In response, Theresa May announced a new initiative to give toys to school age children.
Smash up your kid's Bluetooth-connected Cayla 'surveillance' doll, Germany urges parents
Germany's Federal Network Agency, or Bundesnetzagentur, has banned Genesis Toys' Cayla doll as an illegal surveillance device. "Items that conceal cameras or microphones and that are capable of transmitting a signal, and therefore can transmit data without detection, compromise people's privacy," said agency president Jochen …
COMMENTS
-
Friday 17th February 2017 20:12 GMT Dwarf
"Items that conceal cameras or microphones and that are capable of transmitting a signal, and therefore can transmit data without detection, compromise people's privacy," said agency president Jochen Homann in a statement. "This applies in particular to children's toys. The Cayla doll has been banned in Germany."
Presumably Xbox, iStuff, Windows 10, Alexa and all the other voice activated junk is on the list behind Cayla and they will announce those next week ?
After all, they all do the same thing and are all used by children.
-
-
-
Saturday 18th February 2017 19:49 GMT John Brown (no body)
Re: @ Dwarf
"Isn't the problem what it does, rather than the way it looks ?"
Not exactly. According to the article "Germany's network watchdog said any toy capable of transmitting signals and surreptitiously recording audio or video without detection is unlawful." To me, that says it's fine so long as there's some indication of when it's operating, listening, sending data,
-
-
Sunday 19th February 2017 07:03 GMT Nolveys
Re: @ Dwarf
The new model addresses this concern. When it's operating it's eyes light up; when it's listening, its ears twitch; and when it's sending data it looks constipated.
The one I gave my daughter is spinning its head around, projectile vomiting and suggesting unwholesome activities to be done with Jesus. Should I call tech support?
Oh wait, that's just the Theressa May doll. Never mind.
-
-
Sunday 19th February 2017 08:21 GMT big_D
Re: @ Dwarf
@John Brown exactly. If her eyes lit up red, when she was listening, then it would be fine.
The other services mentioned all make a tone, when they start listening and give a visual clue to the fact they are recording voice.
That said, Alexa has only just started shipping over here, in Germany, and it is likely to meet some resistance. Certainly my wife won't let anything like that into the house.
-
Monday 20th February 2017 03:16 GMT Anonymous Coward
Re: @ Dwarf
So, how would that work in the present case? A simple red light on the doll might be a bit creepy (especially if it were the eyes!). But it does have voice capability (I believe), so it could vocally warn when it's in "data collection" mode.
Um, something like "Smile, Snookums! You're on Candid Camera!" :-D
-
-
-
Monday 20th February 2017 13:16 GMT not.known@this.address
Re: @ Dwarf
Might not be disguised, but after months of my frequent moaning and whining about how those things have permanently live mics my missus had a very audible demonstration of how sneaky the things are when her phone suddenly says "I'm sorry, I didn't catch what you said" from INSIDE her handbag on the other side of the room.
So not only are they always listening but they are worryingly sensitive too... at least, worrying if you value any sort of privacy.
-
-
Saturday 18th February 2017 02:49 GMT a_yank_lurker
@ Dwarf also
There is also a major difference in expectation. While I despise Bloat 10's Spyware-as-a-Service model it is an OS for computers. One would reasonably expect the computer to connect to the Internet and that would some communication back to the mothership even if only to get updates and patches. Cayla is a doll marketed at children who should not be expected to understand privacy implications of the device when most adults have problems understanding these issues.
-
Saturday 18th February 2017 09:21 GMT Dwarf
Re: @ Dwarf also
Cala does voice processing, as do all the rest (Siri, Alexa, Cortana), so there is no difference. All of them are listening and shipping it back to the mothership for processing.
Children use Xbox, iStuff, etc, so again it's the same argument.
It makes no difference the age of the consumer, since adults will have purchased all of them, even if they are subsequently given to children to use.
-
-
Saturday 18th February 2017 10:52 GMT Mage
Google, Amazon, Apple, Microsoft.
Mattel has an evil "parenting" gadget like Echo.
