Legal Issues

by Karl Bode


Filed Under:
ftc, smart tv, spying

Companies:
vizio



Vizio Fined $2.2 Million For Not Telling Customers Their TVs Were Spying On Them

from the I-always-feel-like-somebody's-watching-me dept

Security isn't the only thing being ignored as hardware vendors rush to connect televisions, toasters, and tea kettles to the internet. Consumer privacy and data-collection transparency has also become a distant afterthought as companies rush to cash in on the ocean of data these connected-devices collect. The "smart" television sector has been notably problematic, with Samsung busted a few years back for not only recording customer living room conversations, but transmitting that data unencrypted back to the company mothership.

These are lessons that hardware vendors appear incapable or unwilling to learn. Case in point: this week the FTC announced that it had struck a $1.2 million settlement with discount TV vendor Vizio. According to the full FTC complaint (pdf), Vizio began using the company's smart televisions to track user behavior in 2014, without informing customers that this was happening. The FTC notes that Vizio for years heavily advertised a "Smart Interactivity" feature that "enables program offers and suggestions." But the complaint notes this feature never provided customers with a single suggestion.

But it did provide Vizio with a wonderful new way to collect and store a huge variety of consumer data under the pretense of adding consumer functionality. MAC addresses, IP addresses, nearby WiFi network names, metadata were all hoovered up and stored. And when the FTC says viewing data, it means that Vizio used pixel analysis to compile personal data on every program and device connected to the Vizio set:

"According to the agencies’ complaint, starting in February 2014, VIZIO, Inc. and an affiliated company have manufactured VIZIO smart TVs that capture second-by-second information about video displayed on the smart TV, including video from consumer cable, broadband, set-top box, DVD, over-the-air broadcasts, and streaming devices.

In addition, VIZIO facilitated appending specific demographic information to the viewing data, such as sex, age, income, marital status, household size, education level, home ownership, and household value, the agencies allege. VIZIO sold this information to third parties, who used it for various purposes, including targeting advertising to consumers across devices, according to the complaint."

Again, this in and of itself isn't that controversial, especially in the age of location data and cell phones. The fact that Vizio chose not to tell anyone this data was being collected is where the company ran afoul of the FTC. An FTC blog post has a little more detail on just how specific this data was, and to whom it was sold:

"And let’s be clear: We’re not talking about summary information about national viewing trends. According to the complaint, Vizio got personal. The company provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education, and home ownership. And Vizio permitted these companies to track and target its consumers across devices."

It's here that we'll remind you that the "anonymization" of data doesn't mean much. Time and time again, studies have shown that anonymized data sets aren't really anonymous, given that it only takes a few additional contextual clues (the likes of which companies that collect this sort of data already have) to ferret out personal identities.

It's not really clear how many settlements of this type it's going to take before "smart" hardware vendors acknowledge that being transparent with consumers (which frankly is neither onerous or particularly difficult for them in the 400-page EULA era) is important. And should we continue to weaken FCC and FTC privacy oversight of ISPs and hardware vendors (as is strongly implied by both agencies), that's less likely than ever to happen anytime soon.


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • icon
    Berenerd (profile), 7 Feb 2017 @ 12:05pm

    And we are now headed to where this will be a thing of the past. We will no longer need to worry about companies just doing what ever they want. We will have no say in the matter as the FTC is turned into a front for nefarious deeds. All consumer protections will be stripped and tossed away like week old banana peels.

    reply to this | link to this | view in chronology ]

  • identicon
    UniKyrn, 7 Feb 2017 @ 12:07pm

    $2.2Mil per customer? Hey, I've got one of those TV's, what my cut of the settlement? :)

    reply to this | link to this | view in chronology ]

  • identicon
    William Braunfeld, 7 Feb 2017 @ 12:08pm

    The saddest part of this article is you saying that a television collecting reams of personal data about the people around it "in and of itself isn't contoversial."

    reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 7 Feb 2017 @ 12:15pm

    VIZIO sold this information to third parties

    Unless we hear that the $2.2 million was more than the money they made selling that information, I'm going with the word taxed rather than fined.

    reply to this | link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 7 Feb 2017 @ 12:16pm

    11 million victims, $2.7 million in penalties. That comes out to less than 25 cents per victim, after running a scam that made them "mountains of cash" according to the linked blog post. That's not even the proverbial "slap on the wrist!"

    ISTM we need a law with real teeth to deal with stuff like this. It would be very simple: Any business that is found to have made money by breaking the law must be subject to a penalty no less than 100% of the gross revenue brought in by their illegal acts.

    Since all the laws these days have to have some sort of snappy name, let's call it The Crime Does Not Pay Act.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 7 Feb 2017 @ 2:44pm

      Re:

      Funny how it works. Human criminals can't so much as make money on prison memoirs with "Son of Sam" laws but corporate ones get to keep the money from their crimes.

      reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 7 Feb 2017 @ 5:33pm

        Re: Re:

        It's even more screwed up than that when you think about it.

