I take security and privacy issues seriously, but sometimes I despair when news stories such as that regarding Samsung TVs eavesdropping on private conversation explode across the media as happened last week. The reason for my despondency has less to do with the data privacy debate and more to do with the human stupidity one. That said, let's get the technical bit out of the way first.

The privacy scare story kicked off after someone, eventually, noticed that privacy policy relating to Samsung smart TVs included the line: "Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition." This triggered a veritable tsunami of panic amongst the apparently easily panicked that their inane ramblings with the dog were being recorded by 'someone' and this data could somehow then be used to their detriment. Some particularly dense blowhards even made the connection between this statement and the Edward Snowden revelations, concluding that TVs were being used by The Powers That Be in the war against terror. I can only assume they were wearing tinfoil gloves as they typed their concerns across social media channels.

Here's the thing though, if you've bought a 'smart' television do you actually think it is a self-contained intelligent organism? How do you think it figures out what you are searching for when you use the voice search function, and returns recommendations for stuff you might like to watch? It's not done by magic, it's done by technology. Your voice commands are heard by a microphone in the remote control unit, and in the case of simple functional commands are dealt with in situ by the TV. However, more complex interactions such as searching for programs to watch or asking for recommendations involve a process of data analysis via a remote server across the Internet. These certain interactive voice commands are only collected and sent to that server, operated by Nuance Communications in the US which makes speech recognition software, when the relevant voice button is pressed on the remote. Nuance translates the voice commands into text, text which enables the command request to be fulfilled. Like pretty much all speech recognition software, your spoken commands will be collected and analysed in order to improve performance - just as your smartphone or tablet will do. This is NOT the same as your telly monitoring your private conversations, so get over it and move on.

Could Samsung have done a better job with the privacy policy wording? Sure. Could it have designed a better method of letting users know exactly when the TV is recording and/or transmitting voice data other than just the microphone icon on screen and make switching this off easier? Ditto. Could humans be less stupid about all this stuff? Jeez I'd like to think so. Look, if you are truly worried about all this then there is a very simple and bulletproof solution: stop talking to your TV. Seriously. What's so damn hard about pressing a button on your remote? I'm not meaning to sound glib here, and there is a serious point to be made, namely that in exchange for functionality and ease of use we are continually sacrificing privacy. Social media usage is the best example of this, quickly followed by the Internet of Things. How much privacy we are prepared to sacrifice is the issue, and in return for how much functionality? Taking the tinfoil hat approach to tech is not the answer, nor is handing over our data without any real thought. There has to be a balance somewhere, and there needs to be a conversation. Simply yelling at Samsung over what is, truth be told, something of a non-story does nothing to move that debate forward...

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Personally, I have concerns about the ability of my private conversations being open to monitoring. If my words are being sent into the ether then this is possible. Having said that, I have a laptop (several, actually) in the house, all of which are equipped with webcams and microphones and we have all heard stories about such devices being activated without the user's knowledge. In some cases this was done by authorities (school officials) acting in their official capacity, and in other cases by criminals not acting with any "authority". While I have the technical savvy to prevent such abuse, most people do not. I would not have such a TV in my house, even with the assurrance that I could disable the monitoring feature. Making an icon disappear from the screen does not mean that anything is disabled other than the displaying of the icon. We have been lied to before about the ability of our cell phones to collect and analyze our movements.

  1. The phone does not record your movements
  2. Well, it does but only so we can improve the service. We don't save the data.
  3. OK. We save the data but we don't tell anyone about it.
  4. Maybe the government, but only if they ask for it.

Who can say if a cell phone (or even your land line) can be remotely enabled to monitor your conversations without your knowledge. This may be paranoid rantings, but we have all seen that when such an ability is technically possible it will be used. Automatic recording and analysis of car licence plates was supposed to be a convenience for toll road users. Now it is routinely used to monitor your movement everywhere. Again, I personally do not care if my movement can be tracked this way. I'm just using it as an example of a technology that was available and was used. But if my every conversation in said vehicle was open to monitoring I would be more than a little concerned (On-Star, anyone)?

<edit>
And with computer security being such as it is, what is to prevent a third party from hacking in to either the TV or the external service that is monitoring the TV?
</edit>

Edited 1 Year Ago by Reverend Jim

Basically all machines and some apparent non-machines made this decade have this potential capability; it simply has to do with the appearance of technology approaching the nanometer barrier and going even smaller. [24 nanometers currently with 12 nanometers in labs.] ALL MACHINES CAN BE HACKED; 'hacking' means 'using a device for an unintended purpose'. [An old intelligence motto: "What can be encrypted can Always be unencrypted.] A new refrigerator is something you wouldn't buy. Many machines are affected by sound and thus are potential spying devices. Your car is one. And no, you simply don't know how to turn off everything unless it is disconnected from power FOR SOME UNKNOWN AMOUNT OF TIME; it will retain some data indefinitely; the only alternative is buying older equipment. This discussion started twenty years ago.