Samsung's Smart TVs Are Collecting And Storing Your Private Conversations
from the I-hear-the-secrets-that-you-keep/when-you-talk-by-the-TV dept
Guess who's eavesdropping on you now? It's not some nefarious government agency (although, rest assured, there has been no downturn in surveillance). Nope, it's that smart TV you paid good money for and invited into your home.
The "now" is misleading. Smart TVs have been doing this ever since manufacturers decided customers preferred to order their electronics around orally, rather than using the remote they can never find. And that's just the "eavesdropping" part. Most smart TVs are harvesting plenty of data on top of that, including viewing habits, search terms, browsing history… pretty much anything that makes a TV "smart" is collected and transmitted not just to the manufacturer, but to plenty of unknown third parties. Usually, this information is used to send "relevant ads" to TV owners, as if the several hundred dollars spent on the device wasn't enough of a revenue stream.
Samsung -- which is currently catching a lot of internet heat for its so-called "Privacy Policy" -- is no exception. It's the wording used that's making it the target du jour, turning other recent privacy policy villains (LG: "agree to share damn near everything or enjoy your super-expensive 'stupid' TV"; Microsoft: "why don't we just treat your living room like a movie theater and use our camera technology to count heads and charge increased VOD 'admission'") into distant memories.
Under "Voice recognition," Samsung's privacy policy says this:
The EFF's Parker Higgins noted that Samsung's voice recognition policy sounds eerily like the description of "telescreens" from George Orwell's really-not-supposed-to-be-a-blueprint-for-the-future 1984.
Compare Samsung's wording...
It could certainly be construed that any personal communications collected and stored by Samsung would fall under the Third Party Doctrine. If a government agency (local law enforcement, FBI, etc.) wishes to acquire these, they wouldn't face much of a challenge because of the lowered expectation of privacy. If Suspect X is viewed carrying a Samsung smart TV into his home, law enforcement could issue a subpoena to Samsung to acquire any voice recordings it had collected from that device. Eavesdropping by proxy. Discuss a drug deal in front of the TV? Here come the cops. No warrants or wiretaps needed.
This hypothetical would require law enforcement to know the device's ID number, something that would be hard to obtain without an actual search warrant. In the most likely scenario, the voice recognition data would be collected after a regular search had been completed. Now, previous conversations people thought no one heard could be introduced as evidence against them, thanks to the widescreen narc installed on the premises.
Here's a hypothetical that's even more "fun" to consider: a law enforcement agency is aware certain smart TVs collect and store voice recordings (along with viewing habits, internet browsing history, search terms, etc.) So, officers kick off a gun amnesty program where unregistered weapons can be turned in for free big screen TVs. Now, this law enforcement agency has a small army of hi-def confidential informants installed in numerous homes. All data can be collected at the agency's convenience, using little more than the "unregistered guns must belong solely to criminals" rationale.
But Samsung isn't the only device manufacturer collecting, storing and transmitting its customers' everyday conversations. Others do it, too. Some just hide it better. In LG's 50+ pages of smart TV fine print, it says the following about voice recognition:
We don't expect our devices to send overheard conversations to anyone other than the voice recognition technology provider. But they do. And they send it (and store it) without providing any specifics about the unnamed third parties, where they're located, how secure these transmissions are (to protect them from criminals -- the other unwanted "third parties") or how long the manufacturer itself retains this data.
The transparency level of these manufacturers rivals that of the government. And that's not a good thing, because it makes it far too easy for them to become willing partners with agencies that thrive on the abuse of the Third Party Doctrine. Samsung -- and manufacturers like it -- need to provide more than vague assurances. They need to explicitly explain what's happening to all the data they're collecting, especially when the collection involves entertainment devices listening in on private conversations... and calling it a "feature."
The "now" is misleading. Smart TVs have been doing this ever since manufacturers decided customers preferred to order their electronics around orally, rather than using the remote they can never find. And that's just the "eavesdropping" part. Most smart TVs are harvesting plenty of data on top of that, including viewing habits, search terms, browsing history… pretty much anything that makes a TV "smart" is collected and transmitted not just to the manufacturer, but to plenty of unknown third parties. Usually, this information is used to send "relevant ads" to TV owners, as if the several hundred dollars spent on the device wasn't enough of a revenue stream.
Samsung -- which is currently catching a lot of internet heat for its so-called "Privacy Policy" -- is no exception. It's the wording used that's making it the target du jour, turning other recent privacy policy villains (LG: "agree to share damn near everything or enjoy your super-expensive 'stupid' TV"; Microsoft: "why don't we just treat your living room like a movie theater and use our camera technology to count heads and charge increased VOD 'admission'") into distant memories.
