[Cryptography] German govt tells parents to destroy WiFi-connected doll

Henry Baker hbaker1 at pipeline.com
Mon Feb 20 09:30:08 EST 2017 

FYI --

http://www.theverge.com/2017/2/17/14647280/talking-doll-hack-cayla-german-government-ban

https://cdn1.vox-cdn.com/uploads/chorus_image/image/53288439/451250922.0.jpg

German watchdog tells parents to destroy WiFi-connected doll over surveillance fears

by James Vincent @jjvincent Feb 17, 2017, 7:34am EST

A German government watchdog has ordered parents to "destroy" an internet-connected doll for fear it could be used as a surveillance device.  According to a report from BBC News, the German Federal Network Agency said the doll (which contains a microphone and speaker) was equivalent to a "concealed transmitting device" and therefore prohibited under German telecom law.

The doll in question is "My Friend Cayla," a toy which has already been the target of consumer complaints in the EU and US.  In December last year, privacy advocates said the toy recorded kids' conversations without proper consent, violating the Children's Online Privacy Protection Act.

Cayla uses a microphone to listen to questions, sending this audio over Wi-Fi to a third-party company (Nuance) that converts it to text.  This is then used to search the internet, allowing the doll to answer basic questions, like "What's a baby kangaroo called?" as well as play games.  In addition to privacy concerns over data collection, security researchers found that Cayla can be easily hacked.  The doll's insecure Bluetooth connection can be compromised, letting a third party record audio via the toy, or even speak to children using its voice.

Although the FTC has not yet taken any action against Cayla or its makers Manufacturer Genesis Toys, German data and privacy laws are more stringent than those in America.  The legacy of the Stasi, the secret police force that set up one of the most invasive mass-surveillance regimes ever in Communist East Germany, has made the country's legislators vigilant against such infringements.

A spokesperson for the German Federal Network Agency or Bundesnetzagentur told the Sueddeutsche Zeitung that the law forbids the sale or possession of any product that can be used for hidden surveillance, no matter their outward appearance: "It doesn't matter what that object is -- it could be an ashtray or fire alarm."
----
My Friend Cayla sounds like an old Saturday Night Live fake commercial!

Perhaps Alexa is (should be) next?

More information about the cryptography mailing list