Samsung had to admit the design failure after security researchers discovered it in the wake of all the other Samsung stories published last week. Samsung told the BBC that a firmware update will add encryption, but the damage is done: Should consumers believe it takes privacy seriously? Sen. Al Franken (D-MN) isn’t so sure, and he vowed to investigate last week
Am I just being paranoid, or do you also dislike the idea of your living room chatter being recorded and sent off to unknown “third parties?” Don’t answer that.
In truth, this is just lawyerspeak. Samsung and its partners don’t want to hear about your Aunt Ethel’s health problems, and they don’t want to listen in on your makeout sessions. Really, I believe that. Any gadgeteer working on systems like these, which are tricky and usually clunky, wants to know how they are being used any how to improve them. Of course. A very responsible lawyer forced the firm to include that disclosure in the interest of completeness. It sounds worse than it is.
Until, it isn’t.
Recall that every record stored in any computer anywhere can be obtained by law enforcement, or really anyone acting on behalf of a court of law. Forget Ed Snowden and super-spooky FBI software monitoring phone calls. The FBI can simply ask Samsung, or its “third-party” suppliers, and obtain records of what happens in your living room. So can (until someone proves otherwise) folks investigating civil claims, such as…..divorce lawyers. Those makeout sessions would be of plenty of interest to them.
“I totally can see the FBI or others approaching Samsung … probably without thinking there’s any need for a warrant .. and saying they were after a ‘bad guy’ and ‘asking’ for that data,” said a former colleague of mine, Steve White. He is now president of White Marsh Forests Inc., a firm working on machine learning technology. “Happened regularity at MSN…MSNBC. Now I’m staring warily at my Samsung laptop.”
To be clear, it’s settled law in the U.S. – any information you share with a “third party” private company can be obtained by law enforcement. You surrender any expectation of privacy once you disclose something to a corporation, or any third party. It’s the biggest end-around in American privacy law.
Don’t blame Samsung for this. It’s just telling the truth. I hope you are now wondering about any other gizmos you have invited into your home that watch you. Smart thermostats? Internet-enabled crock pots? Yup, these things can squeal to anyone about you. They can relate when you come home at night and plenty of other very personal details about your life. Any technology that watches (or listens) to you creates a record that can be used against you. Even if you are in the “privacy” of your own living room. And our living rooms (and bedrooms) are about to be inundated with this stuff under the friendly name of the “Internet of Things.”
The problem is the law. Of course Samsung should be able to see how its technology is working, and be able to learn from real-world uses. We just need to pass laws that make it expressly, unequivocally illegal to use that information for anything other than its intended purpose, and require that it be permanently deleted as soon as that intended purpose is complete. Notice, I didn’t say the data should be anonymized, because (if you’ve been paying attention), it’s really hard to anonymize data. It needs to be deleted. The privacy of 100 million living rooms shouldn’t be up for grabs so law enforcement might have a slightly easier time catching a criminal every once in a while. That’s not the way America should work.
Thanks, Samsung for helping me feel a little less paranoid. And hopefully making a few more people feel a lot more paranoid.