TOTAL: ${[ getCartTotalCost() ]} Update cart for total shopping_basket Checkout

Privacy Tech | Tech trends: When IoT devices make headlines Related reading: How industry can protect privacy in the age of connected toys

rss_feed
APF17_WebBanner_300x250-COPY
Webcon_PA_300x250_ad_April-17_FINAL
PrivacyCore_ad_300x250-01

We all know smart devices are becoming more and more popular, so much so that people cannot stop gushing about them. They are making their way to executive condos in Singapore and are dominating tech conferences, such as CES 2017.

But if you are embedded in the privacy and security industries, you are well aware of the potential privacy and security risks smart devices possess, like headline-grabbing ransomware attacks on smart homes and cars. However, a recent string of incidents proves you can never underestimate the strange places smart device issues can arise.

Case in point: Realtors and homebuyers are discovering houses with smart devices may pose problems if the previous occupant is still connected to the system. 

If the smart devices are not reset when the new owner moves in, the former inhabitant may still be able to control any number of devices, whether it’s a garage door opener, a thermostat, or keyless locks.

Maybe it's just another in a string of issues causing smart-device anxiety, but it may also shine a light on a bigger issue as well. A National Association of Realtors’ survey found only 15 percent of clients even inquired about smart technology in the homes they are considering.

This gives rise to an important question to consider: Are IoT device makers and marketers doing enough to educate their consumers and users about the privacy and security issues that come along with the product? Clearly there's a market for smart devices, and if companies want to maintain the trust of the customers, perhaps they should consider adding in bits of privacy education for consumers — whether it's through marketing, or an easy-to-read guide that comes with the package. 

But smart home devices are not the only IoT devices making headlines of late. 

Germany’s Federal Network Agency launched a strong campaign telling parents to destroy their child’s My Friend Cayla doll following privacy concerns surrounding its smart technology. Researchers found hackers can compromise the doll through an insecure Bluetooth device within the toy to listen to and talk to children playing with it from up to 33 feet away.

U.S. consumer groups have joined the crusade against My Friend Cayla, filing a complaint against the doll with the Federal Trade Commission.

Or, consider the newly rebooted Teddy Ruxpin doll that's coming out. Similar concerns could manifest with the glorious return of the 1980s icon, as the new Ruxpin allows children to follow along with stories through a smartphone app connected via Bluetooth.

Et tu, Theodore?

This isn't the first time smart dolls have made privacy headlines. Hello Barbie was perhaps the first to do so nearly two years ago. One mom actually sued Mattel over privacy concerns with the doll.

However, Mattel features a very easy-to-read webpage explaining their privacy commitment. This is a quick way to answer potential privacy concerns without requiring a consumer to read a 10,000-word privacy policy. But for those who do want to go deeper, Mattel has provided a well-organized and consumer-friendly privacy policy, with a clear way of contacting the privacy office with any questions or concerns. 

Of course, companies putting those statements out there better be following through on those commitments. If not, it's probably a safe bet the FTC will come a'knockin'. 

The Future of Privacy Forum has been active in the IoT space, providing tips for manufacturers of smart home devices and children's toys. In a recent Privacy Perspectives post, the FPF's Stacey Gray, CIPP/US, outlined the complexity of privacy in the "smart toy" market. She also echoed a mantra that privacy pros may hear often: Just because it's legal, doesn't mean it's right. Toy makers "can go beyond their legal requirements and really build privacy and security into the design of their toys," she wrote. She also provided a helpful set of tips for smart toy makers to consider. 

Smart devices, while growing in popularity, are still growing as an industry and will continue to do so at a dizzying pace. For now, when privacy and security professionals look at smart devices, they should look to these best practices and find creative and innovative ways to educate their consumers and convey their privacy commitment. 

Of course, as we forge further into an IoT-world, more devices will make headlines. Having privacy and security built in from the beginning, and a clear way to communicate those protections, will help companies stem the publicity challenges and maintain consumer trust. 

Top image courtesy of the Future of Privacy Forum

1 Comment

If you want to comment on this post, you need to login.

  • comment Brian Levine • Mar 1, 2017
    It's painful to see the abysmal level of security and complete lack of privacy/security considerations that went into the design and development of CloudPets-Spiral Toys product. Unsecured mongo-db publicly accessible on the cloud, weak passwords, un-authenticated access to S3 storage. It's clear the architect/engineers had no concern for security in their design. This is a complete failure from the top level down to make basic consumer protection a required feature of their products. For a small investment, basic mistakes like this are easily designed out or corrected after the fact. Is there any financial/legal recourse expected for Spiral Toys?