As the “Internet of Things” continues its deluge of persuasions for the new products “we simply must have” — among them, home security camera systems that work with voice-activated smart speakers and big-screen TVs with cameras and microphones that relieve us of all the physical demands of using a remote — have come a steady drip of alarming stories about hackers exploiting security lapses and of device manufacturers, themselves, collecting personal data for their own use and selling it to others.
Among the recent drips: Amazon’s Ring smart security system and its cameras have been the target of hackers who exploit security weaknesses and, in one case spied on a young girl in her room and used the device’s camera to harass the child, and in another made racist comments about a teen to his parents.
Hackers also are using lax security controls on camera- and microphone-equipped smart TVs to spy on families. Television makers have already been put on notice about their lapses in informing consumers about the technology. The Federal Trade Commission fined Vizio $2.2 million in 2017 for not informing consumers about the tracking software and ordered makers to require customers be allowed to opt-in to its use, The Washington Post reported in December.
It’s enough to make one consider stuffing cotton in Alexa’s “ears.”
Fortunately, there are more than a few state and federal lawmakers who are following these issues and proposing safeguards for consumers and the public.
At the federal level, U.S. Rep. Suzan DelBene, D-1st District, and U.S. Sen. Maria Cantwell, D-Washington, have proposed data privacy legislation. DelBene’s Information Transparency and Personal Data Control Act and Cantwell’s Online Privacy Rights Act, both seek to give consumers more control over the personal data that are collected by the internet-connected phones, TVs, home speakers and other “smart” devices that we’ve welcomed into our pockets and homes. Both bills seek to give consumers the choice of whether and what information can be collected and how it is used.
At the state level, state Rep. Norma Smith, R-Clinton, has proposed five bills that address those protections and more. Since joining the Legislature in 2008, Smith has been a leader and informed advocate on internet and consumer privacy issues, which included her work to the establish the state Office of Privacy and Data Protection in 2016.
In the short 60 days available in the session, Smith is seeking passage of legislation that better balances the rights that the public should have against those of manufacturers and others collecting consumer data and responsible for its security. The bills are:
House Bill 2364 would create a Charter of Personal Data Rights, allowing consumers to know what information a business has collected about them, request a copy of that file, correct and delete data and opt out of the sale of that data.
House Bill 2363 would provide more control over “biometric identifiers,” the geometry and other measurements used in facial-recognition software, establishing personal ownership of that information and directing the state Attorney General’s Office to set up a task force to further study the issue.
House Bill 1503 would require data brokers, those who collect and sell personal information, to register annually with the state’s Chief Privacy Officer and would additionally prohibit the fraudulent collection of personal data.
House Bill 2366 would make the Chief Privacy Officer a statewide elected position as early as the 2024 election, with the office keeping its current duties and responsibilities.
And House Bill 2365 would require that consumer devices sold in the state that can collect and transmit a user’s data carry an easy-to-recognize sticker — think Mr. Yuk for Data Privacy — that would alert consumers as to those devices and remind consumers to read the user’s manual and privacy statements and know what steps to take to protect their privacy.
Each piece of legislation has bipartisan support, and some have already been approved previously by House committees. In a recent Crosscut/Elway poll, 84 percent of Washington voters polled said they favored stronger consumer protections regarding personal data.
Some may question the need to make the state’s privacy office an elected position, but the move would elevate the visibility of the office and could give the position a better platform from which to inform the public about ongoing concerns and available protections.
All five bills would tend to improve the ability of consumers to be better informed about what is being collected and give people more say in what information they are comfortable and not comfortable in sharing with device manufacturers and others and what steps device makers are taking to limit security breaches and inform customers on how to protect themselves.
Consumers have every right to take advantage of the technological advances offered by smart devices. But, as with all tools, they can be abused, and those abuses sometimes come at the hands of hackers and manufacturers.
Consumers need better control of those tools.