Protect Your Digital Privacy This Holiday Season

CUB is increasingly concerned with the digital privacy of our members and all Oregonians. In recent years, we supported legislation here in Oregon to replace 2015 federal rules created by the Obama-era Federal Communications Commission. The rules, had they gone into effect, would have limited the ability of Internet service providers to collect, analyze, and share their customers’ personal information. Heading into 2019, CUB continues to work with allies developing legislation to further protect Oregonians’ personal information.

The goal of this blog, however, is to highlight digital privacy resources for consumers. A good place to start, especially this time of year, is consumer products. U.S. PIRG, Mozilla, the Federal Bureau of Investigation (FBI), the German consumer watchdog Bundesnetzagentur, The New York Times, Norwegian independent consumer group Forbrukerradet, and the Associated Press, and the American Civil Liberties Union (among many others) have already done an impressive amount of work in this space.

• In November, U.S. PIRG released their 33rd Annual Survey of Toy Safety, “Trouble in Toyland”. While the entire report is certainly worth a read, especially for those with young children, CUB is particularly concerned with the section beginning on page 14 regarding “Smart Toys and Interconnected Children’s products.” The report references a 2017 public service announcement from the FBI warning about internet-connected and microphone-enabled toys generally. The Bluetooth and microphone-enabled “Dash” robot and “Amazon Fire HD Kids Edition” stand out as products inappropriately collecting and, worse yet, sharing the personal information of children and their parents.
• While not specifically mentioned in the recent PIRG report, in 2017, Bundesnetzagentur banned a microphone-enabled doll called “My Friend Cayla” over concerns of illegal espionage and ineffective security. 18 separate consumer privacy groups filed complaints with the U.S. Federal Trade Commission expressing similar concerns. Also, earlier this year, a Portland woman reported that her Amazon Echo had recorded her family’s activities without prompting and, without consent, emailed recordings to a woman in Seattle.
• Further highlighting the extent to which consumers should be concerned with their holiday purchasing this year, Mozilla compiled a comprehensive “Shop Safe” gift guide - complete with detailed descriptions of various toys and games, smart homes and entertainment devices, wearables, health and exercise products, and even those designed with pets in mind. Topping their “super creepy” list is the “FREDI Baby Monitor”, which according to Mozilla’s considerable research is highly susceptible to hacking (exactly what a parent wants for a device monitoring their newborn!). Rounding out the “super creepy” category are Amazon and Google smart home devices, three (yes three) separate pet cameras (yes pet cameras), and a microphone-enabled toy dinosaur. All told, Mozilla reviews a whopping 70 products for their holiday gift guide.
• Similarly, geolocation (one’s precise geographic position) is a subject of concern to CUB and other advocates. Geolocation is in fact a prime example of personal information that, when combined with other pieces of information (often publicly available), can easily re-identify someone whose behavior and identity would otherwise remain anonymous.
• For instance, if a software application on my phone shared my geolocation data with a third party (most likely a data broker or advertiser), that third party could plainly see that most mornings at around 8:00am I travel from a location in NE Portland (my home) to a location in downtown Portland (CUB’s office). This third party might then notice that between roughly late January to late June during odd years, and late January to early March during even years (the schedule of Oregon’s legislative sessions), my daily travel pattern changes from my home to the Oregon Capital in Salem. Since CUB staffs only a handful of people, and only a fraction of CUB staff work in the legislature, it would be easy to either pinpoint me to target advertisements or, worse yet, in the event of a data breach, steal my identity. Point being: It would take all of five minutes (perhaps less) of searching on the web to determine my identity.
• In fact, all within the past year, the New York Times, Forbrukerradet, and the Associated Press released startling reports about pervasive geolocation collection. The three studies draw the same conclusion: Many software applications installed on consumers’ smartphones track their precise geolocation hundreds if not thousands of times per day. Two operating systems, iOS from Apple and Android from Google, control an outsized share of the smartphone market, and therefore dictate the rules for applications as they relate to geolocation and other digital privacy concerns. More often than not, geolocation information is packaged and sold to location aggregators or paid advertisers.

CUB’s advice for consumers this holiday season (or any season for that matter) is to take the necessary time to do your homework. Product manufacturers and application developers have every hope and expectation you will not. Also stay tuned to our blog for more details about CUB-supported 2019 data transparency and privacy protection legislation.

To keep up with CUB, like us on Facebook and follow us on Twitter!

• Share this post on Facebook.
• Share this post on LinkedIn.
• Share this post with email.

« Back