Browse all articles

No excuses: Families deserve secure smart devices

Common Sense Kids Action addresses the "smart device" industry's concerns with SB 327, the Teddy Bear and Toaster Bill.

The Teddy Bear and Toaster Bill (SB 327), authored by California State Sen. Hannah-Beth Jackson, was introduced last month. It has a simple goal: bring much-needed basic security and privacy practices to the connected devices filling our homes. It would ensure that devices recording your child's bedroom at night or listening in on your early morning kitchen musings have reasonable security. And it would ensure that families know what information the devices they buy are capable of collecting and that they have control over that collection.

Consumers should be able to make informed decisions about whether they want a teddy bear with a microphone in their homes or when they want a fridge's camera to stop recording. Keeping personal information secure and being upfront with users doesn't seem like too much to ask.

But for many, apparently, it is.

As usual, much of the industry seems to have little regard for keeping its devices secure or being upfront with consumers, focusing more on getting the latest hit gadget to market quickly and cheaply.

So they're up to their typical tactics: Companies are clamoring that these rules should not apply to them, and they're trotting out the same standard refrains used whenever someone tries to hold them accountable.

The first concern is that these rules aren't needed.

Looking only at the security context, reality tells a different story. Many of these devices are unbelievably insecure. From the VTech breach in 2015 to the CloudPets leak earlier this year, millions of parents' and children's photos, names, and audio messages have been exposed. Innumerable web cameras and other devices with lax security have been used to take down major internet news, shopping, and other sites. And experts predict that the hacking of smart devices will only increase in 2017, leading to everything from privacy harm to physical risk.

Another alleged concern is that it will be impossible to comply.

This has come up regarding the bill's notice provisions -- for example, that companies must tell consumers that a device can collect information and when they're collecting it. Some devices already do provide such information: Both the Amazon Echo light and CogniToys' Dino light -- which indicate when they're listening to you -- also explain on their boxes that they can collect information. So the notion that this is impossible seems a little disingenuous. Moreover, if these devices can't succinctly explain which information they collect, how is a harried parent supposed to figure it out?

Families are tired of hearing the same old excuses. That's why we have this bill, and that's why we're working to get it passed. We've reached out to the makers of children's toys for their support. And we will be reaching out to others harmed by insecure devices. Stay tuned: Next week we're holding a press conference with Senator Jackson.

Share your "smart device" concerns by sending us a message!

Ariel Fox Johnson
Ariel Fox Johnson is Senior Counsel for Global Policy at Common Sense Media, where she advocates for smart practices, policies, and rules to help all kids thrive in today’s wired world. Her work focuses on enhancing family privacy rights, strengthening students' educational privacy, and promoting robust consumer protections in the online world. She frequently advises policymakers, industry, and tech experts, and has helped develop laws on student privacy, consumer privacy, and the Internet of Things. Ariel is a graduate of Harvard College and Law School. Prior to joining Common Sense, Ariel worked on privacy, media, intellectual property, and technology matters at corporate law firms, and provided pro bono assistance to nonprofits and asylum seekers.