Tagconnected

Connected doll Cayla, connected TVs & the legal status of IoT in Germany

C

Over the last few weeks there’s been a lot of discussion around the security of connected toys. One case stood out not just because of insufficient security practices but also because in Germany it was declared illegal by Bundesnetzagentur (BNetzA, Germany’s Federal Network Agency).

BNetzA referred to §90 of the telecommunications law which states, among other things, that surveillance equipment is mostly illegal and that everyday appliances may not be equipped for surveillance (i.e. no audio/video recording “disguised” as everyday devices that purportedly serve a different purpose). Cayla, so BNetzA’s argument (English version) roughly, is a spy tool disguised as a toy; what’s worse, the kids using it have no chance of knowing what’s going on, and neither do the parents:

The Bundesnetzagentur has taken action against unauthorised wireless transmitting equipment in a children’s toy and has already removed products from the market.

“Items that conceal cameras or microphones and that are capable of transmitting a signal, and therefore can transmit data without detection, compromise people’s privacy. This applies in particular to children’s toys. The Cayla doll has been banned in Germany,” says Jochen Homann, Bundesnetzagentur President. “This is also to protect the most vulnerable in our society.”

Concealed surveillance device Any toy that is capable of transmitting signals and that can be used to record images or sound without detection is banned in Germany. The first toys of this type have already been taken off the German market at the instigation of the Bundesnetzagentur and in cooperation with distributors.

There is a particular danger in toys being used as surveillance devices: Anything the child says or other people’s conversations can be recorded and transmitted without the parents’ knowledge. A company could also use the toy to advertise directly to the child or the parents. Moreover, if the manufacturer has not adequately protected the wireless connection (such as Bluetooth), the toy can be used by anyone in the vicinity to listen in on conversations undetected.

Further products to be inspected The Bundesnetzagentur is to inspect other interactive toys and, if necessary, will take further action. In this respect the requirements of section 90 of the German Telecommunications Act must be met: Objects must, by their form, purport to be another object or are disguised as an object of daily use and, due to such circumstances or due to their operation, are particularly suitable for intercepting the non-publicly spoken words of another person without his detection or for taking pictures of another person without his detection. This also applies to customised devices.

Ever since reading the bit about concealed surveillance in objects of daily use I’ve been wondering about where to draw the line. Smart fridges? Connected TVs? Game consoles? Smart home hubs?

I decided to send an inquiry to BNetzA’s press office and picked two: Connected TVs (because they are disguised as an object of daily use) & smart home hubs (because they are particularly suitable for intercepting the non-publicly spoken words).

They replied promptly and were very helpful. Here’s what they said (Original German reply below):

Regarding the devices you named, the crucial point is the question if they are suitable for recording non-public conversations unnoticed or for recording images of a person unnoticed.

In other words: Is it clear to everyone that the device has a microphone or a camera? According to the current interpretation of §90 of the telecommunications law this is the case, for example, for cell phones and baby phones.

For devices that are controlled by voice or gestures we haven’t come to a final assessment yet.

So that’s pretty interesting and shows just how much we’re in a transition period we are with this. One one hand it’s a matter of reasonable consumer expectations: Would a regular consumer reasonably know what they’re buying? The other is a question of interfaces: If this is how a thing is controlled, is it then an obvious (or obvious enough) part of using the device to make it ok?

Ame on UX   security for iot   thingsconAMS
Ame Elliott making the case for UX & IoT Security at ThingsCon Amsterdam. (Watch her presentation.)

For designers and makers of connected devices that include a microphone or camera, this is tricky terrain. For a while, expect some level of uncertainty. This is something to keep an eye on. In the meantime, obviously make sure to maintain good security practices. No matter what the legal ruling on this larger question ends up being, if your device isn’t secure you got much bigger problems to begin with.

///

Here’s the original reply from Bundesnetzagentur’s media relations office in German:

“Hinsichtlich der von Ihnen genannten Geräte ist ein entscheidender Punkt die Frage, ob sie dazu geeignet sind, das nicht öffentlich gesprochene Wort eines anderen von diesem unbemerkt abzuhören oder das Bild eines anderen von diesem unbemerkt aufzunehmen.

