By: Karl Bode, Tech Dirt |
from the watching-you-watching-me dept
So if you hadn’t been paying attention, most of the “smart” products you buy are anything but intelligent when it comes to your privacy and security. Whether it’s your refrigerator leaking your gmail credentials or your new webcam being hacked in minutes for use in massive new DDoS attacks, the so-called “smart” home is actually quite idiotic. So-called smart televisions have been particularly problematic, whether that has involved companies failing to encrypt sensitive data, to removing features if you refuse to have your daily viewing habits measured and monetized.
Last month Vizio joined this not-so-distinguished club when it was discovered that the company’s TVs had been spying on users for the last several years. Vizio’s $2.2 million settlement with the FTC indicates that the company at no time thought it might be a good idea to inform customers this was happening. The snooping was part of a supposed “Smart Interactivity” feature deployed in 2014 that claimed to provide users with programming recommendations, but never actually did so. In short, it wasn’t so much what Vizio was doing, it was the fact the company tried to bullshit its way around it.
And while Vizio may have settled the FTC investigation into its snooping televisions, the company now faces an additional class action after a California federal judge late last week denied the company’s motion to dismiss. The court ruled that Vizio customers’ claimed injuries were “sufficiently concrete” to bring suit under the Video Privacy Protection and Wiretap Acts:
“Congress has determined that the interception of a person’s electronic communications and the unauthorized disclosure of a person’s video viewing history are sufficiently harmful to warrant private causes of action,” and in response to Vizio’s contention that the information it allegedly discloses is not personally identifiable, adds, “Taken to its logical conclusion, Defendants’ argument absurdly implies that a court could never enter judgment against a plaintiff on a VPPA claim if it found that the disclosed information was not within the statutory definition of personally identifiable information; instead, it would have to remand or dismiss the action for lack of jurisdiction.”
U.S. District Court judge Josephine Staton also supported the lawsuit’s claim of “highly offensive” conduct by Vizio by reiterating that the “Smart Interactivity” feature that did the spying was difficult to disable (impossible, initially), and was often reset after every Vizio firmware update:
“Plaintiffs point to a report by the security software company Avast, which concluded that Smart Interactivity’s “off” function was not operational “for months, if not years.” So, even if consumers believed they had opted out of Vizio’s data collection practices, Vizio was still collecting their data for a considerable period. In addition, Vizio’s…Smart Interactivity software switches back on without warning if the Smart TV ever reverts to the factory settings—as can occur through Vizio’s software updates. Consumers would likely not realize for a significant period that Vizio’s collection and disclosure software has been re-enabled because the opt-out feature is allegedly buried in an obscure settings menu.”
So many of these companies wouldn’t be facing settlements and lawsuits if they’d simply been transparent about what they were collecting in the first place. But time and time again we see “smart” IOT vendors trying to bullshit their way around what they’re doing, bury settings that control privacy settings under layers of intentionally intimidating menus, or simply refuse outright to offer consumers working opt out tools in the first place.