Not so smart: Samsung's web-connected TVs capture conversations
Samsung's latest line of internet-connected 'smart' TVs capture conversations through its Voice Recognition software, before sending this information onto third-parties.
Not so smart: Samsung web TVs listen in on conversations
“Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features,” reads a brief extract from the policy.
“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party." The firm did not go into additional details on who these third-parties are, or how this data will be used.
A Samsung spokesman later told The Daily Beast: "Samsung takes consumer privacy very seriously. In all of our Smart TVs we employ industry-standard security safeguards and practices, including data encryption, to secure consumers' personal information and prevent unauthorised collection or use. Voice recognition, which allows the user to control the TV using voice commands, is a Samsung Smart TV feature, which can be activated or deactivated by the user. The TV owner can also disconnect the TV from the Wi-Fi network.”
Users can tell when voice recognition is activated because a microphone appears on screen, although deactivating the feature will likely impact on the TV's usability.
“If you do not enable Voice Recognition, you will not be able to use interactive voice recognition features, although you may be able to control your TV using certain predefined voice commands,” the policy reads.
"While Samsung will not collect your spoken word, Samsung may still collect associated texts and other usage data so that we can evaluate the performance of the feature and improve it."
One Reddit user compared this level of intrusion to George Orwell's critically-acclaimed novel, 1984, which predicts a time of state interference and surveillance.
Speaking to SCMagazineUK.com shortly after the news emerged, Jon Baines, chairman of NAPDO (National Association of Data Protection and Freedom of Information Officers), said that Samsung had at least detailed the data collection in its policy.
“I think people have become used to voice recognition software on their mobile devices and laptops, and perhaps don't realise that this will often involve their speech data being networked and sent to a remote server somewhere,” he said via email. “And whenever that sort of thing happens, issues about retention and reuse arise.
“I think what has happened here is that people are waking up to the realities of the "Internet of Things": if everything is connected, then so, potentially at least, are the details of our private lives. It's essential, therefore, that companies are open with users about what happens with their information, and that they are given simple means of opting in, and out, of applications which involve the transfer of their personal data.”
Kevin Epstein, VP of advanced security and governance at Proofpoint, told SC that this kind of data collection has happened for years, although this latest example could serve as a reminder of the Internet of Things.
"While this specific example of data collection is not outside the norm, the publicity it seems to be generating certainly serves as a good reminder of the need for security layers around -all- networked computing devices,” he said via email.
“Innocuous background data collection by systems vendors has been happening for years - from error-reporting in operating systems, to statistics on viewing in DVRs, to keystrokes on remotes (and yes, even audio snippets in speech-to-text systems).
“The concern, of course, is whether attackers could access these functions -- either as data in the vendor's central collection-point (less likely), or directly on the device (proven; there have been many, well-documented cases of hacked baby-monitors, laptop webcams, and the like). Regardless, there's clearly a need for additional layers of security and both enterprise and consumer protection.
“The amount of data this thing collects is staggering,” he wrote in a blog post. “It logs where, when, how, and for how long you use the TV. It sets tracking cookies and beacons designed to detect “when you have viewed particular content or a particular email message.” It records “the apps you use, the websites you visit, and how you interact with content.” It ignores “do-not-track” requests as a considered matter of policy.
He added on the microphone: “More troubling is the microphone. The TV boasts a “voice recognition” feature that allows viewers to control the screen with voice commands. But the service comes with a rather ominous warning: 'Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party'.”"
"Got that? Don't say personal or sensitive stuff in front of the TV."