Q&A: Privacy and Security Issues with Smart Speakers
Featuring Phyllis Marcus
Partner at Hunton Andrews Kurth LLP + Speaker & Expert on Children's Online Privacy Laws
Phyllis Marcus heads the advertising counseling practice at Hunton Andrews Kurth LLP. She also focuses on privacy issues related to mobile commerce and is a national expert in children’s online privacy law. She is frequently interviewed by media outlets, including Bloomberg Law, Law360, The New York Times, The Washington Post, and NPR Marketplace. In this interview, Phyllis talks about privacy and security issues surrounding our smart speaker devices.
AMY KWAK: I’m not a tech person who has a lot of gadgets, like an Alexa or Ring doorbell. Does that mean I don’t have a smart speaker? What exactly is a smart speaker?
PHYLLIS MARCUS: Smart speakers are hidden in places where you might not expect them. For example, if you have an internet connected TV, you have a smart speaker. Internet connected devices, such as tablets, laptops, and even children’s toys, can have smart speakers enabled in them.
PHYLLIS MARCUS: When you are setting up the device, you have to agree on the terms of service for the product, which is a contract between you and the manufacturer. But there are now more granular privacy settings in the settings portion of your device, so you can think through the choices the manufacturer is giving you and set up the device based on your comfort level. For example, you can choose if you want voice recordings to be saved and for how long, or that you want them deleted altogether. Based on your settings though, the manufacturer might say the functionality of the smart speaker might be less than optimal because the manufacturer uses your voice to use artificial intelligence to make voice searches better and smarter. So you need to weigh having a voice-activated system that is as up to date and up to speed as possible, against how comfortable you are with recordings going back in time that are captured, transcribed, and held by the company.
PHYLLIS MARCUS: There are tons of uses for your searches downstream, and they could be shared widely with advertisers. There is a complicated ecosystem where your information could be disseminated all over the place for you to get more personalized advertising directed back to you. But again, with certain products, you might be able to turn off uses for personalized advertising, in which case you won’t see targeted ads that you might be interested in, based on your searches.
PHYLLIS MARCUS: Privacy deals with the bits and pieces of information that a company collects about you and from you. Security deals with how the company keeps that information safe once it’s gathered. While separate, they merge in consumers’ minds because you want to give as little information about yourself in order to make your product function, and then you want to know your information is being stored securely.
Even with companies that are household names, there are both privacy and security questions that regulators and law enforcers look into. The Federal Trade Commission is the primary agency that enforces both privacy and security. For example, the FTC settled with Zoom regarding allegations that Zoom represented it encrypted users’ data in a certain way, when it actually couldn’t secure peoples’ data the way Zoom represented and meet those privacy promises. The FTC also alleged Zoom downloaded a particular installer in the background that was difficult for users to uninstall because users didn’t realize it was there.