Sarah Dobbs investigates the technology that's checking up on you
Anything you say in the safety of your own living room is private, right? Not so fast. Your sofa might not be as private as you thought; even once the kids are in bed, there could be someone listening in. Yup, your most prized possessions, your gadgets, might be spying on you.
Over the last week or so, you might have seen a worrying screencap retweeted into your Twitter timeline. Originally posted by Parker Higgins (@xor), the tweet juxtaposed part of Samsung's smart TV privacy policy with a passage from George Orwell's Nineteen Eighty-Four. In case you missed it, here's what Samsung has to say about its tellies:
"...Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features. Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition." (You can read the full privacy policy here, if you're so inclined: www.samsung.com/uk/info/privacy-SmartTV.html).
The Orwell quote it was being compared to was about the 'telescreens' installed in every citizen's home, through which the Thought Police could listen in on people's conversations. Now, any time there's ever an internet privacy controversy, poor old Orwell tends to get dragged in, but here the comparison looks particularly apt. The idea that someone, somewhere - a mysterious 'third party' - can have access to all your personal conversations just because you chose to buy a Samsung TV is pretty terrifying. It doesn't seem legal, but the privacy policy doesn't seem to leave much room for misinterpretation.
Lots of news organisations have picked up on the story since that tweet, and Samsung has been called on to explain what's going on. So what is going on, and how scared should you really be?
Taking Privacy Seriously
If we take a step back and think about this rationally for a moment, Samsung's policy more or less makes sense. Smart TVs use voice recognition technology so users can control their TVs by talking to them, but in order to recognise and act on voice commands, the television needs to be 'listening' to any conversations going on around it.
However, that doesn't mean there's someone on the other end listening to you moaning about your crappy day at work every night. Most of the time, it turns out, the TV is lying pretty much dormant. When it 'hears' a command, it'll pop up a notification on screen to let its users know it's listening for further commands. Usually, that's when you'd use the command to change the channel or turn the volume up or whatever other basic change you might want to make to your TV.
So why would Samsung need to transmit any data to a third party? Well, because its smart TVs can do more than just respond to the most basic requests: as well as what it calls "imperative voice control", which is just a series of pre-programmed commands, there's a voice control mode called 'interactive voice control'. That's the mode that lets users be a bit more chatty with their TVs. According to the instruction manual, you can ask things like 'Is there anything interesting on tonight?' or get your smart TV to search Google for you. In order to process those kinds of questions, though, voice data is transmitted over the internet to a third-party server, where the words are recognised and analysed in order to give useful results to the user.
That all sounds much more reasonable than that privacy policy initially made out, doesn't it? Samsung has been quick to answer media enquiries about the whole debacle, telling the Guardian that "Samsung takes consumer privacy very seriously. In all of our smart TVs, any data gathering or their use is carried out with utmost transparency, and we provide meaningful options for consumers to freely choose or opt out of a service. We employ industry-standard security safeguards and practices, including data encryption, to secure consumers' personal information and prevent unauthorised collection or use."
In other words: take a deep breath and calm down, guys. It's not as scary as it sounds.
Is Your TV Watching You?
Don't relax completely just yet, though. Because while your smart TV might not be recording your every conversation, it may still be tracking you in other ways. And we're not just talking about Samsung TVs here either. Most new televisions have a whole host of features that are either incredibly useful or slightly creepy, depending on your mindset, and depending on how the data they collect is used.
For example, a lot of smart TVs have facial recognition systems built in. That means they have cameras installed that can identify faces sitting on your sofa in front of them and identify who they belong to. It would be easy to dig out another quote from Nineteen Eighty-Four here and imagine some shadowy entity sitting in an office building somewhere checking who's watching what on their TVs. But actually, the facial recognition feature is pretty limited. It's used as an alternative login for smart TVs that have separate user accounts built in, so you can log in by looking at the camera instead of typing in your username and password. And all the data needed to make this feature work is stored locally, on your TV and not transmitted anywhere else.
So if your TV's not checking your face to see how much you're enjoying the X Factor finale, you can indulge in all sorts of crap TV without worrying about who's judging you for it, yeah? Maybe not. Because your smart TV is almost certainly tracking what you're watching, even if its camera is turned off. Data about what channels you've watched, what movies you've downloaded or streamed, and other apps you've used on your smart TV will all be collected and used to build a profile of your TV using habits. Feeling creeped out again yet? It's about to get worse...
