German Government Classifies Doll as Illegal Spyware

This is interesting:

The My Friend Cayla doll, which is manufactured by the US company Genesis Toys and distributed in Europe by Guildford-based Vivid Toy Group, allows children to access the internet via speech recognition software, and to control the toy via an app.

But Germany’s Federal Network Agency announced this week that it classified Cayla as an “illegal espionage apparatus”. As a result, retailers and owners could face fines if they continue to stock it or fail to permanently disable the doll’s wireless connection.

Under German law it is illegal to manufacture, sell or possess surveillance devices disguised as another object.

Another article.

Tags: , , ,

Posted on February 20, 2017 at 6:55 AM76 Comments

Comments

Ion February 20, 2017 7:35 AM

It has nothing to do with privacy. It has everything to do with the usual European protectionism. Samsung TVs were never banned, although they are operating in homes with little children.

Gweihir February 20, 2017 7:42 AM

Possession is illegal as well. And I should point out that it was illegal all along, the “Bundesnetzagentur” just became aware of this recently and issued a warning. Anybody that bought it is required to destroy it and can be required to provide proof of that destruction.

The problem is that this thing is recording (and transmitting the recordings) without obtaining (implicit) consent (by being obvious about it) and recording people in Germany without their consent (or a court order) happens to be illegal. And so is equipment designed to do it clandestinely.

For once, I cannot find fault with that law.

reply to Gweihir February 20, 2017 7:49 AM

The problem is that this thing is recording (and transmitting the recordings) without obtaining (implicit) consent (by being obvious about it)…

What qualifies as implicit consent? Is the difference between legal and illegal the presence of an obvious “recording” light?

Gunter Königsmann February 20, 2017 7:56 AM

It might be important to know that the problem wasn’t that the thing did transfer unfiltered audio data from your children’s room over the Internet: it would have been asked to do that
The problem that made the puppet legally a spy was that it didn’t look like it would contain a hidden microphone: disguising a microphone that records audio in something that looks unsuspecting apparently isn’t allowed in Germany.

Seriously February 20, 2017 8:32 AM

A doll is really a spy?! I’ve been saying the same thing for years now about G.I. Joe and Barbie!! Send them all to the Island of Misfit Toys!

Tatütata February 20, 2017 8:54 AM

Just in case anyone cares…

In my initial comment on this story last Friday I was wondering about the authority the Bundesnetzagentur was operating under. I thought they were somehow applying EU and German provisions respecting product and toy safety.

The report on this case in Die Zeit is more detailed than the one in Der Tagesspiegel I first saw.

Section 90 of the Telecommunications Act (TKG) is the law they are actually enforcing.

Paragraph 1 prohibits the manufacture, sale, possession etc., of bugging devices disguised as objects of daily life, but allows various exceptions regarding their possession.

Paragraph 2 provides powers to Government authorities allowing their possession and use by public bodies, or their manufacture and export to third countries. (If the police plants a snooping device on someone, does this person automatically and unknowingly makes himself punishable?)

Paragraph 3 is a prohibition on advertising. The only distinction I see between the prohibited act and a public discussion on such devices lies in the verb “werben.

Section 116 TKG provides the Bundesnetzagentur the authority to enforce the Act.

I suppose that Section 126 is what the Bundesnetzagentur is actually empowered to do.

After years of seeing ambulant mediocrities such Schäuble, Zensursula, Maas, de Maizière, & co. ducking and wringing their hands (and worse), it is very slightly refreshing to see that a law is for once not only enforceable, but actually enforced.

But this does indeed raises the question about Samsung TVs and many other products.

Finn Lutzow-Holm Myrstad February 20, 2017 9:01 AM

The story builds on, among things, research we did in the Norwegian Consumer Council in December 2016. We uncovered:
1. unsecured Bluetooth connection (meaning anyone within range could connect to the doll, and subsequently talk or listen through the doll)
2. voice data being shared directly to a third party without proper consent, nor transparent terms.
3. terms of service & privacy policy of the doll + app were in breach of at least European law, but also a complaint was filed in the US to the FTC for breaches to COPPA, by EPIC, Consumers Union, Center for Digital Democracy (CDD) and Campaign for a Commercial Free Childhood.
4. hidden marketing. The doll has several phrases of preprogrammed speech, that we think indicates hidden marketing for several products.

The security aspects have also been uncovered by several other entities, such as Pen Test Partners in the UK.

The German ban builds on a “old” spy paragraph it seems and in principle also “criminalizes” the consumer who is in possession of the doll, thus the “destroy the doll” message. We would like to see privacy and security better integrated in product safety laws, as this should be an integral part of production and design, just like other hazards such as chemicals and fire safety.

Tatütata February 20, 2017 9:02 AM

To comply with the letter of the law, its owner only needs to make the thing no longer recognisable as a doll (“die ihrer Form nach einen anderen Gegenstand vortäuschen oder die mit Gegenständen des täglichen Gebrauchs verkleidet sind“) , or make sure that its eavesdropping functionality is known to everyone (“as nicht öffentlich gesprochene Wort […] unbemerkt abzuhören“).

I see a bit of potential for lawyering here.

In any case, a hacker could potentially legally acquire these and experiment with them.

Sebastian Bartsch February 20, 2017 10:08 AM

Being involved with Cyber Security in an Automative environment I wounder if this could scale up to OnBoard Entertaiment solutions… sometimes Bundesnetzagentur is a funny mass (beside not doing their original job).

Greetings from Ingolstadt (Germany), SBartsch

Rhys February 20, 2017 10:15 AM

Logic is, at best, spurious. More than just “smart” TVs…Google Siri, Eva, Alexa, Cortana, Google Assistant, the pending Huawei assistant…the grand delusion that they only listen when you “command” assumes much.