Under "Voice recognition," Samsung's privacy policy says this:
To provide you the Voice Recognition feature, some voice commands may be transmitted (along with information about your device, including device identifiers) to a third-party service that converts speech to text or to the extent necessary to provide the Voice Recognition features to you. In addition, Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features. Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.Obviously, some very temporary "collection" and "transmission" needs to take place to allow a third party service to "recognize" the user's voice and ensure the smart TV does what it's told. But Samsung also collects and captures these communications... and it doesn't really say how, where or for how long these are stored.
The EFF's Parker Higgins noted that Samsung's voice recognition policy sounds eerily like the description of "telescreens" from George Orwell's really-not-supposed-to-be-a-blueprint-for-the-future 1984.
Compare Samsung's wording...
Left: Samsung SmartTV privacy policy, warning users not to discuss personal info in front of their TV
Right: 1984
Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.with Orwell's:
The telescreen received and transmitted simultaneously. Any sound that Winston made, above the level of a very low whisper, would be picked up by it, moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment…Fun stuff. The only thing missing from the scenario is a government intermediary. But it's not much a stretch to insert one.
You had to live--did live, from habit that became instinct--in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.
It could certainly be construed that any personal communications collected and stored by Samsung would fall under the Third Party Doctrine. If a government agency (local law enforcement, FBI, etc.) wishes to acquire these, they wouldn't face much of a challenge because of the lowered expectation of privacy. If Suspect X is viewed carrying a Samsung smart TV into his home, law enforcement could issue a subpoena to Samsung to acquire any voice recordings it had collected from that device. Eavesdropping by proxy. Discuss a drug deal in front of the TV? Here come the cops. No warrants or wiretaps needed.
This hypothetical would require law enforcement to know the device's ID number, something that would be hard to obtain without an actual search warrant. In the most likely scenario, the voice recognition data would be collected after a regular search had been completed. Now, previous conversations people thought no one heard could be introduced as evidence against them, thanks to the widescreen narc installed on the premises.
Here's a hypothetical that's even more "fun" to consider: a law enforcement agency is aware certain smart TVs collect and store voice recordings (along with viewing habits, internet browsing history, search terms, etc.) So, officers kick off a gun amnesty program where unregistered weapons can be turned in for free big screen TVs. Now, this law enforcement agency has a small army of hi-def confidential informants installed in numerous homes. All data can be collected at the agency's convenience, using little more than the "unregistered guns must belong solely to criminals" rationale.
But Samsung isn't the only device manufacturer collecting, storing and transmitting its customers' everyday conversations. Others do it, too. Some just hide it better. In LG's 50+ pages of smart TV fine print, it says the following about voice recognition:
I agree that LG Electronics Inc. ("LGE") may process Voice Information in the manner set out in the Privacy Policy and below.And there's your Third Party Doctrine. All anyone arguing for the right to subpoena voice information has to do is point to the User Agreement as clear evidence that the person in question is voluntarily turning over voice recordings to a third party. And away goes the expectation of privacy.
Voice Information refers to the recording of voice commands and associated data, such as information about the input device that is used to record commands (e.g., Magic Remote or built-in microphone), OS information, TV model information, content provider, channel information and service results.
I understand and agree that Voice Information may be use for the purpose of powering the voice activation feature when used to control, receive, and improve LG Smart TV Services and as described in the Privacy Policy.
I further understand and agree that LGE may share Voice Information with third parties, including providers of voice analytics.
I understand and agree that Voice Information may be transferred to, and used by, third party service providers on LGE's behalf in various countries around the world (including Korea), some of which may not offer the same level of data protection, for the purposes set out in the Privacy Policy.
We don't expect our devices to send overheard conversations to anyone other than the voice recognition technology provider. But they do. And they send it (and store it) without providing any specifics about the unnamed third parties, where they're located, how secure these transmissions are (to protect them from criminals -- the other unwanted "third parties") or how long the manufacturer itself retains this data.
The transparency level of these manufacturers rivals that of the government. And that's not a good thing, because it makes it far too easy for them to become willing partners with agencies that thrive on the abuse of the Third Party Doctrine. Samsung -- and manufacturers like it -- need to provide more than vague assurances. They need to explicitly explain what's happening to all the data they're collecting, especially when the collection involves entertainment devices listening in on private conversations... and calling it a "feature."
No comments:
Post a Comment