Tagdata protection

Netzpolitik13: Das Internet der Dinge: Rechte, Regulierung & Spannungsfelder

N

My slides from Das ist Netzpolitik (Berlin, 1. September 2017). Title: “Das Internet der Dinge: Rechte, Regulierung & Spannungsfelder“.

Vom Hobby-Basteln bis hin zur Smart City: Das Internet of Things (#IoT) hat zunehmend Berührungspunkte mit allen Bereichen unseres Lebens. Aber wer bestimmt was erlaubt ist, was mit unseren Daten passiert, und ob es OK ist, unter die Haube zu gucken? IoT sitzt an der Schnittstelle vieler Technologie-, Governance- und Regulierungsbereiche—und schafft dadurch gleich eine ganze Reihe von Spannungsfeldern.

Due to technical issues with the video projection, my slides weren’t shown for the first few minutes. Apologies. On the plus side, the organizers had kindly put a waving cat on the podium for me. ?

It’s a rare talk in that I gave it in German, something I’m hardly used to these days.

In it, I argue that IoT poses a number of particular challenges that we need to address (incl. the level of complexity and blurred lines across disciplines and expertise; power dynamics; and transparency). I outline inherent tensions and propose a few approaches on how to tackle them, especially around increasing transparency and legibility of IoT products.

I conclude with a call for Europe to actively take a global leadership role in the area of consumer and data protection, analog to Silicon Valley’s (claimed/perceived) leadership in disruptive innovation as well as funding/scaling of digital products, and to Shenzhen’s hardware manufacturing leadership.

Netzpolitik has an extensive write-up in German.

Update: Netzpolitik also recorded an interview with me: Regulierung und Datenschutz im Internet der Dinge.

Connected doll Cayla, connected TVs & the legal status of IoT in Germany

C

Over the last few weeks there’s been a lot of discussion around the security of connected toys. One case stood out not just because of insufficient security practices but also because in Germany it was declared illegal by Bundesnetzagentur (BNetzA, Germany’s Federal Network Agency).

BNetzA referred to §90 of the telecommunications law which states, among other things, that surveillance equipment is mostly illegal and that everyday appliances may not be equipped for surveillance (i.e. no audio/video recording “disguised” as everyday devices that purportedly serve a different purpose). Cayla, so BNetzA’s argument (English version) roughly, is a spy tool disguised as a toy; what’s worse, the kids using it have no chance of knowing what’s going on, and neither do the parents:

The Bundesnetzagentur has taken action against unauthorised wireless transmitting equipment in a children’s toy and has already removed products from the market.

“Items that conceal cameras or microphones and that are capable of transmitting a signal, and therefore can transmit data without detection, compromise people’s privacy. This applies in particular to children’s toys. The Cayla doll has been banned in Germany,” says Jochen Homann, Bundesnetzagentur President. “This is also to protect the most vulnerable in our society.”

Concealed surveillance device Any toy that is capable of transmitting signals and that can be used to record images or sound without detection is banned in Germany. The first toys of this type have already been taken off the German market at the instigation of the Bundesnetzagentur and in cooperation with distributors.

There is a particular danger in toys being used as surveillance devices: Anything the child says or other people’s conversations can be recorded and transmitted without the parents’ knowledge. A company could also use the toy to advertise directly to the child or the parents. Moreover, if the manufacturer has not adequately protected the wireless connection (such as Bluetooth), the toy can be used by anyone in the vicinity to listen in on conversations undetected.

Further products to be inspected The Bundesnetzagentur is to inspect other interactive toys and, if necessary, will take further action. In this respect the requirements of section 90 of the German Telecommunications Act must be met: Objects must, by their form, purport to be another object or are disguised as an object of daily use and, due to such circumstances or due to their operation, are particularly suitable for intercepting the non-publicly spoken words of another person without his detection or for taking pictures of another person without his detection. This also applies to customised devices.

Ever since reading the bit about concealed surveillance in objects of daily use I’ve been wondering about where to draw the line. Smart fridges? Connected TVs? Game consoles? Smart home hubs?

I decided to send an inquiry to BNetzA’s press office and picked two: Connected TVs (because they are disguised as an object of daily use) & smart home hubs (because they are particularly suitable for intercepting the non-publicly spoken words).

They replied promptly and were very helpful. Here’s what they said (Original German reply below):

Regarding the devices you named, the crucial point is the question if they are suitable for recording non-public conversations unnoticed or for recording images of a person unnoticed.

