Over the last few weeks there’s been a lot of discussion around the security of connected toys. One case stood out not just because of insufficient security practices but also because in Germany it was declared illegal by Bundesnetzagentur (BNetzA, Germany’s Federal Network Agency).
BNetzA referred to §90 of the telecommunications law which states, among other things, that surveillance equipment is mostly illegal and that everyday appliances may not be equipped for surveillance (i.e. no audio/video recording “disguised” as everyday devices that purportedly serve a different purpose). Cayla, so BNetzA’s argument (English version) roughly, is a spy tool disguised as a toy; what’s worse, the kids using it have no chance of knowing what’s going on, and neither do the parents:
The Bundesnetzagentur has taken action against unauthorised wireless transmitting equipment in a children’s toy and has already removed products from the market.
“Items that conceal cameras or microphones and that are capable of transmitting a signal, and therefore can transmit data without detection, compromise people’s privacy. This applies in particular to children’s toys. The Cayla doll has been banned in Germany,” says Jochen Homann, Bundesnetzagentur President. “This is also to protect the most vulnerable in our society.”
Concealed surveillance device
Any toy that is capable of transmitting signals and that can be used to record images or sound without detection is banned in Germany. The first toys of this type have already been taken off the German market at the instigation of the Bundesnetzagentur and in cooperation with distributors.
There is a particular danger in toys being used as surveillance devices: Anything the child says or other people’s conversations can be recorded and transmitted without the parents’ knowledge. A company could also use the toy to advertise directly to the child or the parents. Moreover, if the manufacturer has not adequately protected the wireless connection (such as Bluetooth), the toy can be used by anyone in the vicinity to listen in on conversations undetected.
Further products to be inspected
The Bundesnetzagentur is to inspect other interactive toys and, if necessary, will take further action. In this respect the requirements of section 90 of the German Telecommunications Act must be met: Objects must, by their form, purport to be another object or are disguised as an object of daily use and, due to such circumstances or due to their operation, are particularly suitable for intercepting the non-publicly spoken words of another person without his detection or for taking pictures of another person without his detection. This also applies to customised devices.
Ever since reading the bit about concealed surveillance in objects of daily use I’ve been wondering about where to draw the line. Smart fridges? Connected TVs? Game consoles? Smart home hubs?
I decided to send an inquiry to BNetzA’s press office and picked two: Connected TVs (because they are disguised as an object of daily use) & smart home hubs (because they are particularly suitable for intercepting the non-publicly spoken words).
They replied promptly and were very helpful. Here’s what they said (Original German reply below):
Regarding the devices you named, the crucial point is the question if they are suitable for recording non-public conversations unnoticed or for recording images of a person unnoticed.
In other words: Is it clear to everyone that the device has a microphone or a camera? According to the current interpretation of §90 of the telecommunications law this is the case, for example, for cell phones and baby phones.
For devices that are controlled by voice or gestures we haven’t come to a final assessment yet.
So that’s pretty interesting and shows just how much we’re in a transition period we are with this. One one hand it’s a matter of reasonable consumer expectations: Would a regular consumer reasonably know what they’re buying? The other is a question of interfaces: If this is how a thing is controlled, is it then an obvious (or obvious enough) part of using the device to make it ok?
Ame Elliott making the case for UX & IoT Security at ThingsCon Amsterdam. (Watch her presentation.)
For designers and makers of connected devices that include a microphone or camera, this is tricky terrain. For a while, expect some level of uncertainty. This is something to keep an eye on. In the meantime, obviously make sure to maintain good security practices. No matter what the legal ruling on this larger question ends up being, if your device isn’t secure you got much bigger problems to begin with.
Here’s the original reply from Bundesnetzagentur’s media relations office in German:
“Hinsichtlich der von Ihnen genannten Geräte ist ein entscheidender Punkt die Frage, ob sie dazu geeignet sind, das nicht öffentlich gesprochene Wort eines anderen von diesem unbemerkt abzuhören oder das Bild eines anderen von diesem unbemerkt aufzunehmen.
Andersherum gefragt: Ist sich Jeder darüber im Klaren, dass das Gerät über ein Mikrofon verfügt oder eine Kamera eingebaut ist? Nach der Gesetzesbegründung zu § 90 Telekommunikationsgesetz ist das zum Beispiel gegeben bei Mobiltelefonen und bei Babyphones.
Dies ist von der Bundesnetzagentur hinsichtlich Geräten, die mit Sprache oder gar Bewegungen gesteuert werden, noch nicht abschließend bewertet.”