Does anyone believe that Apple TV, Roku, Google ChromeCast, and the Amazon Fire Stick don’t do exactly the same thing? Your cellphones? What about the ‘car (re)corders’?

If the intelligence agencies are the only ones many might believe will listen/record without disclosure to their target is… naive. Just as believing that only the sanctioned intelligence agencies are the only ones capable of clandestine ops. A backdoor is used by any who walk through it. Sanctioned or not.

What’s left to us? Get Smart’s “Cone of Silence” or environmental background selective noise masking (pink)?

NystagmusE February 20, 2017 10:53 AM

Good comments.
Thank goodness for those of you who perceive the irregularities and nonsenses and problems explained and implied.

Yet again, more reasons why the “IoT”/”Internet of Things” is a bad idea. So the next question is…
Why is the Internet of Things being shoved down all of our throats?
Why is so much public media talking as if it’s arriving no matter what, whether we like it or not?
No, it’s not guaranteed to arrive and be unstoppable. So who exactly is pushing it the most? Which corporations? Which government agencies or subcontractees? Which individuals?

We need more info on this, so those sources can be sent reasonable interventions and/or convinced they are going down the wrong path for the wrong reasons.

Also, yeah… Samsung is all over the place looking suspicious in this regard.
So who’s “paranoid” now?

keiner February 20, 2017 11:00 AM

@ Ingolstadt

From my care entertainment (especially in connection with a “smart”phone) I generally expect spying on me. Not so much from a doll in a child’s room.

Bear February 20, 2017 11:38 AM

Of course it’s not the first time this has happened with a toy.

Pre-IoTargets, Furby was banned from dozens of secure environments. NSA did it first, then all kinds of paranoids followed suit. The little bugger had a microphone and its onboard programming was supposed to make it “learn” to make language-like noises by listening to the people around it. But, at least in theory, it was possible to go backwards from the language-like noises it had learned to figure out at least a few of the phrases that had been spoken in its presence. The manufacturers disputed this, but the toy produced recognizable repeated words and phrases….

But retrieving information from Furby would actually have been hard. You’d have had to get physical possession of the device after your target had been using it, and its ‘language’ storage was a mishmosh of phoneme frequencies and Hidden Markov Models, not an audio recording. Retrieving information from the Cayla doll is dead-easy, provides two-way communication, and can be done in realtime over an unsecured bluetooth connection.

albert February 20, 2017 12:07 PM

Security Theatre, anyone?

“…The ruling comes after Stefan Hessel, a student at Saarbrücken University, raised concerns about the device, which was voted one of the top 10 toys of the year in 2014 by the German toy trade association….”

So, we have a student who raises concerns 2 years ago, and nothing is done until now. What were the EU and German commissars doing all that time?* Sitting on their hands, ’till they go numb?

Now that The Word is out, we have this from the manufacturer:

“…Vivid Toy Group has not responded to a request for a comment on the German ruling. Previously the company has said examples of hacking were isolated and carried out by specialists, but it was looking into upgrading the app used along with the doll….”

Ha! They have no intention to stop selling the product.

To my German cousins: Welcome to American Capitalism at its best!

Better enforcement of privacy laws would be a good thing, but there’s a lot of money to be made by ignoring them.

Here in the Colonies, ‘we’ are working assiduously to destroy them, hence the Cayla Doll.

*Were the German IC community experimenting with the doll? You can bet our CIA would be all over it:)

P.S. The Cayla doll needs to be set up through a smartphone app. Anyone have a TOS/EULA for that app?

. .. . .. — ….

CallMeLateForSupper February 20, 2017 12:15 PM

“Under German law it is illegal to manufacture, sell or possess surveillance devices disguised as another object.”

I think that is sensible and speaks to the point clearly and concisely.

The business of designing/building/marketing any item for profit is one more race to the bottom. “Turn your TV into a PC monitor!” “Convert a soldering torch into an awesome cigar lighter!” “Control your [whatever] with your fartfone” No, I am not anti-capitalism; I am anti-crap.

Some decades ago I was in Germany on business for several months (my first time in Europe), and within about one week I felt I had “come home”. Nearly everything seemed to be based on sound reasoning[1]. In USA, the law mandated wearing of seat belts but insurance could pay out in the case you were injured; in Germany, wearing a seat belt was voluntary, but if you had a dust-up and were not wearing a seat belt then your insurance did not have to pay out. I like to have personal choice, so I appreciated the German way (though I always buckled up, and tightly while on the Autobahn.

[1] But not everything. For example, wall switches: in Germany, down is ON; in USA down is OFF. I never got used to that difference.

albert February 20, 2017 12:44 PM

@keiner,
I not fluent in German, so I’ll take your word for it:)
What about Stefan Hessel?

IIRC, 400,000 of those babies were sold. At 70-some bucks per, that’s not pocket change. And this doesn’t include future ‘advertising’ income.

@CallMeLateForSupper,
Is the cold water still on the right?
. .. . .. — ….

Anon February 20, 2017 1:04 PM

I have the same question as albert:

Why was nothing done for over two years?

Why is the EU suddenly interested since the Germans decided to ban them, and didn’t worry about privacy of such toys/capability before?

My Info February 20, 2017 1:05 PM

@NystagmusE

Yet again, more reasons why the “IoT”/”Internet of Things” is a bad idea. So the next question is…
Why is the Internet of Things being shoved down all of our throats?
Why is so much public media talking as if it’s arriving no matter what, whether we like it or not?
No, it’s not guaranteed to arrive and be unstoppable. So who exactly is pushing it the most? Which corporations? Which government agencies or subcontractees? Which individuals?

