海角大神

The Internet of Toys raises new privacy and security concerns for families

Passcode, the Family Online Safety Institute, and the Future of Privacy Forum hosted a discussion on kids and the connected home this week. Here are five things we learned. 

If you're a parent buying a talking toy for your kids, you probably wouldn't want a hacker using it alone in their bedrooms. Nor would you want hackers using their toys as a way to听听sensitive personal information about them.

But that's the risk parents must consider 鈥� but may not even be aware of 鈥� with the rise of the Internet of Toys.

Dedicated hackers 鈥� both 听 and 听鈥� have proven they can take advantage of internet-connected toys that don't have adequate cybersecurity measures in place. That's raised听new concerns from security and privacy advocates who say toymakers and tech companies need to do more听to ensure that kids are properly protected now that Wi-Fi enabled toys are common playthings.听

While there's a long way to go, awareness of the security risks is a first step. Passcode, along with the Family Online Safety Institute and the Future of Privacy Forum, hosted an event this week to discuss how better to protect your kids and increasingly connected homes. , and here are five things we learned:

1. If your toy is hackable, your home may be, too.

鈥淭he power of connected devices is also, in some ways, their greatest weakness,鈥� says Julie Brill, a partner at law firm Hogan Lovells who was until recently a Federal Trade Commissioner.

Devices can use Wi-Fi to 鈥渢alk鈥� to each other, Ms. Brill points out, but those networks are only as strong as their weakest links. If hackers can get access to a toy, they could leverage it to compromise an entire network of connected devices in a person鈥檚 home. To help solve this problem in the future, she says, it鈥檚 possible people鈥檚 homes could have a type of 鈥渃ommand center鈥� in which consumers can find out how their devices interconnect 鈥� and insert their own privacy preferences.

2. Toys travel with kids. So do the privacy risks.

Parents might say they鈥檇 never personally choose to buy a certain toy if it was too risky from a security or privacy standpoint. However, notes Emily McReynolds, a program director at the University of Washington鈥檚 Tech Policy Lab, children bring toys to other people鈥檚 houses. So even the most privacy-conscious parent might find a connected toy on their home Wi-Fi network, or interacting recording conversations with their child, even if they didn鈥檛 approve it.

The intimate access toys have to kids鈥� lives, and their portable nature, raises a whole host of questions about notification and consent, Ms. McReynolds says. 鈥淗ow do we help notify the parents of the second house, or the third house?鈥� she says. 鈥淎nd where do you go for more information?鈥�

3. Some experts want the government to consider some minimum security requirements.听

Josh Corman, director of the Atlantic Council's Cyber Statecraft Initiative, wants some to see some sort of regulatory requirements for companies to implement to make their products more secure. As he puts it: "Some minimum hygiene听things."听

After all, he says, people aren't going to be experts in this stuff. But they shouldn't have to be.

"I don鈥檛 know how a commercial airline works or what questions to ask before I get on one. I just know I can trust it. Because it鈥檚 not a voluntary standard for minimum safety flight checks for aviation," he says. "There are some things in culture that are not optional.

鈥淎nd I think our default posture has been, let鈥檚 not interfere in the free market of the software industry. The one thing you鈥檙e not liable for on the planet is software. There鈥檚 no software liability laws.... With privacy there鈥檚 been some strides there and I鈥檓 really interested to see if we can piggyback off some of those.鈥�

4. There are some security-savvy connected toymakers taking precautions. Others may not know how.听

Donald Coolidge, chief executive officer of Elemental Path, says his company 鈥� which manufactures the talking dinosaur Dino 鈥� takes security and privacy concerns . Elemental Path encrypts information flowing both to and from the toy, he says, noting 鈥渢hat鈥檚 something other companies don鈥檛 do.鈥� That said, 鈥渢here鈥檚 always going to be ways to get into something,鈥� Mr. Coolidge says. That鈥檚 why his company works to anonymize the data, ensure it鈥檚 stored in multiple different places, and has opened its doors to ethical hackers to test its product.

But many companies also want to do the right thing when it comes to security, says Dona Fraser, vice president of the ESRB Privacy Certified (EPC) program, which helps companies comply with their local data privacy protection laws. However, she notes, 鈥渨hether they know what the right thing is, is another question.鈥�

5. Privacy policies need to be transparent, especially for parents

If you're in a physical store, says Ms. Fraser, parents may be more concerned about whether their children should have another toy than the privacy implications. That鈥檚 why the privacy policies need to be as clear as possible.

鈥淲hen you鈥檙e dealing with households like mine, where I have a niece and nephew who come out of the womb swiping right and left, to the grandfather who thinks a live stream is a wild river, there鈥檚 a huge gap in families where you have kids teaching adults,鈥� Fraser says. 鈥淎nd they鈥檙e not teaching them about privacy they鈥檙e teaching them how to use a device.鈥�

听