Google TV certainly breaks this law. People are better NEVER connecting Smart TV to Internet, but using PS4 or some media box for Netflix etc. Most Smart TV makers seem to have abandoned their own GUI for Google's Android TV, which apart from being spyware, is a rubbish UX for TVs.
1984 was really about 1948 politics. However Orwell would be amazed that every democracy has allowed the Corporate "Big Brother" spying on their citizens via Browser stats, web cookies, clear pixels, javascript etc on the Internet as well as evil IoT personal data monetising products, Facebook (a dictator's wet dream), Echo, Spot, Siri, Chrome Browser, Chrome OS/Chrome Book, Android wearables, Android on phones, iOS, Windows 10, Android TV and etc.
-
-
-
-
Saturday 18th February 2017 00:46 GMT Anonymous Coward
'They could just remove the batteries.'
* One day the neighbours kid comes over and puts the batteries back in. They even connect your Smart TV to the internet. Six months later you notice but by then its too late! Overall, your thinking is delusional... Its a fake sense of control that's all.
Is globalisation to blame for shipping IoT products devoid of consumer input...? Maybe, but the more pressing question is, will there eventually be a populist backlash to IoT products including Win-10 slurping + Android Smartphone spying???
-
Tuesday 21st February 2017 10:01 GMT RAMChYLD
Re: 'They could just remove the batteries.'
If you want to go the extra mile, you can take her apart and rip the microphone, camera and circuit board out, then put her back together.
If this thing is anything like those Smart Toys Mattel put out tho, the battery is non-removable. You may need screwdrivers with a proprietary head as well as a pair of wire cutters to gut the thing.
-
-
Friday 17th February 2017 21:13 GMT Rol
Aiding and abetting!!
Just take these feckless gimmick pushers to court and charge them with aiding and abetting paedo's.
Time in jail, or bludgeoned into liquidation with a sledgehammer fine, would have them rethinking their ill-thought-out stumble into connected devices.
It is a crime to assist criminals. We don't need any clarifying legislation. We just need the authorities to use the tools society have allowed them to just get on with the job of punishing every firm for implementing inadequate security and thus leaving their customers open to all manner of criminal attack.
-
-
Saturday 18th February 2017 10:53 GMT John Smith 19
"charge them with aiding and abetting paedo's."
I hate to say this but just for once that TOTC BS could actually be useful.
And let's be honest what sort of people want to mass compromise a doll mostly aimed at young girls?
A) People wanting to build the next IoT botnet.
B)People with a keen interest in young girls.
Some of those might be boys their age but what are the odds they are not?
-
Saturday 18th February 2017 12:58 GMT Anonymous Coward
Re: "charge them with aiding and abetting paedo's."
These dolls will not stay in the girls' rooms. They'll drag them along, one moment in the living room, the next in the car, then to relatives and friends of the parents... therefore:
C) Anybody with enough criminal energy to spy on a family, their relatives and friends
D) Theresa May, who is busy doing away with human rights and replaces them with surveillance bills already
-
-
-
Friday 17th February 2017 22:20 GMT Anonymous Coward
Re: Thanks for nothing, TECHNOLOGY
TESTIFY, Brother! We still do not have; flying cars, quantum computer wrist-wearables, ubiquitous self-moving sidewalks, full steak and potatoes dinner reduced to the size of a pill and served on a normal sized plate with a knife and fork for some reason, personal jet packs, robot fish, robot cat that is better than a real cat, robot girlfriend, robot wife, robot ex-wife, another robot girlfriend that is not the same as the first one I just mentioned, an iPhone that does not cause people to hate it if they don't want one merely ignore it, a bidet that does not confuse Americans, cure for baldness AND cure for unwanted hair all in one product! Let's say in an easy to insert suppository, why not?
-
Saturday 18th February 2017 20:31 GMT ecofeco
Re: Thanks for nothing, TECHNOLOGY
No kidding DNTP. We could have had solar system colonization and instead all we got was video games and fancy phones and the mighty waterfall of the shit spewing Internet.
In others words, consumer tat crap. Yet everyone thinks this is the coolest shit eva!
-
-
Saturday 18th February 2017 00:30 GMT Anonymous Coward
"offers no special risk"... "there is no reason for alarm"...