China makes the IoT stuff and Russia listens to it and interprets the raw intelligence. Russian, like most modern Western European languages, is of Indo-European descent, whereas Chinese is not.

We’ve already discussed the covert Russian/Jewish “Protocols” connection. The first family is playing fast and loose with that one using their own baby to push the gentile circumcision propaganda.

keiner February 20, 2017 1:15 PM

@Anon

The “Bundesnetzagentur” is the federal regulator for interweb and things, not frequently monitoring the toy markets closely, huh?

I guess the story developed as I outlined above: The story in the German tech press in December 2016 (link heise.de) and subsequently a young lawyer at the university wrote the statement in January 2017.

Subsequently the feds woke up… 😉

D-503 February 20, 2017 1:27 PM

Sounds like the legal issues can be resolved by dressing the doll in a MfS (Stasi) uniform and programming it to say things like “Liebchen, were your parents loyal to the Party today?”.

But what do you do with something like an Apple device? If I understand correctly, the default settings result in Siri extracting data from voices heard by the microphone, and sending that data to a server in a jurisdiction with weak or no privacy protections. A clear violation of this law. Should everyone in Germany destroy their Apple devices?

Most consumer electronics these days are covert listening devices disguised as something else. It isn’t due to some nefarious conspiracy by spy agencies. It’s due to something much more insidious: The prevailing business model, where the user is no longer seen as the customer or client. Instead, the user is the product.

https://www.aclu.org/blog/free-future/privacy-threat-always-microphones-amazon-echo
“It should also become standard to build in a hardware power switch that physically cuts off electricity to a microphone so that consumers can stop a microphone from recording.”

https://www.aclu.org/blog/note-self-siri-not-just-working-me-working-full-time-apple-too

keiner February 20, 2017 1:46 PM

@D-503

“surveillance devices [b][u]disguised as another object[/b][/u].”

..with Google, Apple, Amazon, M$ etc. you don’t expect anything else but treason.

k15 February 20, 2017 1:48 PM

Here are an etiquette question and a practicality question.

If you think someone has compromised your communications (and possibly other security), what is an appropriate way to inform your intended interlocutors of the communications part, without causing them to think you have taken leave of your sanity?

Is there a way to restore secure communications once they have been lost, or would insecurity of our shipping and retail channels preclude this?

k15.1 February 20, 2017 1:59 PM

Also, in an increasingly botfilled online world, what should be the legal consequences if a bot pretends to be a sentient, engageable human?

Antimon555 February 20, 2017 2:17 PM

They warned for this doll in a program on Swedish Public Radio before Christmas. Swedish Public Radio are otherwise very positive to (id-) IoT stuff, and regards privacy as one of those things to maybe dust off and report shallowly and briefly about when there are no “real” news…

albert February 20, 2017 2:25 PM

@D-503,
The ACLU needs to be more tech-savvy. Their ‘smart meter’ argument is conspiracy theory, at best. With smartphones, you’ll -never- get perfect security, not even decent security. What manufacturer is going to put hardware switches on their devices mics? Don’t they use a software (virtual) audio bus?

A properly designed electret mic can function without power applied to it.

Folks use Siri, etc, at their own risk.

Popularity, currency(kewlness), and convenience will trump any security concerns. Don’t forget the IoTs that -will not- function without Internet Access (even if IA is not required for their functionality). Are there any computer OSs that -require- IA to function?

“…The prevailing business model, where the user is no longer seen as the customer or client. Instead, the user -is- the product….”

Indeed, but it’s insidiouser than that. The ‘product’ is extracted from the user, and used in ways unknown to the user. In a TOS, usage is ‘explained’ in vague, meaningless, or harmless ways.

No IC/LEC required. (but they’re always around:)

@k15.1

“…Also, in an increasingly botfilled online world, what should be the legal consequences if a bot pretends to be a sentient, engageable human?…”

Judging from the latest election and it’s consequences, the bar is low enough to reach by fairly simple code. Anyone want to write a Trump-bot? Oh wait, you said “sentient, engageable”.

I take that back.

. .. . .. — ….

Dirk Praet February 20, 2017 5:38 PM

@ keiner

… subsequently a young lawyer at the university wrote the statement in January 2017.

Pretty clever that for once someone actually uses the “think of the children” argument AGAINST surveillance. We need more people like that.

Jostein Tveit February 20, 2017 7:47 PM

A report on Cayla and other smart toys done by the the Norwegian company Bouvet on behalf of the Norwegian Consumer Council.

phs318u February 21, 2017 3:03 AM

If the issue is the fact that the doll does the look like a spy, perhaps owners could avoid destroying the dolls by dressing them in Stasi uniforms?
😉

Phil February 21, 2017 7:56 AM

@Ion and others saying it’s European protectionism

There was an official complaint to the FTC by EPIC in the USA about this toy on December:
https://epic.org/privacy/kids/EPIC-IPR-FTC-Genesis-Complaint.pdf

You must admit Europe is pretty powerful if they can force a complaint in America by American citizens against an American company.

Following the EPIC complaint, several consumer protection associations in Europe filed suits against the company in Nederland, Belgium, Ireland, Norway and France. I remember this made the news a few weeks before Christmas.

Truth is:
1. This toy records everything it ears and sends that sound data to a distant server without asking for consent.
2. These private informations are sent unencrypted over bluetooth, so anyone with an antenna in the vicinity can get a copy and listen to everything that’s happening around the doll.
3. The same insecure channel is also used to send back the doll’s text so the antenna spy can also dictate what the doll says.

