The worst products at CES for security and privacy
“I think there’s a chronic problem with consumer electronics not giving people the full picture they need to assess whether they want to use these tools,” said Cindy Cohn, executive director of privacy rights organization Electronic Frontier. Foundation.
Last week, the CES show floor buzzed with thousands of companies launching wearable health devices, smart TVs, autonomous vehicles, and other devices that rely on data from our bodies or homes. Many present themselves as the next big thing, but almost none directly address how they treat customer data after it’s collected or their approach to security.
“CES doesn’t seem to have a theme this year other than throw everything on the wall and see what sticks,” Kyle Wiens said in a live YouTube stream. Wiens is CEO of iFixit, which advocates for consumers’ right to have their devices repaired. “There are negative externalities to our society when that happens.”
Cohn and representatives from iFixit, Consumer Reports and other consumer advocacy groups completed a “Worst of the Show” from CES, highlighting which products could have the biggest negative impact on privacy, consumer choice and the environment. They included some of this year’s favorites, like the U-Scan urine sensor from connected healthcare company Withings, which analyzes hormone levels in urine and is being prepared for a US launch after the Supreme Court struck down abortion rights in June and some states have banned abortion, hormonal changes could potentially turn evidence of a crime. Withings said he stores that data indefinitely and, if required by law enforcement, “will comply with all legal requirements in the territories in which he operates.” He said he doesn’t otherwise share data with third parties.
The media tend not to ask tough questions about security at CES, and companies tend not to volunteer the information, Cohn said.
“Literally only one company mentioned [privacy or safety]and ironically it was a sexting app,” Leanna Miller said on the show floor. Miller said she works for a small company that makes reusable writing tablets and came to CES to see all the new products. The company she referred to was Blyynd, an adult network that claims to use encryption to promote safe sexting.
With few exceptions, technology companies address security when problems arise rather than taking more time to test products and develop secure features, said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), in an interview with CES margin.
The incentives from these companies are “really focused on cost, capacity, performance and speed to market, and not basic security,” he said.
Easterly’s speech at CES alongside CrowdStrike CEO George Kurtz focused on the rapidly rising costs and danger of cybercrime, which is often based on rushed products, they said. It was the first time a cybersecurity officer of Easterly’s rank had spoken on the show.
“When we think about the world we live in, we cannot accept that in ten years [cyber risks] they are going to be the same or worse,” he said during the talk.
That may depend on consumers demanding more secure products or the government regulating software, though Easterly said he doesn’t support “burdensome” regulation. Regulation could come in the form of stronger privacy safeguards or clearer communication with consumers about the risks a product poses. The White House has endorsed the idea of a “software materials list” in the style of a nutrition facts label that tells buyers what software components a product contains.
Last week, for example, the European Union fined Meta $414 million for hiding information about its targeted advertising business in its terms of service instead of obtaining meaningful consent from its users and giving them the option to opt out. Meta has said it intends to appeal the ruling and the fines. Risky technology like facial recognition is also under scrutiny in the EU
Meanwhile, at CES, companies touting facial recognition technology dot the show floor. Miko, a Disney-backed robot who claims to keep kids engaged, comes equipped with facial recognition and uses its camera to analyze children’s moods and map elements of your home, its website says. Its CEO said that all facial recognition data is stored on the device and not in the cloud.
then there is the smart home devices with camera — like the Landroid Vision autonomous lawn mower that navigates your yard. Its maker, WORX, said all images the mower captures are anonymized and any faces or house numbers are erased before the images are sent to the company’s cloud storage. Their privacy policy leaves room for data sharing for advertising.
Companies might choose to make useful, private, and repairable products, iFixit’s Wiens said during the Worst in Show announcement, but what’s the real purpose of a $200 travel mug with location-sharing capabilities and an irreplaceable battery?
“We already have thermoses,” he said. “They have phenomenal success. They’ve been around for a long time.”
Jamie Kaplan, vice president of communications for the CES producer Consumer Technology Association (CTA), said the show has fostered innovation, entrepreneurship and economic growth. This year, CTA received 3,200 exhibitors.
“CES requires exhibits to comply with US law, which favors innovation and focuses on restricting misbehavior rather than banning new and innovative products,” it said in a statement.