In other words: Is it clear to everyone that the device has a microphone or a camera? According to the current interpretation of §90 of the telecommunications law this is the case, for example, for cell phones and baby phones.

For devices that are controlled by voice or gestures we haven’t come to a final assessment yet.

So that’s pretty interesting and shows just how much we’re in a transition period we are with this. One one hand it’s a matter of reasonable consumer expectations: Would a regular consumer reasonably know what they’re buying? The other is a question of interfaces: If this is how a thing is controlled, is it then an obvious (or obvious enough) part of using the device to make it ok?

Ame on UX   security for iot   thingsconAMS
Ame Elliott making the case for UX & IoT Security at ThingsCon Amsterdam. (Watch her presentation.)

For designers and makers of connected devices that include a microphone or camera, this is tricky terrain. For a while, expect some level of uncertainty. This is something to keep an eye on. In the meantime, obviously make sure to maintain good security practices. No matter what the legal ruling on this larger question ends up being, if your device isn’t secure you got much bigger problems to begin with.

///

Here’s the original reply from Bundesnetzagentur’s media relations office in German:

“Hinsichtlich der von Ihnen genannten Geräte ist ein entscheidender Punkt die Frage, ob sie dazu geeignet sind, das nicht öffentlich gesprochene Wort eines anderen von diesem unbemerkt abzuhören oder das Bild eines anderen von diesem unbemerkt aufzunehmen.

Andersherum gefragt: Ist sich Jeder darüber im Klaren, dass das Gerät über ein Mikrofon verfügt oder eine Kamera eingebaut ist? Nach der Gesetzesbegründung zu § 90 Telekommunikationsgesetz ist das zum Beispiel gegeben bei Mobiltelefonen und bei Babyphones.

Dies ist von der Bundesnetzagentur hinsichtlich Geräten, die mit Sprache oder gar Bewegungen gesteuert werden, noch nicht abschließend bewertet.”

German startup Gigalocal screws privacy, tweets personal information

G

A few weeks ago, I tried out Gigalocal. It’s a platform that lets users announce jobs they would like to see done, and how much they’re willing to pay for it. (“Clean my apartment for 20 Euros”-style jobs.) I signed up so a journalist friend of mine could try out the process in a controlled environment, and without having to clean someone else’s apartment. Yet, there was a bit of a problem.

The minute I put up a test job offer for my friend (“I’d like a cold soft drink, now, delivered”), the service tweeted the job. Makes sense, I guess, as it makes it easier to track jobs out and about waiting for jobs. (If the users of said service have smartphones, that is.) But they didn’t keep it to the job description.

Gigalocal tweeted my full address, down to the house number.

That’s right. They didn’t restrict the location info to the neighborhood (close enough to figure out if that job’s a good fit for you), or next subway stop, or street level, or a 500m radius. No, they tweeted the full address.

I canceled my account and mentioned in the cancellation form that I find publicly tweeting addresses quite unacceptable, as I hadn’t been aware before that the company might do that.

Here’s the reply (translation below):

Grundsätzlich kann jeder User seine Daten selbst schützen. Niemand ist gezwungen seinen Wohnort anzugeben. Ein User kann einen Gig überall erstellen, seine aktuelle Position wird vom GPS Modul (Smartphone) oder durch die IP (Website) vorgegeben. Diese Ortung hat man schon wenn man auf Google Maps geht und dem Browser erlaubt den Standort zu erkennen. Jedem User steht es frei wo er seinen Gig erstellt, er kann ihn also gerne 4 Straßen weiter erstellen und sich dort mit dem Gig Erfüller treffen.

Translation: Generally, every user can protect their own data. Nobody is forced to input their home address. A user can submit a gig wherever they like, their current position is read through the GPS module (smart phone) or IP address (website). This triangulation takes place even if you just go to Google Maps and allow the browser to read your location.

Every user is free to set up their gig wherever they like, so they can set it up 4 streets down and meet up with the job fulfiller there.

I was shocked. Shocked at this level of ignorance in building a user service that requires granular privacy. (Home addresses!) Shocked at how the staff didn’t even seem to consider they might have made a grave mistake. And shocked at myself for being even surprised by the two aforementioned failures.

Gigalocal, here’s a hint: You want your “job fulfillers” to know if a job is close enough to make it worth the trip. You don’t want to show the world people’s home and office addresses. And you never, ever want to tweet personal information without asking permission first.

Now go back to the drawing board and don’t come back before you know what you’re doing.