So there’s no doubt it qualifies as a spying device. And worse than that it qualifies as a badly designed leaking spying device.

The IoT is an interesting opportunity to create new behaviours. But it’s also an enormous increase in volumes of detailed and valuable private data transiting on the networks.
So end-to-end encryption should be a minimum requirement for connected devices.

Dirk Praet February 21, 2017 8:32 AM

@ Phil

@Ion and others saying it’s European protectionism

The universe of alternative facts (AKA unsubstantiated opinions) is indeed expanding faster than the speed of light ever since the 45th POTUS took office. There were similar complaints and suits against Samsung’s spy TV’s. I guess this particular commenter also mistook Samsung for a German instead of a Korean company when making that baseless remark about European protectionism.

You must admit Europe is pretty powerful if they can force a complaint in America by American citizens against an American company.

I guess it’s just a matter of time before some moron labels Europe a terrorist hellhole for not accepting US hormone beef and GMO’s either.

Steve Turnbull February 21, 2017 9:19 AM

Hi Bruce, I work for The Question, a new ‘explainer’ (news and knowledge aimed at the curious) site.

We’re looking for a brief (400 words min) expert answer to this fascinating cybersecurity question if you’re interested?

http://theqstn.com/questions/222801/who-is-winning-the-cyberwar-security-or-hackers

We’re a fast-growing site with a broad reach so even though it’s not paid it’s a good value opportunity to promote books, sites etc. and to network. Hence its appeal to the many experts/academics who have written for us.

Looking forward to hearing.

Kind regards,

Steve

Dirk Praet February 21, 2017 11:13 AM

@ Bob

So if I’m reading this right, nanny cams are illegal in Germany?

Sigh. The reason the doll got banned is because German law forbids surveillance devices disguised as something else. So unless a nanny cam – which is actually meant for child surveillance – is dressed up like Kermit the Frog and marketed as your child’s new best friend, there is nothing illegal about it.

@ Steve Turnbull

We’re looking for a brief (400 words min) expert answer to this fascinating cybersecurity question if you’re interested?

The only thing you have to do for that is searching this blog’s archives.

keiner February 21, 2017 11:53 AM

…reading capabilities are really declining these days. How about making america great again by reading some books?

fa February 21, 2017 1:31 PM

Re. http://theqstn.com : this seems to be one of those site piggybacking on facebook and twitter to make some money. The ‘terms of use’ mention a ‘privacy policy’ which is nowhere to be found. Recommend to avoid like
the pest.

Re. the doll: not only is this pure spyware, it also tries to abuse children for marketing purposes (at least in the US according to the EPIC file). Don’t know which I find more disgusting.

Chelloveck February 21, 2017 1:50 PM

@NystagmusE:

“Why is the Internet of Things being shoved down all of our throats?”

Profit, pure and simple. Profit from an altruistic viewpoint (“Hey, I bet people would really like widgets that do this.”), profit from a cynical viewpoint (“Well, most people don’t really want widgets that do this, but if we can convince them that widgets which don’t do this are obsolete we can sell them all new widgets this year.”), and profit from a sociopathic viewpoint (“I don’t care if people want this or not, we’re going to put it in anyway so we can sell the data it collects.”). You can find IoT devices being sold for any and all of the above reasons.

“Why is so much public media talking as if it’s arriving no matter what, whether we like it or not?”

I think that would be because it’s arriving no matter what, whether we like it or not. It’s possible to do. It generates profit. Therefore, it will happen. There are enough people who like the features and either don’t consider or don’t care about the the disadvantages.

“So who exactly is pushing it the most? Which corporations? Which government agencies or subcontractees? Which individuals?”

You don’t need to postulate any conspiracies. There’s no one behind the curtain playing all the manufacturers like some sort of mad puppeteer. There’s enough honest and dishonest profit to be made to cause each manufacturer to individually try to get their very own piece of that pie.

Personally I think it will all work itself out eventually. Cheap, ubiquitous connectivity is a fairly new and disruptive technology. Consider yourself disrupted. Manufacturers will eventually wise up due to market pressure or due to government regulation, just like OS vendors have over the years. As security-minded individuals it’s up to us to evaluate devices and raise red flags to warn others of problems so the wising-up can occur.

Tõnis February 21, 2017 4:31 PM

@albert, “Folks use Siri, etc, at their own risk.”

It makes no difference to an innocent victim whether the clown he is having a conversation with is using a doll or a crapple (or spydroid) device. The surveillance he is being unwittingly being subjected to is an offense to his person.

Da Fool February 21, 2017 5:07 PM

@Dirk Praet

But if a nanny cam is disguised as a telephone or a TV… that’s apparently OK too? That’s why iPhones and Samsung TVs are not banned?

Clive Robinson February 21, 2017 5:40 PM

@ Albert,

Waiting to bid adieu to @Steve Turnbull….

Did you notice Steve did not offer the opportunity to other blog members…

Perhaps he is just “name shopping” especially as he does not appear to have the gelt to seal the deal.

And before anyone offers me such an “opportunity” I shall politely decline, as “white rabbits” need “cream of truffle sauce” to be effective as a dish, otherwise they taste of “pot boild” capon[1] which many would consider a waste.

[1] https://center-of-the-plate.com/2012/11/13/all-about-capon/

Dirk Praet February 21, 2017 6:58 PM

@ Da Fool

But if a nanny cam is disguised as a telephone or a TV… that’s apparently OK too?

You honestly don’t see the difference between a child’s doll and a phone or a TV, do you know? As questionable as the surveillance features of the latter are, there’s still a bit of a nuance here.

