet TV, over-the-top content, as well as on-demand streaming media, and home networking access, with much less focus on the traditional broadcasting media that traditional television sets and set-top boxes offers. Similar to how the Internet, Web widgets, and software applications are integrated in modern smartphones, the name “smart TV” is akin to “smart phone. A lot of us know these systems have the ability to report back information about the users and their uses of such applications. However, in most cases there is a warning to the user and a choice given if they want this to occur. I personally see this all the time when an new iPhone app wants to access say my location.

HT5594--maps_location_permission--en

However, in the article DoctorBleet’s notes a few things to the contrary of true notice, consent, and choice.

  1. The device (TV) and brand ASSUMED that the user wants to be AUTO OPTED-IN to giving up their watching habits whether or not it based on what they see from any broadcasting services, but also what they may be watching locally through a home sharing network bridge or USB pluggable device.
  2. The the user was properly notified by a third party retailer selling the T.V. that their watching habits where being collected and shared when it was plugged in from the start.
  3. That the option to turn this off ignored the users choice and continued to send the data otherwise. Hoping this is a bug.

My thoughts on just this example?

  1. How can a company assume or make the choice for consumer in secrecy and especially one that is so invasive to their privacy in the comfort and security of their home. That is NOT choice. Choice is giving the ability to someone to control how they want data about themselves being shared or used. This isn’t a choice given to them. This is the manufacture choosing for them.
  2. I “love” the response from LG’s customer support desk. “hrmmm, well even though its our product the retailer should shave warned you about EVERYTHING our product does” Really? This is so wrong on some many levels.
    • We already know that many courts this excuse would not hold up. Why? We know that those public signs you might see at a car wash saying “we are not responsible for lost of stolen article and or damage to your vehicle” so called contracts are NOT enforceable in many states. There is no legal adherence or acceptance just by reading. There is no knowing whether the reader understands it or is even of an consenting age to accept such a contract. There is no knowing the user saw it (think grandma). The manufacture wants the retailer to become the legal enforce entity in all this? Riiiggghhhtt
    • It’s NOT the responsibility of the store to explain the ins and outs especially in data. I would almost guarantee you that any electronic store if asked or required by the manufacture to also explain the privacy controls and or policy of the manufacture, they wouldn’t sell the product for them as it puts them into a legal position.
    • We already know that much of the advertising of products even online doesn’t have all the correct details as to what the product does or does not do. Heck, I’ve gone to physically stores after researching online and either found the product did more or less than I was lead to believe. So how does the brand expect the retailer to not only get the technical details right much less the privacy policy? As it stands today, people don’t read or even understand this completed policies and you want the high-school kids working at the local electronic stores to know this much less their homework 😉
  3. I hope there is a code flaw though in DoctorsBeet’s example of turning this feature off and then the manufacture ignoring the choice here. This can’t be true if a manufacture decided to say “ehhh, the user wasn’t serious or HAS to be wrong on not giving us this data, so we will make the choice again to ignore this ask
  4. Lastly, who in their right mind doesn’t encrypt Personal Identifiable Information (PII) as it is being transmitted across the Interwebs? Just think about it, would you want your bank NOT to encrypt the data sent back and forth between you and them? I know that this transfer in his example is not sensitive in nature, but we all know how easy today it is to make assumptions about someone just by looking at a few small data points today. You can then take those small bits of data and even integrate or re-identify them by using other public data points like their Twitter or Facebook post to say X, Y, or Z about someone.

I don’t have to beat a dead horse here folks on the ideals of choice for the consumer, but come on brands. Your missing a great opportunity to do just that! Did you forget? Even the U.S. Federal Trade Commission (FTC) released a set of recommendations for businesses and Congress about the collection and use of consumers’ personal data. The FTC calls for “privacy by design,” simplified choices and greater transparency. The report even included indications that the FTC is concerned about comprehensive tracking like this above

There are five main action items in the framework:

  1. Do Not Track: This is probably the furthest along. Browser vendors are now offering do-not-track options for consumers to limit data collection, the Digital Advertising Alliance is committed to respecting them, and standards bodies are working to standardize.
  2. Mobile: The FTC wants to make mobile privacy protections “short, effective and accessible to consumers on small screens.”
  3. Data Brokers: This is a bigger one. The FTC wants a centralized Web site where data brokers identify themselves and disclose how they collect data. It also supports Congress’s efforts to give consumers access to data about them held by brokers.
  4. Comprehensive Tracking: The FTC is concerned about ISPs, operating systems, browsers and social networks comprehensively tracking users’ online activities, but it won’t address this until a public workshop in the second half of this year.
  5. Enforcing Self-Regulatory Codes: The FTC said it will help enforce industry-specific codes of conduct.

Get your act together manufacturers. Ensure that your giving choice and then sticking to that choice for consumers sake. Self-regulatory only works if your willing to invest time and effort into it.

Same to you readers, make sure as you get more entrenched into your electronics on Christmas morning that your looking out for yourselves. I know, its fun to start using them, but take some time to check the options menus and make sure there aren’t any choices that have been made for you or that are controversial to your wellbeing and rights.

Be careful next week with buying these new products. I know the holiday’s are a joyous once, but they can also be dangerous to your privacy if you get too joyous and forget to protect yourself.

Happy holidays everyone!

-Dennis

One thought on “Will Your Black Friday Deals Spy on You Afterwards?”

  1. Ben Isaacson says:

    Most companies don’t realize there is already a law requiring tv cos to get consent for pii or behavior sharing. http://www.leginfo.ca.gov/cgi-bin/displaycode?section=pen&group=00001-01000&file=630-638

Leave a Reply

Your email address will not be published. Required fields are marked *