During the holiday season, my husband and I tend to offer suggestions to those who are generous enough to insist on buying presents for our kids. Things like “Don’t spend more than $50 (Dh183.5)” and “No guns.” Or, for those with whom we can be comfortably blunt, “Just cash, please.”
The idea is to make gift-giving less stressful and expensive and to make it less likely that the gift givers will waste money on things our kids don’t need — or that we simply would rather they didn’t have.
This year we’re adding a new rule to our list: No toys that can spy. The idea: to keep seemingly innocuous internet-connected devices that may compromise our privacy and security out of our home and especially out of our children’s hands.
Today, many coveted gifts are internet enabled. There is the panoply of home hubs and artificial intelligence assistants that promise to make everyday life easier: Google Home can be your butler, DJ and personal assistant. Amazon Echo can switch on the thermostat, share the local news and answer the kids’ burning questions. Then there are the products that seem as if they had the internet tacked on as an afterthought: web-savvy saltshakers and soccer balls that connect to your smartphone. There’s even an internet-enabled rubber duck named Edwin. These newly smart devices can adjust your salt intake, hone your toe kick and serenade your youngsters at bath time.
I’m not opposed to connected devices. These products can be silly, yes, but they can also be delightful and useful. Smart appliances and AI assistants can make us more efficient, encourage healthier lifestyles and connect us to the things we love. Saying “Alexa, play Silent Night” is easier than rooting around for that dusty Bing Crosby vinyl.
But connected devices also bring the worst parts of the web more intimately into our lives: hacking, surveillance, harassment. These are knotty issues with dire consequences. They’re bad enough when confined to adults’ desktops and tablets. What happens when they permeate our kids’ toys?
This isn’t a hypothetical question — it’s already happening. Manufacturers are embedding microphones, cameras and GPS into toys and gadgets, and the results can be frightening. This year, we learned about My Friend Cayla, a Bluetooth-equipped doll. Cayla can converse with kids. She can also spy on them, if hacked. The Times called Cayla a “bright-eyed talking doll that just might be a spy”; the German government outright banned her. There are more examples of the internet’s worst traits invading sensitive spaces. The consumer groups Which and Stiftung Warentest recently conducted an investigation that revealed that toys like Furby Connect and CloudPets could be hijacked by low-tech hackers. Hackers can then transmit spoken messages to kids through the toys’ speakers.
Complicating all this is the lacklustre state of online privacy and security protections. We don’t have very many rules or regulations defending consumers’ online privacy. There aren’t universal trust marks that clearly articulate a product’s security or how consumers’ personal data is used. And there’s limited accountability. Sometimes, a company’s privacy error results in little more than bad public relations.
Security features
It’s no surprise, then, that so many people are leery of a more connected future. According to a recent survey by my organisation, Mozilla, on the topic, the most tech-savvy among us are also the most concerned about privacy.
So what’s the answer? In the long term, smart policy and regulations can make a difference. Ideally, building privacy and security features into connected devices will become as common as equipping cars with seatbelts or putting a nutrition label on packaged food. There are people and organisations doing important work on this front: Consumer Reports measures and reports on the privacy and security of products and services and the Electronic Frontier Foundation provides cybersecurity training. At Mozilla, we released a holiday shopping guide focusing on privacy to raise awareness. In the short term — this holiday season — avoid products where the risks outweigh the value, especially when they’re for your kids, who aren’t in a position to agree to take any risk at all. Does your elementary school student really need a toothbrush with location tracking?
Next, do your due diligence. Ask important questions: What personal data is collected, and how is it stored? Is it encrypted? Can the device be updated if a security vulnerability is detected? You can find answers on manufacturers’ websites, in privacy policies and on product forums.
If a connected device is too appealing to pass up, take precautions before putting it in little hands. Before it is unwrapped and in your home, make the most of its privacy and security features. If the product requires an account, create a unique password and enable two-factor authentication. If location tracking is not essential, disable it. Low-tech solutions can work, too: If you’re not expecting to use the camera, cover the lens with dark tape. And turn off the device when it’s not in use.
If you don’t like the answers you find or if you simply can’t find them, select a gift that takes your privacy and security more seriously. Or opt for analog: Sometimes a good book or homemade sweater makes the perfect — and worry-free — gift.
— New York Times News Service
Ashley Boyd is vice-president for advocacy at the Mozilla Foundation.