Because You Watched
In the same way that data on the websites you visit is stored in cookies and used to serve you personalised adverts while you're browsing the web, data collected by your television may be used to serve you personalised content. That can be useful, of course. If your television knows what you like to watch, it can offer you recommendations based on that.
It can also serve you personalised advertising. Not during the breaks in The X Factor, of course; we're not quite there yet, but you might find that adverts appear on your smart TV's home screen, based on what you've watched recently. A massive investigation carried out by Which found that not every kind of smart TV served ads (Sony doesn't, for example), but most other brands did.
Most of us can shrug off personalised adverts by now; they've been around online for too long. But sometimes, some companies are going too far with what they track. In 2013, IT consultant Jason Huntley decided to dig into what his LG TV was tracking after he noticed he was being served targeted advertising. He discovered something alarming: not only was his TV transmitting all sorts of info on what he was watching, unencrypted, back to its own servers, but it was also harvesting information on the files he had accessed on a USB hard drive plugged into his TV. That meant information about his children had been sent off, without Huntley's knowledge or permission, into a company's database, just because he'd watched a Christmas video on his TV from an external hard drive.
Even more disturbingly, although Huntley found the option to switch off his TV's 'collection of watching info' setting, it continued to transmit data on what he was watching. There was no way to opt out; his TV carried on tracking everything he watched regardless.
Huntley got in touch with the ICO (Information Commissioner's Office), who opened an investigation into whether LG had broken the Data Protection Act. He also complained to LG, who responded by issuing a software patch to its smart TVs that both turned off the tracking of external files and made sure that the opt-out button actually worked. Still, though the issue might now be resolved, it's a bit scary to think that your gadgets might still be tracking you even when you think you've opted out.
It's Not Just Your TV
Although recent coverage has focused on one particular brand of smart TVs, it's worth pointing out that a lot of our gadgets have the capacity to record our speech. Voice control has become more popular than ever recently, and almost every piece of technology you come into contact with can use it. Whenever you're thinking about investing in something that can take voice commands, it's worth checking out the privacy policy to see whether you're happy with it.
In most cases, companies are far more reassuring than Samsung was in its policy. Microsoft, for example, takes great pains to explain that if you use voice commands with your Xbox One and Kinect, it's unlikely anything personal will be captured. Although the system will transmit examples of speech, it focuses solely on voice commands, and samples of your voice will only be used by Microsoft to improve its speech recognition technology. (There's a way to opt out too, if you don't even want it listening to how you say 'Grand Theft Auto'.)
One gadget you might want to be particularly careful of is your mobile phone. Obviously, phones are tailor made to transmit voice data - that's what they're for - but now we're all carrying around mini-computers in the form of smartphones, there may be ways your data is being used that you're not entirely comfortable with.
Most smartphones come with some kind of virtual assistant now: if you have an Apple device, it's Siri, while for Android users it's Google Now, and for Microsoft Phone users, it's Cortana. These assistants can be useful in all kinds of ways, from remembering appointments to keeping track of your shopping list, but you need to hand over a significant amount of personal data to get the best out of them. And again, it's worth digging into the privacy policies and various permissions and settings associated with each of them to make sure you know what you're getting into before you do it.
Siri, for example, stores user data anonymously in Apple's servers and keeps it there for up to two years before its deleted. Cortana will pull in information from your emails and Facebook account to help you remember important things, but it can be set not to, if that freaks you out. And if Google Now seems to know too much about you, you can turn off certain settings. For example, if you tell the app your main method of transportation is driving, it can generate maps of where you parked your car, but if that's too weird, you can switch it off, along with other location-specific features.
Security Concerns
Even if you're prepared to trust the various technology companies you've bought from to only use your data responsibly and for purposes you've agreed to let them, there might still be something left to worry about.
Over the last few years, we've seen several big companies get hacked, and personal data has been stolen from all sorts of sources you'd expect to be impenetrable. The recent Sony email hack is one such example, or think of the Heartbleed bug, which meant that even seemingly secure websites were left vulnerable. The completely benign intentions of your TV manufacturer might turn out to be irrelevant if all your data ended up getting hacked.
