More on Internet of Things

Toys That Listen – CHI 2017

What do teddy bears, My Friend Cayla and Barbie have in common? They are all toys connected to the internet that can listen, overhearing what goes on in the home. Security breaches and the privacy challenges of these devices are regularly in the news. During the holiday season of 2015 Hello Barbie faced significant pushback from privacy advocates and the companies involved, Mattel and ToyTalk, were responsive to concerns. This past holiday season a complaint was filed with the Federal Trade Commission over My Friend Cayla’s privacy failures and recently the doll was banned in Germany. Just this week it was revealed that the CloudPets’ teddy bears millions of recordings of parents’ and children’s conversations had been easily accessible online.

Describing them as Toys That Listen, our team at the Tech Policy Lab sought to better understand their privacy and security implications. We began with a hackathon investigating the security of toys like My Friend Cayla, Hello Barbie, Cognitoys Dino and others. We also sought to understand how parents and children viewed their privacy around these toys. We conducted interviews with parent-child pairs in which they interacted with Hello Barbie and CogniToys Dino, shedding light on children’s expectations of the toys’ “intelligence” and parents’ privacy concerns and expectations for parental controls. We found that children were often unaware that others might be able to hear what was said to the toy, and that some parents draw connections between the toys and similar tools not intended as toys (e.g., Siri, Alexa) with which their children already interact. Our findings illuminate people’s mental models and experiences with these emerging technologies and provide a foundation for recommendations to toy designers and policy makers. Read the paper (forthcoming in CHI 2017).

More information about our work is available through conferences we have participated in. In February we led a discussion on privacy and and the connected home at Start With Privacy, a conference organized by the Washington State Office of Privacy and Data Protection. We also joined a panel hosted by the Future of Privacy Forum and Family Online Safety Institute on Kids & the Connected Home and highlighted the portability of toys leading to children bringing new privacy concerns to their friend’s houses.

For questions about this project email emcr@uw.edu.

 

Kids & Connected Toys

This week Emily McReynolds will be speaking at the Future of Privacy Forum event Kids & the Connected Home. One of the Tech Policy Lab’s current projects focuses on the privacy and security implications of connected toys, Toys That Listen. Follow the discussion on Twitter at #InternetofToys.

Hello Barbie, Amazon Echo, and the home robot Jibo are part of a new wave of connected toys and gadgets for the home that listen. Different than the smartphone, these devices are always on, blending into the background until needed by the adult or child user. We do not yet know all the information our new toys are collecting, storing, or disclosing. With an intended audience of designers and regulators, this project brings an interdisciplinary group of experts together to build a set of consumer protection best practices for design and user control of connected devices in the home.

The potential benefits of household intelligent devices may be real–these technologies claim to increase convenience, cleanliness, and even improve health. In the lab setting, at-home robots have been tested to help individuals with dementia or rehabilitation. But just as the benefits may be game-changing and exciting, the threats of harm will be novel and non-trivial. Attacks on consumer privacy via the Internet are pervasive, and these issues increase where devices record information from inside the home.

Our goal is to preempt privacy problems before they occur. Consumer privacy protection laws have often been reactionary–drafted or amended after privacy was breached and individuals harmed. The Video Privacy Protection Act, for example, was the result of lessons on the dangers of the distribution of an individual’s video rental history. The recent Netflix settlement under the same Act shows that these issues are alive and well today. The Children’s Online Privacy Protection Act (COPPA) responds to fears adults have about children being online and the new internet-connected toys raise these fears. While legislation like California’s Online Privacy Protection Act has been found to extend from the initial web page privacy policy requirement to apps on devices, the delivery of privacy notices on toys such as Hello Barbie is more difficult to design. With household devices having the ability to collect increasingly detailed information about what we watch, listen to, talk about, or purchase from the comfort of home, now is the time to identify and implement best practices.

Computer Security and the Internet of Things – Faculty Co-Director Tadayoshi Kohno presents at Usenix Enigma 2016

Computers are now integrating into everyday objects, from medical devices to children’s toys. This integration of technology brings many benefits. Without the appropriate checks and balances, however, these emerging technologies also have the potential to compromise our digital and physical security and privacy. Tech Policy Lab Faculty Co-Director Kohno’s talk explored case studies in the design and analysis of computer systems for several types of everyday objects, including wireless medical devices, children’s toys, and automobiles. He discussed the discovery of security risks with leading examples of these technologies, the challenges to securing these technologies and the ecosystem leading to their vulnerabilities, and new directions for security and privacy. Including efforts (in collaboration with UC San Diego) to compromise the computers in an automobile from a thousand miles away, and the implications and consequences of this and other works. He also outlined directions for mitigating computer security and privacy risks, including both technical directions and education.

Toys That Listen and the Internet of Things

Hello Barbie, Amazon Echo, and the home robot Jibo are part of a new wave of connected toys and gadgets for the home that listen. Different than the smartphone, these devices are always on, blending into the background until needed by the adult or child user. We do not yet know all the information our new toys are collecting, storing, or disclosing. With an intended audience of designers and regulators, this project brings an interdisciplinary group of experts together to build a set of consumer protection best practices for design and user control of connected devices in the home. We are grateful to the Rose Foundation Consumer Privacy Rights Fund for funding this work.

Forthcoming in CHI 2017, our study Toys That Listen: A Study of Parents, Children, and Internet-Connected Toys, explored people’s mental models and experiences with these emerging technologies and to help inform the future designs of interactive, connected toys and gadgets.

Our goal is to preempt privacy problems before they occur. Consumer privacy protection laws have often been reactionary–drafted or amended after privacy was breached and individuals harmed. The Video Privacy Protection Act, for example, was the result of lessons on the dangers of the distribution of an individual’s video rental history. The recent Netflix settlement under the same Act shows that these issues are alive and well today. The Children’s Online Privacy Protection Act (COPPA) responds to fears adults have about children being online and the new internet-connected toys like Hello Barbie raise these fears. While legislation like California’s Online Privacy Protection Act has been found to extend from the initial web page privacy policy requirement to apps on devices, the delivery of privacy notices on toys such as Hello Barbie is more difficult to design. With household devices having the ability to collect increasingly detailed information about what we watch, listen to, talk about, or purchase from the comfort of home, now is the time to identify and implement best practices.

Tech Policy Lab Distinguished Lecture: Responsible Innovation in the Age of Robots & Smart Machines

Many of the things we do to each other in the 21st century –both good and bad – we do by means of smart technology. Drones, robots, cars, and computers are a case in point. Military drones can help protect vulnerable, displaced civilians; at the same time, drones that do so without clear accountability give rise to serious moral questions when unintended deaths and harms occur. More generally, the social benefits of our smart machines are manifold, the potential drawbacks and moral quandaries extremely challenging. In this talk, I take up the question of responsible innovation drawing on the European Union experience, value sensitive design, and reconsidering the relations between ethics and design.

Jeroen van den Hoven is a professor of Ethics and Technology at Delft University of Technology. He was the first scientific director for 3TU/Ethics and is currently editor-in-chief of Ethics and Information Technology. In 2009 he won both the World Technology Award for Ethics and the IFIP prize for ICT and Society for his work on ethics and ICT.