Opinion

Your Smart TV Is Watching You, Question Is Who For

Many current models of smart TVs include cameras and microphones to boot. Combined with an insecure internet connection, these devices are becoming an increasingly worrying privacy concern

Dov Greenbaum 10:3906.12.19

'Tis the season for television shopping. While much of the holiday shopping is now online, in the past, no Black Friday weekend was ever complete without the gratuitous news story highlighting the hundreds of shoppers hoarding into stores at just past midnight to bag a deeply discounted large screen TV.

 

Regardless of where you bought your television set, the FBI is now warning consumers to be extra vigilant with their smart TVs. More than having Netflix, Hulu and Amazon Prime built-in, many current models of smart television sets include cameras and microphones to boot. Combined with an insecure internet connection, these internet-of-things (IoT) devices are becoming an increasingly problematic privacy concern.

Smart TV (illustration). Photo: Shutterstock Smart TV (illustration). Photo: Shutterstock

As the FBI noted, not only can the manufacturers themselves spy on you but so can hackers and other malicious actors that gain access to your devices. What the FBI is not telling us, however, is that the police also have an interest in spying on us via our IoT devices.

Amazon subsidiary Ring Inc., which develops smart doorbells and home security systems, has already partnered with hundreds of police departments in the U.S. to share footage taken at homes where the device is installed but homeowners can decline to do so.

 

Ring also has a Law Enforcement Portal that users can add their cameras to. The portal allows the police to access these users’ video feed without a warrant by appealing directly to the homeowner. Should homeowners prove to be uncooperative, Amazon, perhaps using its vast trove of user data, has been known to coach cops on how to get them to hand over the data willingly.

 

And, if that still doesn’t work, Amazon reportedly has a work-around for that too, allowing it to “subpoena” a video at the request of the police.

 

Whether users have their Ring images shared with neighbors via the associated app, or with the police, faces on those videos are not obscured. Although Ring does not yet have built-in facial recognition capabilities, it was recently reported that police forces want to add their own facial recognition tech, on top of the video feed.

 

Amazon also sees the benefit of eventually adding facial recognition technology to the consumer version of the Ring app, and is reportedly building a commercial system wherein Ring cameras can identify suspicious individuals via facial recognition and then send alerts to users if those suspicious individuals are lurking near their home. Notably, Amazon has heretofore had difficulty implementing the facial recognition technology autonomously and currently relies on Ukrainian contract workers to manually tag faces.

 

At the same time, Amazon Web Services (AWS), the world's largest cloud computing service, has been served with a class-action lawsuit alleging that Amazon is violating the Illinois Biometric Information Privacy Act through hosting similar facial recognition data illegally on behalf of at least two unnamed clients. The lawsuit does not allege harm to any particular individual and does not describe any specific illegal action either, rather, in simply assuming that AWS stores facial recognition data on behalf of its customers, the lawsuit is seeking the statutory damages allowable under the Illinois law.

 

A more recent lawsuit, filed earlier this week alleges that a plasma donation service failed to disclose its biometric data protection policy or request written consent for scanning donors’ fingerprints.

 

Some would argue, however, that these suits demonstrate that the Illinois biometric law is too onerous and might have a chilling effect on the industry, particularly when, not if, it is more widely adopted. In fact, in this, the 116th U.S. Congress alone, nearly 70 bills have been put forward to regulate various uses of facial recognition technologies. Most recently, a bipartisan bill, the Facial Recognition Technology Warrant Act (2019), was introduced in the U.S. Senate to limit the use of facial recognition software on an individual by federal law enforcement officers without a warrant.

 

And it is not just the police using this technology. The U.S. Department of Homeland Security (DHS) recently announced its intention to use biometric technologies to scan all those entering or exiting the U.S. This new regulation will also include U.S. citizens, which were formerly excluded. Notably, should it pass, the proposed Facial Recognition Technology Warrant Act will not impinge on the DHS rule change, as the bill requires a warrant only if the subject will be under surveillance for 72 hours. Airport security lines are not yet that bad.

 

Outside the U.S., facial recognition technology, in general, is seeing growth in many different areas, even beyond security. For example, as of December 1st, China is requiring all those seeking to sign up for new cell phone plans to provide both their national ID card as well as a face scan, the use of which, ostensibly for fraud prevention, is unknown. Facial recognition in China is becoming endemic, with one university reportedly even using it to monitor attendance.

 

Given its propensity for collecting biometric data on their own citizens and the fact that China is implicated in most of the commercial espionage prosecuted in the U.S., it is only natural to try and blame China for the aforementioned spying via smart televisions. China has already been associated with spying on Americans through their Wi-Fi and cellular connections, not to mention its connection to the supposed hacking of computer hardware at numerous American companies and governmental agencies.

 

But it's not the Chinese that we should be most concerned about vis-à-vis our TVs. Rather, we should look closer to home, at Mi5, the CIA, the NSA, and even the manufacturers themselves, who have been known to hack consumer smart televisions or use them as spyware. We have been warned about this for years by the U.S. Federal Trade Commission (FTC). So, this holiday season, enjoy your new smart TV responsibly, as you never know who may be watching you watch.

 

Dov Greenbaum, JD PhD, is the director of the Zvi Meitar Institute for Legal Implications of Emerging Technologies and Professor at the Harry Radzyner Law School, both at the Interdisciplinary Center (IDC) Herzliya.