In "Terrified of My New TV," Michael Price,counsel in the Liberty and National Security Program at the Brennan Center for Justice at NYU School of Law, focuses on the camera and microphone in his new Samsung smart TV. Ostensibly the features are useful for gesture- and voice-control of the device, for Skype, play-along games and other Internet-delivered features.
But Price is most concerned (quoting that lengthy privacy disclosure) about their ability to "log where, when, how, and for how long you use the TV" and "tracking cookies ... to detect when you have viewed particular content ... and how you interact with content.” He notes that the camera can be used for facial recognition and that the microphone can capture "your spoken words ...[and] other sensitive information" that can be "captured and transmitted to a third party.”
Got that? Don’t say personal or sensitive stuff in front of the TV.
In particular, he frets that privacy disclosure explains that the camera and microphone can be "live" even when viewers aren't aware of them or even using their TV set. So be careful what you wear and say and do in front of your smart TV, Price concludes.
Samsung's sets are not the only devices with such features. Every major TV maker is offering such capabilities in comparable sets, although we haven't seen their privacy disclosures.
From a business perspective, the data collected can be a splendid way for TV makers on their own or in collaboration with operating companies to track what viewers are actually doing in front of their TV monitors. (I'll pause for a moment while you purge those nasty thoughts.) The camera can observe how intently you are paying attention to the show, the mike can overhear the chatter among family and friends about the storyline.
These are valuable research features that give TV makers information they have never known about their customers. They also provide more intimate research capabilities than Nielsen, comScore or any other viewer measurement service has ever been able to provide. Hence they offer enormous value to program creators and distributors.
Of course, they are incredibly invasive. And the 46-page policy manual (as if anyone would read it except a privacy attorney) does little to inform viewers how or what personal data would be swept into the cloud for infinite future analyses.
The possibilities become more real when you consider the flirtations that Samsung, LG, Sony and other smart TV manufacturers are establishing with service providers. Even without cable operators, the process can become a privacy time bomb.
What will Sony's new PlayStation Vue broadband over-the-top service explore when its PlayStation (serving as a set-top box) is hooked into a smart TV? It may be great for gesture-controlled navigation, and it also will be useful for tracking viewership. Comcast and Samsung have negotiated relationships on several levels, although neither company has anything to say now about collaborative plans to exploit these research capabilities.
For its part, Samsung responded to my query with a boilerplate acknowledgement:
"Samsung Electronics takes the privacy and security of consumer data and information very seriously, and we urgently address any concerns or issues identified. Specifically for our Smart TV platform, we work to ensure that the personal data of our consumers remains secure and our products are not privy to hacker vulnerabilities," the Samsung spokesman continued. "We monitor security risks in our Smart TV platform to make sure that our existing products meet the latest security standards and new products are inoculated against malware and other risks. Further, we work with security experts, organizations and developers to proactively adapt security protocols to any risks that may arise in the future."
Such reassurances are comforting. And almost believable - if you expect that software will never be hacked or that big-data processing capabilities will never be used to assess your viewing patterns.
Samsung, of course, is not alone on this emerging privacy battlefield. It merely had the misfortune to be the TV of choice for a testy NYU privacy professor.
Beyond the embedded security issues that this discussion raises, there are larger concerns that cable operators will face as smart TVs come into more homes. The hoary question of "who owns the data" (i.e. the smart TV set maker or the carrier that transmits it into/out of the home) is preeminent, but so are questions about who should inform viewers that their every move and word may be captured and processed.
When I re-posted the NYU Law blog on my social media, a torrent of comments (mostly from savvy business colleagues) speculated on what happens next.
Some commenters believed that the smart TV set with image/voice capture features is no different from a desktop computer or phone/tablet that can do the same thing.
Others insisted that customer expectations are vastly different, based on 65 years of experience in which a TV set has been a totally passive device, not one that quietly gathers and transmits your personal information.
Several talked about "context," such as a camera and microphone in your bedroom that were never part of the TV set equation.
One IT entrepreneur even wondered if there will be "a low enforcement interface that allows the facial recognition system on the TVs to look for known and wanted felons."
While it may be possible to "defeat" the camera and microphone with a strategically placed piece of tape over the offending "capture" features, if the TV is smart enough, it could turn off all functions until you restore its "eyes and ears."
More pertinently, the process has really just begun. The temptation to use the "good" functions (audience measurement, advanced interactive services) will likely be tempered by perceptions about the "bad" features (privacy invasion).
Gary Arlen analyzes media and telecom issues at Arlen Communications in Bethesda, MD. Reach him at www.Arlencom.com.