I can't imagine any hacker on earth having the time to listen to all the inane conversations I have in front of the telly in order to find something incriminating, but who knows? There are lots of things we might talk about - names, addresses, dates of birth, passwords, maybe even credit card numbers - when we think we're not being listened to by strangers.
It's not just hackers we need to worry about either. In 2013, it emerged that the US National Security Agency had been accessing information from all sorts of sources, including various tech companies, to monitor its own citizens' communications. Without a warrant. Exactly what was and wasn't accessed is still unclear, but if emails, online searches and phone calls could be intercepted and searched, why would voice data collected by televisions or games consoles be any safer? Think about it too hard and you might find yourself yearning for a tin foil hat. Or maybe a tin foil roof.
Let's Get Paranoid
The reality of the modern world is that we're all being tracked, all the time, in all kinds of ways. There are security cameras all over the place (one per 11 people, on average, in the UK), and if you want to get the best prices at your local supermarket, you probably let them track your buying habits via a loyalty card too. For the most part, we've learned to accept it and ignore it.
When tracking gets creepy is when we don't realise it's happening or when we don't know what's happening to the data. That's really why the Samsung privacy policy scared so many of us so much. We don't like to imagine someone listening in when we didn't give them permission to, especially when they're a 'third party' we can't even identify. What Samsung and every other company needs to learn from all this controversy is that they need to be more transparent about what's happening; ideally, if your TV is going to be recording your conversations, you need to know about it before you hand over your money. And there also needs to be a way for people to opt out. There might be a trade-off, in terms of which features you can use if you don't want your data collected, but we need to be allowed to make those choices for ourselves, rather than having them inflicted on us.
Don't Worry About Facebook
Got deja vu with all this talk of gadgets listening to your conversations? That might be because last year there was a similar controversy over an update to the Facebook app. A new feature called 'Identify TV and Music' was rolled out. The idea was that Facebook could automatically add information to users' status updates based on background noise. That was worrying for obvious reasons: in order to identify what music you were listening to or what TV show you had playing in the background, Facebook would need to use your phone's microphone to eavesdrop on you. Yikes.
After some investigation, though, this feature turned out not to be so sinister after all. For one thing, it was an opt-in feature, so any freaked out by it didn't have to switch it on. For another, the app would filter out any background conversations that it couldn't identify as being part of a TV show or song and focus only on the copyrighted stuff. And for another, it wasn't listening all the time: the app would only capture 15 seconds of audio when a user was actively writing a status update. So that's probably okay, then.
How To Opt Out
The recent press about smart TVs spying on you at all times might have been slightly overstated. But there are still reasons to be genuinely concerned, so if you want to switch off as much of this monitoring as you can, here's how to opt out:
• Opt out on your TV:
The exact location of the option to turn off voice recognition varies from one brand to another, but your best bet is the privacy section of the settings menu. If you're feeling extra paranoid, you could turn off your TV's ability to connect to the internet by disabling its wi-fi connection, although that will mean you can't actually use it as a smart TV any more.
• Opt out on your games console:
To turn off collection of voice data on your Xbox, open the Family settings and go to Privacy. On a PlayStation 4, the option you're looking for us under the System menu in Settings.
• Opt out on your mobile:
This is the really tricky one, since you'll need to keep on top of every app you install, as well as your basic phone features, and you may not be able to revoke specific permissions for an app; it might just be a case of choosing whether or not to use something. So whenever you install something, check what it has access to. For Android phones, you can do that in the Apps section of the Settings menu. Google Now can be turned off in Google Settings, while Siri can be disabled by going to Settings > General > Siri and then tapping the switch to turn it off. Windows users can turn off Cortana by going to Settings > Applications > Cortana.
• Opt out on your laptop:
It feels paranoid to mention this, but it is possible for both hackers and security agencies to access your laptop's webcam without you knowing about it. The easiest way to fix that, if you're worried, is to put a sticker over the lens when you're not using it.
Most web browsers also offer a Do Not Track setting, which means your online activity won't be captured by websites for the purpose of serving you advertising. In Chrome, for example, you'll find that under Settings, Advanced Settings, Privacy. Other than that, you'll need to be careful about programs you install and websites you visit.