Da Fool February 21, 2017 8:59 PM

@Dirk Praet

I suspect most of the nuance is merely “think of the children” fear-mongering though… they are otherwise exactly the same thing… a spy device disguised as something else! That’s my point. The fact that most people can’t see this just means apparently the disguise is really good!

Da Fool February 21, 2017 9:04 PM

…or maybe it just means that the whole doll thing is ridiculous, since everyone has accepted that all electronics are de-facto spy devices, so nothing’s in disguise anymore…

Da Fool February 21, 2017 9:32 PM

@Dirk Praet

“I guess it’s just a matter of time before some moron labels Europe a terrorist hellhole for not accepting US hormone beef and GMO’s either.”

What?? You Europeans don’t want to all die from the beloved diseases we have over here in Murica? What traitors to the almighty dollar! Definitely terrism to not all die like us and give us all your money!

Ok, I’ll stop with the sarcasm now, but seriously, this unfortunately seems to be the mindset of a lot of people over here lately… it almost seems the more ridiculous it sounds the louder it gets!

Don't worry about it February 21, 2017 9:56 PM

There are plenty of other good spy devices, people might find a doll a bit curious if you are a 50 year old man.

tyr February 21, 2017 10:14 PM

@keiner

A good book to start with is ‘Tragedy and Hope’
by Carroll Quigley.

There are people who would prefer it never gets
read so highly recommended.

There are some nasty assumptions made by the
folk who make stuff for children and when they
intersect with the Net it becomes psychopathic.

Ben February 21, 2017 10:42 PM

@CallMeLateForSupper:
glad you liked it in Germany. Must have been a while ago. Seat belts are
compulsory in Germany since 1976, enforced by penalty of fine since 1986 🙂

@albert:
Cold water on the right, warm on the left, that’s right 🙂
Unless you own one of these modern mixer taps.

Copyleft February 22, 2017 2:21 AM

@Dirk Praet, about Steve Turnbull’s request: “The only thing you have to do for that is searching this blog’s archives.”

Is there any text I missed on schneier.com authorizing such a copy ? I do not talk about the above quote, only Bruce himself can make such an authorization.

A February 22, 2017 2:28 AM

@Chelloveck: “Manufacturers will eventually wise up due to market pressure or due to government regulation, just like OS vendors have over the years.”

So IoT (self?)-regulation will take 20 or 30 years ?

Dirk Praet February 22, 2017 3:25 AM

@ Copyleft

Is there any text I missed on schneier.com authorizing such a copy ?

I assume anyone referencing an article or opinion by our host would explicitly credit him as the author, or ask permission for it.

@ Da Fool

… a spy device disguised as something else! That’s my point.

Where we obviously differ is that I laud the efforts of everyone involved in getting that stupid doll banned on privacy grounds, whereas you seem to think we should just let it slip because our phones and TV’s are spying on us too. That’s no sarcasm but cynicism. And which has never furthered any cause.

Chelloveck February 22, 2017 10:04 AM

@A So IoT (self?)-regulation will take 20 or 30 years ?

Probably so. Many of the current IoT manufacturers have very little computer security background. Their expertise tends to be more in the “Things” rather than the “Internet”. It will take them a while and some hard knocks to learn the lessons that the computer people have spent decades learning. Hopefully that period will be shorter since IoT manufacturers can hire in some of that computer expertise. On the other hand, many aspects of ordinary computer network security are still weak (even when the experts know better) and attackers are very clever. Yeah, regulation (self or imposed) will continue to evolve over the next few decades.

I was responding to @NystagmusE, who said that the IoT is a bad idea and implied that some entity had an ulterior motive for pushing it on us. I disagree on both counts. I think the devices are useful and desirable, but there’s a rocky road in front of us until we work out technologically and sociologically how to deal with them and the new threats they introduce. And I’m not saying, “Oh, just sit back and wait. It’ll all be okay.” Consumers, manufacturers, and governments need to work to make it okay. It’s just that the work will take decades.

Clive Robinson February 22, 2017 11:11 AM

@ Chelloveck,

I think the devices are useful and desirable, but there’s a rocky road in front of us until we work out technologically and sociologically how to deal with them and the new threats they introduce.

Some are usefull some may be desirable to some, whilst others are fairly usless vanity items.

Such is any new market where less than 5% of “the new” will actually be around in a year or less. Even when the market stabilizes in around 5-10years only 10% of new products will last a life cycle.

The real problem is the secondary effect of monetization in an otherwise profit less market. This is what the invasion of privacy is all about. And it’s clear how important it is where quite a few IoT devices will not work unless they can do an ET and “Phone Home”.

That is why I assume all IoT devices and quite a few “home entertainment” systems are very very bad news and will not give them “house room”.

Unfortunatly as is often the case it’s “fad not common sense” that initialy drives a new market, and this can become a disaster due to “custom and practice” effects.

albert February 22, 2017 12:35 PM

@Clive,

Good comment, as we’ve grown to accept.

@et al,

We don’t have 5-10 years, let alone decades, to take care of this. It’s clear from the latest DDOS incidents that IoT devices contribute to, and indeed, make possible such behavior. Thus it’s not just the fools who buy them that suffer; it’s everyone.

Re:Cayla doll. The ‘ulterior motive’ is data collection. The user has -no control- of the data collected, or -how it is used-. Are the LE/IC interested in this? Bet on it. It’s been hinted at, but I’ll say it: This doll is wet dream for a certain class of psychopaths. (OK, I stepped back a little on that; can you blame me?). They’re gonna be all over these products like a cheap suit.

