I just bought a new TV. The old one had a good run, but after the volume got stuck on 63, I decided it was time to replace it. I am now the owner of a new “smart” TV, which promises to deliver streaming multimedia content, games, apps, social media and Internet browsing. Oh, and TV too.
The amount of data this thing collects is staggering. It logs where, when, how and for how long you use the TV. It sets tracking cookies and beacons designed to detect “when you have viewed particular content or a particular email message.” It records “the apps you use, the websites you visit, and how you interact with content.” It ignores “do-not-track” requests as a considered matter of policy.
It also has a built-in camera — with facial recognition. The purpose is to provide “gesture control” for the TV and enable you to log in to a personalized account using your face. On the upside, the images are saved on the TV instead of uploaded to a corporate server. On the downside, the Internet connection makes the whole TV vulnerable to hackers who have demonstrated the ability to take complete control of the machine.
More troubling is the microphone. The TV boasts a “voice recognition” feature that allows viewers to control the screen with voice commands. But the service comes with a rather ominous warning: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.” Got that? Don’t say personal or sensitive stuff in front of the TV.
You may not be watching, but the telescreen is listening.
I do not doubt that this data is important to providing customized content and convenience, but it is also incredibly personal, constitutionally protected information that should not be for sale to advertisers and should require a warrant for law enforcement to access.
Unfortunately, current law affords little privacy protection to so-called “third party records,” including email, telephone records, and data stored in “the cloud.” Much of the data captured and transmitted by my new TV would likely fall into this category. Although one federal court of appeals has found this rule unconstitutional with respect to email, the principle remains a bedrock of modern electronic surveillance.
According to retired Gen. David Petraeus, former head of the CIA, Internet-enabled “smart” devices can be exploited to reveal a wealth of personal data. “Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvester,” he reportedly told a venture capital firm in 2012. “We’ll spy on you through your dishwasher,” read one headline. Indeed, as the “Internet of Things” matures, household appliances and physical objects will become more networked. Your ceiling lights, thermostat and washing machine — even your socks — may be wired to interact online. The FBI will not have to bug your living room; you will do it yourself.
Of course, there is always the “dumb” option. Users may have the ability to disable data collection, but it comes at a cost. The device will not function properly or allow the use of its high-tech features. This leaves consumers with an unacceptable choice between keeping up with technology and retaining their personal privacy.
We should not have to channel surf worried that the TV is recording our behavior for the benefit of advertisers and police. Companies need to become more mindful of consumer privacy when deciding whether to collect personal data. And law enforcement should most certainly be required to get a warrant before accessing it.
In the meantime, I’ll be in the market for a new tinfoil hat and cone of silence.
Michael Price is counsel in the Liberty and National Security Program at the Brennan Center for Justice at NYU School of Law.