No excuses: Families deserve secure smart devices
The Teddy Bear and Toaster Bill (SB 327), authored by California State Sen. Hannah-Beth Jackson, was introduced last month. It has a simple goal: bring much-needed basic security and privacy practices to the connected devices filling our homes. It would ensure that devices recording your child's bedroom at night or listening in on your early morning kitchen musings have reasonable security. And it would ensure that families know what information the devices they buy are capable of collecting and that they have control over that collection.
Consumers should be able to make informed decisions about whether they want a teddy bear with a microphone in their homes or when they want a fridge's camera to stop recording. Keeping personal information secure and being upfront with users doesn't seem like too much to ask.
But for many, apparently, it is.
As usual, much of the industry seems to have little regard for keeping its devices secure or being upfront with consumers, focusing more on getting the latest hit gadget to market quickly and cheaply.
So they're up to their typical tactics: Companies are clamoring that these rules should not apply to them, and they're trotting out the same standard refrains used whenever someone tries to hold them accountable.
The first concern is that these rules aren't needed.
Looking only at the security context, reality tells a different story. Many of these devices are unbelievably insecure. From the VTech breach in 2015 to the CloudPets leak earlier this year, millions of parents' and children's photos, names, and audio messages have been exposed. Innumerable web cameras and other devices with lax security have been used to take down major internet news, shopping, and other sites. And experts predict that the hacking of smart devices will only increase in 2017, leading to everything from privacy harm to physical risk.
Another alleged concern is that it will be impossible to comply.
This has come up regarding the bill's notice provisions -- for example, that companies must tell consumers that a device can collect information and when they're collecting it. Some devices already do provide such information: Both the Amazon Echo light and CogniToys' Dino light -- which indicate when they're listening to you -- also explain on their boxes that they can collect information. So the notion that this is impossible seems a little disingenuous. Moreover, if these devices can't succinctly explain which information they collect, how is a harried parent supposed to figure it out?
Families are tired of hearing the same old excuses. That's why we have this bill, and that's why we're working to get it passed. We've reached out to the makers of children's toys for their support. And we will be reaching out to others harmed by insecure devices. Stay tuned: Next week we're holding a press conference with Senator Jackson.
Related Advice & Top Picks
Your privacy is important to us. When you sign up as an advocate:
- Common Sense Kids Action will send you periodic email alerts on legislative activity that affects your community.
By providing us with your email address and clicking the submit button (above), you acknowledge and agree to the above.