How about a talking doll with no Internet connection? -Everything- (except data collection) that’s being done in the server can be done in the doll, and at little or no cost increase. So why have Internet?

As I’ve said, I don’t give a rats sorry ass about people, through ignorance or stupidity, get burned by these IoT abuses. But others, like non-users and particularly, children, suffer, then something needs to be done.

The corporatocracy controls the MSM, and that’s how they maintain their business. I’m surprised folks like Vivid Toys haven’t reached the level of Monsanto, and get laws passed to make it illegal to criticise (or even mention) their products.

Vote with your wallets, and don’t buy this stuff.

The gov’t is not your friend; don’t wait for toothless security-theater ‘regulations’.

Germany did the right thing in the wrong way. You can’t expect folks to follow retroactive regulations that cost them money. If these products are illegal, they shouldn’t be available in your country in the first place. The EU needs uniform, enforced, privacy laws. And trade ‘agreements’ need to adopt the strictest of those for everyone.

Don’t bother with technical ‘solutions’. Like bandages, they cover the wound, but they don’t heal it. The body does that.

I’m sick, sad, and wasted, and I’m not the only one.

. .. . .. — ….

braun February 22, 2017 4:19 PM

What qualifies as implicit consent? Is the difference between legal and illegal the presence of an obvious “recording” light?

The problem with this particular toy is that there’s no indicator OR TRIGGER whatsoever. It essentially works like a bug. It’s the ‘covert’ nature that is the problem.

Da Fool February 22, 2017 5:05 PM

@Dirk Praet

Actually, I think banning half the phones and TVs and even general-purpose computers on the market might be a much bigger wake-up call, I’m for that…

You’re right, the baby step in the right direction can be a positive thing, but it’s negative if we’re satisfied that’s enough and don’t go any further. Spy devices are spy devices… either you allow them all, or you ban them all, shouldn’t be one standard for kids toys and another for adult toys based only on the person’s age. My point in presenting it this way is to show the inconsistency, not to promote accepting everything as spy devices forever.

Clive Robinson February 23, 2017 12:20 AM

@ Da Fool, Dirk Praet,

You’re right, the baby step in the right direction can be a positive thing, but it’s negative if we’re satisfied that’s enough and don’t go any further. Spy devices are spy devices… either you allow them all, or you ban them all,

The problem is “technology is agnostic to use” thus the good/bad of any implementation is dependent on an individuals Point of View (PoV) and importantly who the “individual”[1] is. To deal with this good/bad issue, the law has the notion of the “Directing Mind” that in effect controls the finger that is on the trigger.

Traditionaly when it came to tangible physical objects there was an implicit assumption of “ownership” that gave rights to individuals that allowed the “Directing mind” PoV to work. This worked easily for inanimate objects and to a limited extent for “live stock” where the owner was assumed to “shepard the flock” or “train the dog”. The real problem arises when “a dog has two masters”, because then there are two directing minds, which gave notion to the idea of the “Directing mind of record” and the “Directing mind of use”. That is the actual owner and the current user. The problem is the definitions fail when two people are in control at the same time there is no single directing mind at any given point in time.

Think if you will of a gun that you hold in your hand but another mind controls the trigger remotely. Now consider two different scenarios you holding the gun when you are getting charged by an angry bear, and you pointing the gun at a person who controls the cash register. If it’s you that controls the trigger, it’s “your responsability for your destiny” if it’s someone else then your destiny is down to that other directing mind[2].

The legislation has yet to catch up with the “software problem”. The law alowed for shared ownership so that commerce could flourish via the various payment instalment systems such as mortgages, hire-purchase, leasing etc and were obviously different from simple hire arangments as the intent was to transfer ownership. Thus the usage directing mind was still attributable to an individual directing mind irrespective of actual payment second interests.

The software industry pushed against this model hard and has come up with the legaly untested notion of “licencing” where they retain ownership even though you directly purchase. The entertainments industry has pushed this further with what we politely call Digital Rights Managment (DRM). Even upto this point it was possible to distinguish the directing minds at any given point in time.

Now however we have moved on again in unyested legal waters and have hit a bit of a reef between morals. Overly simply in the US Personally Identifying Information (PII) belongs to whoever collects it. In the EU it belongs to the “Data Subject”. Which brings up the question as to whose rules apply and do not apply under any given situation and it’s a real mess. From an implementation PoV the US system would appear simpler but it is not in practice, as it destroys the rights of ownership that the likes of the entertainment industry is trying to preserve.

So currently we are back to the old King Game of “might is right” which companies tend to prefer as it gives them the “whip hand” over the consumer. But they hate it when the whip hand “is the people” or those tasked with looking after the rights of the people via legislation.

Untill the mess is sorted out then the individual will lose out because contrary to what many claim there is no such thing as a “free market” due to the failure of the idea of perfect current or future knowledge by the consumer who thus can not make “a rational choice in full knowledge”.

Oh and don’t expect it to get sorted out any time soon, you have two conflicting PoV’s in the big players. And it’s becoming clear from MicroSoft’s behaviour that they think the old licencing model will lose thus the “off line”[3] CD/DVD etc entertainment industry will lose as well[4]. However a lot of legislators, lawyers and lobbyists will get mightily rich in the meantime.

[1] I use the EU definition here of “Any person legal or natural” which covers people in the flesh and legal entities like companies and other organisations.

[2] This is not a dry academic problem of ethics, there are real world situations it occurs. The first to consider is the original nuclear weapon launch “two man” system, the second consider the Piper Alpha production platform disaster, https://en.m.wikipedia.org/wiki/Piper_Alpha And why they both failed, the first during a “real world” simulation the second for real.