That's the manufacturer's take... More or less sums up the chaos that's IoT! And look its another student raising the alarm, just like Schrems.. Not the regulator.... They're doing little along with politicians etc.
Overall I no longer believe this is accidental. I think every manufacturer wants in on 'spinal chord uplink / download'... Why? There's no margins making products anymore (thin scrapings on TV's etc).
Every company / corporation wants to be like the golden boys in the room namely Facebook & Google. That's where the money's at. And they can only get to it by getting in on the snooping game. That's why both Samsung and Philips announced forced Ads on their old and new TV's in 2016. All the while unsure if its 100% legal in the EU, but not bothering to ask first either.
Windows-10 slurping, Android Smartphone permissions, Smart TV Ads/Spying, now this. When is the pushback coming consumers??? The retailers and media are just as much to blame. They're willing zombies for the tech companies. 2017: Still no Linux / Foss options in stores etc.
-
Saturday 18th February 2017 08:17 GMT Anonymous Coward
Cayla -- the one we know about!
But here's the thing -- has this type of technology been hidden in mains powered consumer devices without our knowledge? Does the IoT kettle phone home all the conversations in the kitchen? Does the Nest thermostat phone home video from the bedroom? If yes, can the phoning home be intercepted by the much publicised "bad guys"?
I thinks we should be told!!
-
Tuesday 21st February 2017 15:17 GMT DropBear
Re: Cayla -- the one we know about!
No idea. But in totally unrelated news, I'm just launching a startup selling a gizmo that just sits quietly in the corner and detecting wireless transmitters in range that aren't the ones it knows about (your phone etc.) - wanna get in on the ground floor...?
-
-
Saturday 18th February 2017 08:39 GMT SVV
Internet of Things
Isn't this exactly the sort of thing that tech companes and, yes, tech journalists have been tediously hyping of late? And so every damn thing you buy will have this sort of tech in it, be hackable (because the idiots making it won't care a damn thing for security if there's quick easy money to be made) and send every damn thing it sees or hears back to some large data slurping company or other, as well as governments who want to slurp it all too.
Personally I'm happy to be called a luddite, for not being prepared to toleratew all this for the sake of having the latest new shiny stuff.
-
Saturday 18th February 2017 11:13 GMT TheProf
Horse stable door bolted
Germany's Federal Network Agency waited until hundred/thousands/millions of these toys were sold before they decided to ban them?
Shouldn't the powers that be be stopping these toys being imported and sold in the first place?
I mean it's not as if the EU doesn't have a huge number of regulations and staff to see they are complied with. Someone should have noticed that the toy has a wireless transmitter built into it and asked what it's for.
-
Saturday 18th February 2017 12:40 GMT Mage
Re: Horse stable door bolted
"it's not as if the EU doesn't have a huge number of regulations and staff to see they are complied with."
Actually, no. CE marks are not issued by the EU. It's also the responsibility of individual governments to inspect what is on sale to the consumer. In many cases the "regulator" or department is "captured" by big business (Comreg, Ofcom, Irish Finance Regulator and Anglo Irish Bank and many more).
The issue is not the EU, but deliberate obstruction by Governments, who often make fake claims about what the EU is demanding (which in any case is decided in the first place by the Member States.). UKIP and fellow travellers are making UK LESS consumer and privacy friendly.
-
-
Saturday 18th February 2017 12:16 GMT Graham Cobb
Regulation is required
Consumer protection regulations, with significant penalties, are needed. Any devices (not just toys) that don't meet the following should be classed as illegal surveillance devices:
1) All recording or monitoring (even locally on the device) of audio or video must be very clearly highlighted on packaging, and explained, and must be able to be fully turned off (no further monitoring at all, even for the activation command, until it is turned back on again), with a parental control lock to prevent re-enabling by children if the parent has turned it off.
2) Any feature which can send audio or video (live or recorded) anywhere outside the device must require a locally processed activation command to initiate the recording/sending. This might be a spoken command (such as the name of the device), processed locally, but it could also be something like a button on the device or a menu item. The recording/sending must be for limited time (less than 1 minute, maximum duration explained on the packaging).