        With most asset forfeiture laws the police/government doesn't even need to demonstrate that you're guilty, your stuff is assumed to be 'guilty' and it's up to you to 'prove it's innocence' if you want it back, and one of the (bad) justifications for this is to prevent criminals from profiting from their crimes.

        Conversely even when a company is found guilty of scams like this they not only get to keep everything they made from it, the 'fine' is paltry, and little more than the financial equivalent of a disapproving shake of the head.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 7 Feb 2017 @ 6:12pm

          Re: Re: Re:

          Indeed, one of wisdom requires little other proof to understand that we live in a police state controlled by an oligarchy. Or at least some very similar parallels of the two.

          Many fight and argue over the vote for a president while ignoring most other things that effect them more. They even, or rather more so, participate in the disaffection of members of opposing parties or ideologies as though they are real enemies, while completely ignoring the politicians that laugh at our ignorance and profit off our ignorance and gullibility.

          We have auctioned our liberties in exchange for shackles with with to adorn ourselves with, and we mock & ridicule anyone that dares to expose it.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2017 @ 12:20pm

    $2.2, $1.2 or $22 mil?

    I see 3 diff numbers here for the fine amount Karl.
    I think the actual number is $22mil....

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2017 @ 12:25pm

    "400-page EULA"

    It's not really clear how many settlements of this type it's going to take before "smart" hardware vendors acknowledge that being transparent with consumers (which frankly is neither onerous or particularly difficult for them in the 400-page EULA era) is important.

    Some text hidden in a EULA is not "transparent".

    reply to this | link to this | view in chronology ]

  • identicon
    kog999, 7 Feb 2017 @ 12:33pm

    civil asset Forfeiture

    seems like this would be a good use of Civil Asset Forfeiture. The money was illegally obtain therefore is guilty. all money the company made should then be subject to Forfeiture. That's how it works right. Hell in this case there is even evidence! can you believe it not only is the money guilty but its also proven guilty. how is law enforcement not entitled to it. Humvee's for everyone!

    reply to this | link to this | view in chronology ]

  • icon
    Mark Harrill (profile), 7 Feb 2017 @ 12:34pm

    Data Sharing Disclosure Act

    Didn't one of the Congresscritters propose a law that required full disclosure of data sharing akin to what financial companies have to do with both the data they collect and share as well as with the proper financial disclosures? What would it take to make a clear disclosure law like that for all of your data plans and devices?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2017 @ 12:35pm

    Please repeat after me: "Privacy cannot be separated from security. Without security there is no privacy. Without privacy there is no security."

    Those that tell you otherwise are the ones telling you it's ok that the camera on the utility pole outside your house with its attention trained on your window is there "for your safety".

    These companies harvesting your data with or without your knowledge are not interested in either security (nor privacy) and the only way to stop this intrusion into our personal security is to not buy "smart devices" who's real purpose is not to provide you with a convenience, it's to harvest your daily habits to monetize them (or monitor them).

    Please read 1984 and you'll find that the TVs and video screens in that novel are now a reality. If that doesn't run a chill down your spine, nothing will.

    reply to this | link to this | view in chronology ]

  • identicon
    Mr Big Content, 7 Feb 2017 @ 1:50pm

    User-Experience Enrichment Is Job One

    If you want to know why we Innovative, Successful Companies do what we do, remember it's all about Enrichment of the User Experience. Because that way lies the path to Excellence. Before considering any new Strategy, ask the question: how will this Enrich the User Experience? What is the User Experiencing--is it being Enriched? Is User Enrichment being Experienced? Are we providing Experience Enrichment for the User? Because the User must always be Enriched by Experiencing an Enriched User Experience--otherwise there's no point coming in to work in the morning.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 7 Feb 2017 @ 3:33pm

    "Oh woe is me, they fined me a couple of pennies from the hundred I made..."

    It's not really clear how many settlements of this type it's going to take before "smart" hardware vendors acknowledge that being transparent with consumers (which frankly is neither onerous or particularly difficult for them in the 400-page EULA era) is important.

    So long as it remains highly profitable to engage in such underhanded and sleazy tactics no amount of 'settlements' will get the message across. Sure they paid out 2.2 million, but if they didn't get several times that amount from selling what they gathered I would be extremely surprised, meaning the only lesson they learned is to be a little sneakier next time so their profits are even higher.

    Hit 'em hard or don't bother.

    reply to this | link to this | view in chronology ]

    • identicon
      Cowardly Lion, 8 Feb 2017 @ 1:45am

      Re: "Oh woe is me, they fined me a couple of pennies from the hundred I made..."

      The message from government is quite clear; "You idiots got caught. Get your house in order."

      The fine is for having a brief light shone on an industry that some people would rather remain unexposed.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2017 @ 4:57pm

    "Vizio Fined $2.2 Million For Not Telling Customers Their TVs Were Spying On Them"

    So, it is ok then .....
    if you tell them in the fine print (font 2.5) in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.'

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Feb 2017 @ 6:25am

    This is not a fix, but...

    could we break, or disable, the unwanted microphones and cameras on these "smart" devices?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Caution: Copyright
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.