[3] I’ve talked about this in the past and without going through it all DRM will always fail in “Off Line” systems.

[4] MicroSoft are probably right about this as the history of Play / Music rights has shown under “new technology” from the “printing press” onwards through the likes of photo copiers and tape recorders has shown.

Da Fool February 23, 2017 1:43 AM

I really likes it when a “simple” comment of mine elicits a long Clive post with 4 footnotes!

Clive Robinson February 23, 2017 1:55 AM

@ Da Fool,

I really likes it when a “simple” comment of mine elicits a long Clive post…

Well ask a “childs”[1] question like “Why is the sky blue” or “Why does the sun shine” and you could wear my fingers down to a nubin.

[1] Those simple questions adults tell lies as answers, because they are much too difficult to answer truthfully. But the real answers of which move mankind forward…

Clive Robinson February 23, 2017 5:11 AM

@ Wael,

The snitch or the stitch 🙂

Play no sad mandolin for me a slice of melody will suffice[1]…

Your “snitch” reminds me of a story by Issac Asimov “A niche in time saves Stein”.

Speaking of puns and jokes,

A modern day Alice[2] asked the White knight what his favourite song was, to which he replied “Save the last lance for me”…

[1] You use a mandoline to make a melody, especially a vegtable melody. As Shakespeare noted,

    If music be the food of love, play on, Give me excess of it; that surfeiting,The appetite may sicken, and so to die.

[2] The logical answer is to stare at Charles Lutwidge Dodgson’s mirror with “Haddocks’ Eyes”,

https://en.m.wikipedia.org/wiki/Haddocks%27_Eyes

Dirk Praet February 23, 2017 7:31 AM

@ Da Fool, @ Clive

Spy devices are spy devices… either you allow them all, or you ban them all

If only the world were as simple as that. The upside of the doll case was that apparently some line was crossed which caused regulatory bodies to intervene, pretty much like what recently happened to alt-right provocateur Milo Yiannopoulos with his comments about pedophilia.

Although it is highly unlikely that this will in any way change the big data/surveillance landscape, it is an important precedent that inevitably will affect the mindset and actions of product vendors and service providers who think they can get away with anything. Or as Lao-tzu famously said: “A journey of a thousand miles begins with a single step”.

@ Clive

If music be the food of love, play on

There was of course no way The Bard could have predicted the rise of genres like death metal and grind core.

K.S. February 23, 2017 12:19 PM

While I think it is very clear that the doll is designed with invasive monitoring in mind, and is insecure and ripe for abuse on top of that, why focus only on this doll? There are much bigger offenders – Samsung Smart TV, OnStar auto platform, Facebook tracking, Siri and other similar “assistant” products.

I personally would applaud decision that all Samsung Smart TVs must be destroyed. This should discourage further transgressions of this kind.

Purism February 25, 2017 6:46 PM

@D-503

But what do you do with something like an Apple device? If I understand correctly, the default settings result in Siri extracting data from voices heard by the microphone, and sending that data to a server in a jurisdiction with weak or no privacy protections. A clear violation of this law. Should everyone in Germany destroy their Apple devices?

If Siri can’t be disabled/removed, yes.

Most consumer electronics these days are covert listening devices disguised as something else. It isn’t due to some nefarious conspiracy by spy agencies. It’s due to something much more insidious: The prevailing business model, where the user is no longer seen as the customer or client. Instead, the user is the product.

If that was true flagship phones would be dirt cheap.
No.
Any company that could advertise that it was the only one that didn’t spy on its users would have a huge competitive advantage in a free market, but the spy agencies won’t allow that.

https://www.aclu.org/blog/free-future/privacy-threat-always-microphones-amazon-echo
“It should also become standard to build in a hardware power switch that physically cuts off electricity to a microphone so that consumers can stop a microphone from recording.”

Librem has this https://puri.sm/posts/purism-kill-switches/
Expect the spy agencies to run it out of business soon.

Purism February 25, 2017 8:09 PM

@k15

Is there a way to restore secure communications once they have been lost, or would insecurity of our shipping and retail channels preclude this?

Cover as many bases as feasible. There are no silver bullets, on either side.

@albert

With smartphones, you’ll -never- get perfect security, not even decent security. What manufacturer is going to put hardware switches on their devices mics? Don’t they use a software (virtual) audio bus?

Nothing is perfect but here are some improvements. If you really care about freedom then instead of saying “just give up and accept the reign of Satan” please support the freedom fighters any way you can, everyone can make a difference.
https://puri.sm/surveys/librem-phone-preliminary-survey/ https://murobbs.muropaketti.com/threads/librem-phone-open-source-linux-puhelin.1333927/ http://www.phoronix.com/scan.php?page=news_item&px=Purism-Librem-Phone-Survey https://www.reddit.com/r/Purism/comments/554mai/survey_for_the_librem_phon https://www.reddit.com/r/linux/comments/5548zs/please_share_your_input_on_the_upcoming_librem/
https://copperhead.co/android/ https://en.wikipedia.org/wiki/CopperheadOS https://github.com/CopperheadOS https://www.reddit.com/r/CopperheadOS/
http://www.replicant.us/ https://en.wikipedia.org/wiki/Replicant_(operating_system) https://www.reddit.com/r/ReplicantOS/ http://economictimes.indiatimes.com/topic/Replicant-(operating-system)

@fa

The ‘terms of use’ mention a ‘privacy policy’ which is nowhere to be found. Recommend to avoid like
the pest.