Andersherum gefragt: Ist sich Jeder darüber im Klaren, dass das Gerät über ein Mikrofon verfügt oder eine Kamera eingebaut ist? Nach der Gesetzesbegründung zu § 90 Telekommunikationsgesetz ist das zum Beispiel gegeben bei Mobiltelefonen und bei Babyphones.

Dies ist von der Bundesnetzagentur hinsichtlich Geräten, die mit Sprache oder gar Bewegungen gesteuert werden, noch nicht abschließend bewertet.”

Essential writing from 2016

E

As 2017 is picking up steam and (especially under the ThingsCon banner) we’re working to make it a pivotal year for the creation of a responsible & human-centric internet of things (IoT), it’s worth having a look back at some of last year’s writing output.

Specifically I wrote, or helped write, a number of pieces on a range of topics that I hope will be relevant for a while to come.

Understanding the Connected Home: Thoughts on living in tomorrow’s connected home
Co-authored with Michelle Thorne. Second edition, July 2016.
The second edition of our ebook, fully revised and updated. It’s about designing connected homes in a way that’s great to live in, about the opportunities and challenges inherent in data-driven homes, and about the deeper questions we should ask ourselves when connecting our homes. Available at theconnectedhome.org, in a somewhat shortened, serialized version on Medium (starting here), and on the Kindle Store in a Kindle-optimized version.

Smart cities in the 21st century: Humanity on the move: The transformative power of cities
Co-authored with Prof. Dr. Christoph Bieber. April 2016.
Prof. Dr. Christoph Bieber and I were kindly asked to contribute some research and policy recommendations for a larger report for the German federal government around the role of cities and urbanization in the 21st century. The report is called “Humanity on the move: The transformative power of cities” (Der Umzug der Menschheit: Die transformative Kraft der Städte) and published through WBGU, the German Advisory Council for Global Change. You can find an English-language executive summary, some background, and all the links to the full documents (DE) are in this blog post.

Shenzhen: View Source
November 2016.
As part of a fact-finding and research trip we gathered a small alliance around open and responsible IoT (I was wearing my ThingsCon hat) and visited Shenzhen, China, where the majority of connected products are made for the rest of the world. It was a remarkable whirlwind experience. Here’s a series of blog posts of write-up. We’ll be back in Shenzhen for a larger ThingsCon event in April 2017.

Also, a shout-out to a report that Michelle Thorne, head of Mozilla’s Open IoT Studio (and full disclosure, my wife) co-wrote: We all live in the computer now. A NetGain paper on society, philanthropy and the Internet of Things (PDF). I was not involved in this report in any way, but it does touch on a few of the core themes we also tackle with ThingsCon and is full of great examples of the good and bad of IoT.

You can find a list of interviews, articles, and other publications at thewavingcat.com/media.

Fisherman’s IoT

F

We spent a week in Anstruther, Scotland for an #OpenIoT design sprint organized by Mozilla and the University of Dundee. Here are some thoughts reflecting on our work there.

The Reaper is a traditional fishing vessel from Anstruther, Scotland. Built in 1902 as a sail boat, and retrofitted with an engine 14 years later, it continued its career as an active fishing boat until the late 1950s. Now the Reaper is a museum boat (museum’s Reaper page), maintained by the Scottish Fishery Museum in Anstruther.

I believe we can learn quite a bit from boats like the Reaper for the way we design contemporary #IoT systems, services, and products.

Learning about historic boats
The Reaper’s deck. More specifically, the Reaper’s capstan.

(more…)

Understanding the Connected Home, 2nd edition

U

Cover: Understanding the Connected Home

The second edition of our book Understanding the Connected Home is out. Michelle Thorne and I fully revised, rewrote and updated this edition. It’s both broader and deeper and reflects our thinking around connected homes and smart homes; IoT and ethics; and some other related fields.

You can read it online at theconnectedhome.org and also find various other formats to download there. For even easier reading, you can find a specially formatted edition of Understanding the Connected Home on the Kindle Store (this is also a way to support this and further books).

Kansas City & questions for the smart city

K

In her excellent IoT newsletter (subscribe here), Stacey Higginbotham of Stacey On IoT discusses privacy and the smart city. It’s a great, quick read in which Stacey takes Kansas City’s smart city plans and discusses them with KC’s Chief Innovation Officer Bob Bennett.

Since it touches on a quite a few of the core themes we touched on in our recent smart city policy recommendations for the German government, allow me to pull a few quotes from that newsletter:

(more…)