3) Activation must not be possible remotely (even for law enforcement or "safety" purposes) - it must require a local user interaction.
4) There must be feedback to people in range of the collection (e.g. an led or an icon on a screen) whenever the device believes it has received the command and so is recording/sending audio or video.
If someone like the EU took the lead on this, then it is likely that these very reasonable protections would become generally accepted standards.
-
Saturday 18th February 2017 20:57 GMT Ken Hagan
Re: Regulation is required
"3) Activation must not be possible remotely (even for law enforcement or "safety" purposes) - it must require a local user interaction."
I think all four of your suggestions are reasonable and should be taken up. However, I'm pretty sure I've read that mobile phones do not meet this third requirement. Therefore, this may be one that we have to compromise on in the short term.
-
Saturday 18th February 2017 21:14 GMT John Brown (no body)
Re: Regulation is required
"If someone like the EU took the lead on this, then it is likely that these very reasonable protections would become generally accepted standards."
Sadly for the UK, that would take more than two years and so likely not be implemented here. If by some miracle it did pass before Brexit, I have no doubt that whoever is Home Sec at the time would rescind it along with all the other "red tape" that the EU has "foisted" on us.
-
Saturday 18th February 2017 18:32 GMT sysconfig
Expectations
If big companies who earn money with coms and networking (in the broadest sense) struggle to keep their stuff secure (TalkTalk, I'm looking at you, but not only at you), how on earth can anybody think that some random company from far far away can and will keep their cheaply produced IoT stuff secure? Even if it was secure at time of purchase, who is going to update their daughter's doll? I mean seriously.
They did the right thing in Germany; the ban won't help much, but it raises awareness of the risks. It's a start, and goes quite in the opposite direction of what's happening here in the UK (as pointed out by someone else before).
This whole Internet of Trash is going to blow up in all our faces, if it hasn't already (depending on what gadget you have bought or intend to buy, or what is forced on you).
-
Tuesday 21st February 2017 07:00 GMT Anonymous Coward
Take it apart
Problem solved.
Better still, some enterprising hacker should figure out what makes it tick, and trace all the circuitry to see if its all just hype or not.
Interesting factoid, if you work for TLAs you can now get smoke detectors which "look" exactly like the real thing and even detect smoke/heat but have a small 1080p camera hidden inside them.
It can be set up to store data on a sanded off memory IC, etc and onetime pad locked so even if someone finds the thing the data is unreadable, sending its stored data via a randomized FHSS radio link at around 1.42 GHz synchronized to the use of RF-noisy devices such as domestic microwaves.
The chip used is one or more 8 pin Flash chips possibly a 512Mbit version but the micro compresses the data while XORing with the onetime pad so that represents several tens of thousands of images.
The camera is hidden inside a relatively normal looking bicolour clear LED which doubles as the "activity" light for alarm so you won't detect it but shining an IR camera at it got an abnormal response.
In this case the centre pin is encoded video out 0.3V p-p with non standard sync pulses to defeat camera detectors.
The worrying thing here is just how many of them are out there. When I discovered this and mentioned it online with pictures of the offending unit(s) the hall alarm mysteriously got changed a few days later for (presumably) a better unit because the 3/4G/Wifi interference went away and has not returned since.
Checking with counter revealed nothing, although I did find part of it disposed of in a tray where the fire book sits and they denied all knowledge when asked if they wanted it back.
-
Tuesday 21st February 2017 08:26 GMT Charles 9
Re: Take it apart
"Interesting factoid, if you work for TLAs you can now get smoke detectors which "look" exactly like the real thing and even detect smoke/heat but have a small 1080p camera hidden inside them."
1080p? That's an improvement over the one I found at Amazon a couple years back. That only had 600TVL. Anyway, you don't have to be in a TLA to find such a camera. And yes, they ARE working smoke detectors, too.
-
Tuesday 21st February 2017 15:18 GMT Charles 9
Re: Take it apart
"Better still, some enterprising hacker should figure out what makes it tick, and trace all the circuitry to see if its all just hype or not."
And once you find out that the device is equipped with suicide circuits such that defeating the telemetry bricks the device?
And then you find out they're standard equipement in all the devices you can find in the store and online these days?
-