Recommend to use PureOS with PureBrowser or QubesOS with Tor Browser Bundle and stop relying on the good will of website owners, their hosting companies, those companies’ ISPs, etc. Just turn off javascript, cookies and media codecs if fear of zero-days is preventing you from reading websites that aren’t mainstream (which is silly btw since even well known sites like yahoo and youtube serve ads with zero-day exploits on page-load).

@Chelloveck

a sociopathic viewpoint (“I don’t care if people want this or not, we’re going to put it in anyway so we can sell the data it collects.”)

You forgot the Great Firewall of China/GCHQ/GRU/NSA viewpoint; hating the very idea of privacy so much that you’d shell out hundreds of billions of dollars for the sole purpose of sabotaging cybersecurity for everyone. Lookup sigint enabling on startpage.com, ixquick.com of duckduckgo.com for tons of info on this sabotage being carried out by the superpowers.

You don’t need to postulate any conspiracies. There’s no one behind the curtain playing all the manufacturers like some sort of mad puppeteer.

Is it postulating when such agencies admit to and make excuses for such sabotage, on national television, and in their own top secret classified cables?

Manufacturers will eventually wise up due to market pressure or due to government regulation, just like OS vendors have over the years.

Is security improved by the government? Search for the cipher wars, or the lotus notes NSA-mandated backdoor, or the FireWire attack against BitLocker that the government had Microsoft make for them. Look at how people who read about I2P, Tor, or even LinuxJournal are targeted. Look at all the laws in all the superpowers of the Satanic world designed to cripple cybersecurity and persecute those who dare read about it, and then get back to me on how much the governments are going to save everyone from the big bad free market capitalists.

@Monkey SN476528747

Be afraid

very afraid

That’s what the antichrist wants.
Jesus, or Buddha, or whatever you believe on, wants you to educate yourself, your family, your friends, neighbors and community, and to be careful. Encryption works. Good OpSec works. Not 100%, but better than just cowering.

@Chelloveck

attackers are very clever.

Not really. Most attackers prey on ignorance, terrorize people into being afraid to learn about or practice good OpSec, terrorize hardware software or email vendors into betraying their customers, or have outrageous amounts of unchecked authority which they systemically abuse for the sole purpose of attacking the taxpayers they are paid to protect. Defense takes brain, offense just takes a lack of values.

I was responding to @NystagmusE, who said that the IoT is a bad idea and implied that some entity had an ulterior motive for pushing it on us. I disagree on both counts.

J-TRIG. Project Bullrun. Great Firewall of China. Juniper backdoor. Clipper chip. CALEA-2. Equation Group. GRU. North Korea.
Countless entities are clandestinely pushing for insecure standards like unencrypted IoT, “The Cloud”, 2-factor based on phones with downgrade attacks in A5 EXPORT cipher, and dual curve ECC.
Not all of it is clandestine. One country is subsidizing innocent, naive dupes into bugging themselves with IoT “security” cameras that have Cloud backdoors.

@albert

How about a talking doll with no Internet connection? -Everything- (except data collection) that’s being done in the server can be done in the doll, and at little or no cost increase. So why have Internet?

There is huge push from the IC to do everything in “The Cloud” since that is the least secure way.
Some people are standing up to this by making QubesOS to replace Windows 10, Replicant to replace Android, F-Droid to replace Google Play Store, OsmAnd to replace Google Maps, Signal/Telegram/Silence/Serval/Rumble/Ring/Conversations/Xabber/Kontalk/EnsiChat/Surespot/Fire Chat/Gilga to replace Google Hangouts/iMessage/etc, offline A-GPS, offline speech recognition, etc. If you wish people well please support such projects.

Don’t bother with technical ‘solutions’

Such sentiment leads to increased number of cyber attacks.

The problem is “technology is agnostic to use” thus the good/bad of any implementation is dependent on an individuals Point of View (PoV) and importantly who the “individual”[1] is.

SigInt enabling and the trojans/backdoors for it always make people less secure. Good OpSec and the security HW&SW for it always make people more secure.

The legislation has yet to catch up with the “software problem”.

The legislation caused it. Banning/subverting encryption(cipher wars, clipper chip, SSL EXPORT, A5/2), persecuting people who dare take control of their devices(DMCA/DRM), forcing companies to provide SigInt enabling services(LavaBit). There’s no literal red devil with a pitchfork, pointy ears and a tail. There’s IC.

Which brings up the question as to whose rules apply and do not apply under any given situation and it’s a real mess.

It’s real simple. Sabotage, hacking and domestic spying are illegal.

@K.S.

While I think it is very clear that the doll is designed with invasive monitoring in mind, and is insecure and ripe for abuse on top of that, why focus only on this doll? There are much bigger offenders – Samsung Smart TV, OnStar auto platform, Facebook tracking, Siri and other similar “assistant” products.

I personally would applaud decision that all Samsung Smart TVs must be destroyed. This should discourage further transgressions of this kind.

I think it’s very clearly because the rest of those were designed to only let the IC & ISPs and OEMs abuse them, whereas even the little guy could repurpose the doll.

NetBeans February 26, 2017 11:56 PM

@Purism

There is huge push from the IC to do everything in “The Cloud” since that is the least secure way.
Some people are standing up to this by making QubesOS to replace Windows 10, Replicant to replace Android, F-Droid to replace Google Play Store, OsmAnd to replace Google Maps, Signal/Telegram/Silence/Serval/Rumble/Ring/Conversations/Xabber/Kontalk/EnsiChat/Surespot/Fire Chat/Gilga to replace Google Hangouts/iMessage/etc, offline A-GPS, offline speech recognition, etc. If you wish people well please support such projects.

why don’t you list aimsicd?
fdroid https://f-droid.org/wiki/page/com.SecUpwN.AIMSICD
github https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.