In recent years, consumers have expressed fears that their smartphones could be listening to them. According to a new report published in Journal of Cyber Policy, such fears are justified.
But it goes much further than that.
Our cellphones, whether they are iPhones or Galaxy S9s, are listening to us and transmitting the data they hear. So are objects that include the Apple Watch, the Samsung Smart TV 9000, the Samsung Smart Dishwasher, and even the My Friend Cayla Doll.
All of these devices, analyzed in the report, are putting Americans under intense surveillance through the use of microphones, cameras, barometers, proximity sensors, ambient sensors, thermometers, Bluetooth, GPS location, and even heart rate monitors, concluded the report “Enabling Mass Surveillance: Data Aggregation in the Age of Big Data and the Internet of Things.”
The Internet of Things (IofT) describes the concept of connecting any device with an on and off switch to the Internet and to one another. This makes machine-to-machine contact possible. One analyst firm says that by next year, there will be over 26 billion connected devices.
This “interconnected and interdependent” network “facilitates perpetual surveillance of populations,” said the report, ushering people into a “new norm of perpetual surveillance.”
The purpose of the invasive and perpetual mass surveillance?
It is designed “to construct profiles of people, learn about their preferences, habits, and purchases, and use this information to conduct targeted marketing campaigns designed to get the customers/consumers to make more purchases that benefit companies,” said the report, written by Marie-Helen Maras and Adam Scott Wandt, professors at the John Jay College of Criminal Justice.
What these devices can see, hear, and sense is being streamed continuously to manufacturers of the “smart” items or to the makers of one of the item’s components, such as a computer chip. The data is then gathered and collated by private aggregators and sold to companies keen to analyze consumer purchases, habits, and behavior.
However, this is just one aspect of the surveillance.
These devices can be accessed by law enforcement agencies who obtain warrants to conduct investigations and hacked by criminals, threatening Americans’ privacy and leaving them vulnerable to theft, extortion, and even physical attack.
“Most people are aware that something is going on with gathering of their data, but they have little idea of the depth of this,” said Wandt, an assistant professor of public policy and member of the full-time faculty of the Department of Public Management at John Jay.
The report’s extreme examples of data obtained include:
- An Israeli-based security firm has “developed a method to hijack the camera on an LG home-bot vacuum cleaner;”
- Hackers compromised a thermometer inside a fish tank in a casino, “giving the hackers access to the casino’s internal data network;” and
- Certain baby monitors could be used for spying remotely with “a web attack.”
Within the My Friend Cayla Doll, advertised as a “smart doll,” are a microphone that transmits audio heard, a camera transmitting video within the room, a proximity sensor that detects the presence of nearby objects without the need for physical contact, an ambient light sensor, and the capacity for WiFi.
This makes it an information-gathering tool.
The doll has already raised safety alarms and is banned in Germany. According to The Washington Post, it “collects and transmits everything it hears to a voice recognition company in the United States.”
The doll can hear words said more than 30 feet away and through walls. (In a statement, Nuance, which makes the doll’s voice-recognition software, “said the company does not share data collected with marketers or other customers.”)
Televisions, webcams, babycams, they’ve all been targeted as capable of spying on consumers. In its recent article “You Watch TV. Your TV Watches Back,” The Washington Post tested four of the most popular “smart TV” brands, and using software called an “IoT Inspector,” Then using software from Princeton University called the IoT Inspector, the reporter watched how each model transmitted data: “Even when I switched to a live broadcast signal, I could see each TV sending out reports as often as once per second.”
As for the Samsung dishwasher, it has a thermometer measuring the air temperature, an ambient light sensor, and capacity for WiFi. Which means it too could be used to gather data–and to monitor someone.
“Data is the most valuable commodity and private companies profit from the collection, sharing, analysis and sale of user data,” according to the report.
Whether it’s a phone, a TV, a watch, or a dishwasher, if it’s turned on, it is transmitting your data continuously. Aside from the privacy violation of being analyzed for profit, “there are many examples of devices hacked by malicious actors who use the micro-controllers for illegitimate purposes.”
Maras and Wandt’s report calls for creation of a U.S. federal data protection law similar to the GDPR in order to ensure data protection practices as well as a law designed to deal with security and privacy protections of these devices and the data aggregated.
Privacy policies also need to be developed that convey complex legal and privacy information in a user-friendly manner, they say.
The aggregators of data on all of us “are people trying to make a profit out of the information, and we are letting them do it by signing it all away,” said Wandt.
The full report is available for purchase only here.
Nancy Bilyeau is deputy editor of The Crime Report. She welcomes comments from readers.