If you have a so-called smart TV from VIZIO, LG, or
Samsung, you may want to check its settings related to Privacy, Marketing, and
Automatic Content Recognition (ACR). Why? Because your TV may be collecting
information about what you and your family watch, and then sharing that data
with third parties in ways that you may not have thought about.
In this article I will explain why the practice of
TV manufacturers collecting and profiting from information about your TV
viewing was thrust into the headlines this week, but before I do that, I want
to share a link to an article by Consumer Reports that explains how to shut off technology that tracks what you watch on many
VIZIO, LG, and Samsung televisions. Consumer Reports is an independent,
nonprofit organization and it makes sense to share the advice they have already
assembled, rather than delay this article in an effort to replicate their work
(besides, my TV at home happens to be a Sony, which doesn’t help here, and I
don’t think I have the budget to get any more TVs for the research lab).
The FTC vs. VIZIO
Why did the issue of televisions snooping on those
who watch them hit the headlines this week? Because on Monday the US Federal
Trade Commission (FTC), along with the Office of the New Jersey Attorney
General, announced a settlement with one of the world’s largest manufacturers
and sellers of internet-connected “smart” televisions, namely VIZIO, a
privately held American company headquartered in Irvine, California.
VIZIO has agreed to pay more than $2 million in
fines to settle charges that its smart TVs did, without consumers’ knowledge or
consent: “capture second-by-second information about video displayed on the
smart TV, including video from consumer cable, broadband, set-top box, DVD,
over-the-air broadcasts, and streaming devices”. Furthermore, the
settlement charges that VIZIO “facilitated appending specific demographic
information to the viewing data, such as sex, age, income, marital status,
household size, education level, home ownership, and household value…[and] sold
this information to third parties, who used it for various purposes, including
targeting advertising to consumers across devices…”
A lot of that behind-the-scenes data acquisition
and trafficking is likely to come as a shock to some of the folks who own the
11 million VIZIO television sets involved in this case. If you have a VIZIO
smart TV and didn’t know it might doing this, you may be upset. The first thing
to do is check out the Consumer Reports article on how to turn this off.
Next, you can take some comfort in the fact that
the FTC settlement requires VIZIO to “delete data collected before March 1,
2016” and to “prominently disclose and obtain affirmative express consent for
its data collection and sharing practices.” The company could be in for even
bigger fines if, down the road, it is found to have further misrepresented the
privacy, security, or confidentiality of consumer information it collects.
If you own a Samsung or LG smart TV, I need to
stress they are not part of this FTC case; however, they also have tracking
capabilities that you may want to turn off, as described in that article, or in
the documentation that came with the TV. And that right there is a big part of
this problem: the documentation that comes with the device. When
you buy a “connected device” and the documentation that comes with it does not
make abundantly clear what data the device collects and shares, and with whom,
and for what purposes, you are being deceived. So says both common sense and
the FTC.
A less deceptive approach would have been to offer
the public two versions of each TV at two different prices, for example:
·
42 inch smart
TV without data tracking: $650
·
42 inch smart
TV with full data tracking and sharing: $600
That way, people would know why the price of the
second model was lower. Absent such transparency, one is left to speculate that
the price of all new TVs, which strike me as inexpensive compared to some other
digital products, is based on assumptions about revenue that go beyond the per
unit purchase price.
The official account of the VIZIO settlement can be found here. A more colloquial account,
which gives you a better sense of how dimly the FTC viewed the facts uncovered
in this case, can be found on the agency’s blog, along with some good advice
on how manufacturers can avoid sanctions like the ones VIZIO has run into.
These echo the FTC’s prior advice on a wide range of “smart” devices and
component parts of the Internet of Things (IoT):
·
Explain your
data collection practices up front.
·
Get
consumers’ consent before you collect and share highly specific information
about their entertainment preferences.
·
Make it easy
for consumers to exercise options.
·
Remember that
established consumer protection principles apply to new technology.
Smart TV or big
screen computer?
This latest FTC action raises the question of how
many consumers are currently aware of the data privacy and information security
implications of a television set that can record everything they watch,
and report that data, identified by their internet connection (IP address), to
distant servers where it can be enriched with information about their age,
gender, and other details.
Consumer awareness in this arena might be greater
if we stopped calling these things televisions. In reality, they are actually
powerful internet computers with large displays – big-screen PCs if you will –
PCs that just happen to be able to show you TV stations in addition to a whole
bunch of streaming video, audio, games, and other services. Security folks have
been saying the same thing about smartphones for many years, and I get the
impression a lot of consumers are now hip to that; yes, you can use it to place
a phone call, but basically it’s a small-screen internet computer.
When you grasp that your TV and your phone are
computers, and not just simple communication units, you are hopefully more
likely to realize their power and potential, for ill as well as good, and treat
them accordingly. Read their documentation, their privacy policies and license
agreements, and check the default settings. If you’re like me, that won’t mean
you stop using the big-screen computer you just installed in your living room,
but at least you’ll be watching with eyes wide open, and maybe fingers crossed
that the FTC or some tech-savvy attorney general is looking out for your
privacy.
To learn more about the FTC’s position within the
US data privacy landscape, you might try this ESET white paper.
