Researchers have discovered that entertainment corporations are exploiting the communication capabilities of smart TVs to gather market analysis data. These facts were discovered by researchers from Northeastern University and Imperial College London in a recent study published in September 2019.
In some cases, users’ data were being sent to Netflix even though they didn’t have an account.
Marketing Data for Free
No doubt, the collectors of usage data from smart TVs would argue that the information they acquire is “non-personal” and that their intention is only to improve the viewing experience for all.
It is true that the IP address is considered to not be personally identifiable information. Also, the IP address is not owned by the person or household to which it is allocated. This gray area of personal information definition is tough to argue against in a court of law.
However, the data has a value, and somewhere along the line someone is charging for collecting this data, and the end-users are increasing their profitability by analyzing it. So, an entire division of marketing is making money by stealing data on your activities. Is it stealing? Well, it is spying, at least.
When linked to other information, such as the serial number of the TV, third parties can cross-reference data from other sources to identify an individual. Hackers have built up a new big data-driven industry of their own called “doxing.”
This has a twilight legality, compiling profiles on individuals. This information is gathered from a range of sources and can be used by those who want to guess a person’s passwords or pass themselves off as that person in order to commit fraud – it is part of the growing identity theft racket.
Although the primary users of this information do not have malicious intent, the collection of information on a server somewhere raises the possibility of data theft by hackers. The operations of smart TVs and other Internet-connected devices can tell house breakers when an individual is out of the house and can present blackmailers with the behavioral source material.
Other Indiscreet Gadgets
Smart TVs are not the only smart devices that are being turned into secret monitors. Roku set-top boxes, Amazon Fire TV sticks, voice-activated speakers, and digital radios are also press-ganged into the army of digital intruders. Video doorbells produced by Ring and Zmodo were also found to be transmitting information that could be used for malicious purposes.
The prospect of video cameras storing footage on the Cloud opens up a secondary line of indiscretion. You are being watched by other people’s smart devices, just by walking past a property. The companies that hold this footage – including Amazon, Google, and Microsoft – have all been targeted successfully by data thieves in the past, giving potential access to miscreants of behavioral information and video footage about millions of people.
An Absence of Consent
Consent to allow corporations to hold information about private individuals is increasingly growing into a strong legal requirement of the digital economy. In Europe, for example, the General Data Protection Regulation (GDPR) has very clear rules about informing individuals about what personal information is held about them. How do the makers of outdoor video surveillance systems get consent from people passing in the street that get recorded? They don’t.
David Choffnes, the Northeastern University professor who leads the study observes “these devices just don’t need that many connections to provide their functionality, like to be able to watch TV or to be able to turn on your microwave from a voice command.”
Effectively, the data-gathering capabilities of home smart devices are overstepping their immediate information needs. Why? Given that firmware can be updated, these hardware producers can’t claim that they added in data gathering to cater to potential future functionality.
The Northeastern study continues. Its findings may alert lawmakers to technology firms that are getting away with lawbreaking simply because the behind-the-scenes activities of Internet-connected devices are impossible to track without the cooperation of the creators of these gadgets.
The law may soon evolve to tighten up supervision of the activities of technology companies, which could shut down many of their data gathering routines.