Today, Consumer Reports released their initial findings on the privacy and security aspects of Smart TVs. Applying their Digital Standard (developed with Ranking Digital Rights and other partner organizations), Consumer Reports identified a range of important privacy aspects and potential security vulnerabilities in Smart TVs from five leading manufacturers (Sony, Samsung, LG, TCL, and Vizio).
As we noted last week in our discussion of Smart TVs, it can be challenging for even well-informed buyers to locate and fully understand the data policies of their TVs. This is complicated by the fact that data from internet-connected TVs may be collected and processed by multiple entities (manufacturers, operating system providers, and third-party apps such as Netflix and Hulu). In addition, the market for TV data is still relatively nascent, although growing rapidly. As buyers become attuned to privacy and security features of all connected devices — including the broader Internet of Things (TVs, smartphones, smart homes, and connected cars) — we expect that the market for secure, privacy-conscious consumer technology will improve and grow.
In response, Roku has expressed their disagreement with Consumer Reports’ characterization of a potential security vulnerability, and Consumer Reports will be conducting a live Q&A Privacy Hour this evening (8-9pm ET / 5-6pm PT) about digital privacy, smart TV and toys, and best practices.
We expect Consumer Reports to continue studying and publishing their findings related to privacy and security features of connected devices. Here are some things we look forward to seeing:
- More detailed analysis: In their initial report, Consumer Reports has rolled out their findings in a way that seems well-crafted to help consumers exercise choices about their Smart TV’s data practices, for instance by publishing a step-by-step guide to the privacy controls of different TVs. In order to further elevate the Digital Standard as an open, transparent, and useful framework, we hope Consumer Reports will identify which specific factors the researchers used, what they found, and how the findings informed their assessments.
- Consumer (and manufacturer) responses: Although privacy and security aspects are not yet built in to Consumer Reports’ longstanding buying guides and manufacturer reviews, we know that the eventual goal is to incorporate privacy and security into these reviews. Will buyers alter their choices in response? If so, will manufacturers adapt to provide greater transparency and more robust choices? While privacy and security are key aspects of any connected device, TV buyers in particular might choose to prioritize other aspects, like screen size and picture quality.
- Engagement with companies: As can be seen in the existing Digital Standard (particularly the criteria that are still “under development” and “under discussion”), while some aspects of connected devices can be easily evaluated, such as whether data is encrypted in transit, many other practices cannot be easily measured. For example, after data is collected, what does a company do with it (if not spelled out in a policy)? What are companies’ practices around collecting outside third-party data (“on boarding”) and syncing it with their existing data? Although Consumer Reports traditionally acts as an independent outside observer, it will likely become increasingly necessary for them to ask questions of companies to gain additional insight. Conducting this kind of analysis in a principled way — for example, through trusted intermediaries or standardized questionnaires — will be a key challenge.
- Application to other connected devices: We agree that TVs are a natural place to start, especially as Smart TVs are increasingly envisioned as the smart home hub for all of a family’s connected devices. We look forward to seeing the Digital Standard applied to these other connected home devices as well.
Overall, we commend Consumer Reports on their important work. As internet-connected home devices continue to proliferate, these initial findings represent an important milestone in making privacy and security features accessible to consumers, researchers, and advocates.