Security

LG Promises to Shut Down TV Spy Ops

LG Electronics on Thursday said it is preparing a firmware update to address concerns over the discovery that some of its smart TVs have been monitoring users’ viewing habits and sending the information back to the company without owners’ consent.

The issue was discovered when UK-based IT consultant Jason Huntley found that his LG smart TV had logged the channels he was watching and sent that data back to the company. Huntley, who blogged about his findings on Monday, reported that he discovered a setting called “Collection of watching info,” which is set on by default. Even after he had disabled the feature, however, Huntley’s TV continued to collect data, including the channel he was watching, he said.

Huntley also discovered that the LG Smart AD platform is designed to analyze programs watched by users as well as other online behavior such as search keywords used, and that this data can be provided to potential advertisers.

LG, which is currently the world’s second-largest TV maker, introduced its ad platform in 2012 as a way to target smart TV users. It now claims that it did not intend to gather personal information.

‘No Data Will Be Transmitted’

“Recently, it has been brought to our attention that there is an issue related to viewing information allegedly being gathered without consent,” said LG in a statement provided to the E-Commerce Times by John Taylor, vice president of public affairs and communications at LG Electronics USA. “Our customers’ privacy is a very important part of the Smart TV experience, so we began an immediate investigation into these claims.”

The information being collected is strictly viewing information such as channel, TV platform and broadcast source, but does not include personal data, LG maintains. Nonetheless, it is working on an update that will disable data transmission when users turn off the data-collection setting.

“This information is collected as part of the Smart TV platform to deliver more relevant advertisements and to offer recommendations to viewers based on what other LG Smart TV owners are watching,” LG said. “We have verified that even when this function is turned off by the viewers, it continues to transmit viewing information, although the data is not retained by the server. A firmware update is being prepared for immediate rollout that will correct this problem on all affected LG Smart TVs so when this feature is disabled, no data will be transmitted.

“LG regrets any concerns these reports may have caused and will continue to strive to meet the expectations of all our customers and the public,” the company added.

‘Netflix Knows What You Watch’

Given that smart TVs are connected to the Internet, it doesn’t seem too big a leap that in addition to streaming content, these devices could also gather information about what is being viewed.

“The temptation to collect data for internal product-development purposes or for sale to a third party is huge,” Greg Sterling, principal analyst at Sterling Market Intelligence, told the E-Commerce Times. “But the practice must be disclosed and consented to or quashed by regulators. If this is indeed going on, it needs to be strongly regulated, with heavy fines for violations, or potentially eliminated entirely.”

A critical point “is whether or not this practice was disclosed at the time of purchase,” opined Alan Webber, principal analyst at Asymmetric Insights. “It needs to be explicit, and without that it is a problem.

“You have to always assume that with these connected devices there could be collection of data that could go someplace and you may or may not agree with it being shared,” Webber told the E-Commerce Times. “This isn’t uncommon, however. Netflix knows what you watch, and cable providers know what you watch. A lot of this data is already being tracked.”

‘A Clear Example of Deception’

Still, the topic is a timely one, coming on the heels of not just an FTC workshop on the so-called “Internet of Things” earlier this week but also a recent enforcement action against a maker of connected home security camera systems that failed to encrypt the devices’ video stream, noted David Jacobs, consumer protection counsel for the Electronic Privacy Information Center.

“LG’s case looks like a clear example of deception,” Jacobs told the E-Commerce Times. “The company represents that users can control the disclosure of their data, and this representation turns out to be false.

“This violates the FTC Act and a host of analogous state consumer protection laws,” Jacobs added. “I can’t say whether this was intentional or just negligent, but we heard earlier at the FTC’s workshop that many manufacturers and developers of connected devices are not used to thinking about privacy and security.”

‘Three Likely Possibilities’

Legal consequences for LG are a distinct possibility. In the UK, in fact, the information commissioner’s office has already launched an investigation, according to a report in The Guardian.

In the U.S., meanwhile, there are “three likely possibilities,” Jacobs suggested: “enforcement by the FTC, enforcement by the state attorneys general, and private class-action lawsuits.”

The recent Google Safari tracking case is a particularly relevant example.

“There, Google placed advertising tracking cookies on Safari browsers despite telling users that it would honor the default Safari privacy settings, which prevented the placement of such cookies,” Jacobs noted. “The result was a US$22.5 million fine by the FTC, a $17 million fine by the state AGs, and a class-action lawsuit.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

E-Commerce Times Channels