Vizio Fined $2.2 Million For Not Telling Customers Their TVs Were Spying On Them
from the I-always-feel-like-somebody's-watching-me dept
Security isn't the only thing being ignored as hardware vendors rush to connect televisions, toasters, and tea kettles to the internet. Consumer privacy and data-collection transparency has also become a distant afterthought as companies rush to cash in on the ocean of data these connected-devices collect. The "smart" television sector has been notably problematic, with Samsung busted a few years back for not only recording customer living room conversations, but transmitting that data unencrypted back to the company mothership.
These are lessons that hardware vendors appear incapable or unwilling to learn. Case in point: this week the FTC announced that it had struck a $1.2 million settlement with discount TV vendor Vizio. According to the full FTC complaint (pdf), Vizio began using the company's smart televisions to track user behavior in 2014, without informing customers that this was happening. The FTC notes that Vizio for years heavily advertised a "Smart Interactivity" feature that "enables program offers and suggestions." But the complaint notes this feature never provided customers with a single suggestion.
But it did provide Vizio with a wonderful new way to collect and store a huge variety of consumer data under the pretense of adding consumer functionality. MAC addresses, IP addresses, nearby WiFi network names, metadata were all hoovered up and stored. And when the FTC says viewing data, it means that Vizio used pixel analysis to compile personal data on every program and device connected to the Vizio set:
"According to the agencies’ complaint, starting in February 2014, VIZIO, Inc. and an affiliated company have manufactured VIZIO smart TVs that capture second-by-second information about video displayed on the smart TV, including video from consumer cable, broadband, set-top box, DVD, over-the-air broadcasts, and streaming devices.
In addition, VIZIO facilitated appending specific demographic information to the viewing data, such as sex, age, income, marital status, household size, education level, home ownership, and household value, the agencies allege. VIZIO sold this information to third parties, who used it for various purposes, including targeting advertising to consumers across devices, according to the complaint."
Again, this in and of itself isn't that controversial, especially in the age of location data and cell phones. The fact that Vizio chose not to tell anyone this data was being collected is where the company ran afoul of the FTC. An FTC blog post has a little more detail on just how specific this data was, and to whom it was sold:
"And let’s be clear: We’re not talking about summary information about national viewing trends. According to the complaint, Vizio got personal. The company provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education, and home ownership. And Vizio permitted these companies to track and target its consumers across devices."
It's here that we'll remind you that the "anonymization" of data doesn't mean much. Time and time again, studies have shown that anonymized data sets aren't really anonymous, given that it only takes a few additional contextual clues (the likes of which companies that collect this sort of data already have) to ferret out personal identities.
It's not really clear how many settlements of this type it's going to take before "smart" hardware vendors acknowledge that being transparent with consumers (which frankly is neither onerous or particularly difficult for them in the 400-page EULA era) is important. And should we continue to weaken FCC and FTC privacy oversight of ISPs and hardware vendors (as is strongly implied by both agencies), that's less likely than ever to happen anytime soon.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
The First Word
“11 million victims, $2.7 million in penalties. That comes out to less than 25 cents per victim, after running a scam that made them "mountains of cash" according to the linked blog post. That's not even the proverbial "slap on the wrist!"
ISTM we need a law with real teeth to deal with stuff like this. It would be very simple: Any business that is found to have made money by breaking the law must be subject to a penalty no less than 100% of the gross revenue brought in by their illegal acts.
Since all the laws these days have to have some sort of snappy name, let's call it The Crime Does Not Pay Act.
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Unless we hear that the $2.2 million was more than the money they made selling that information, I'm going with the word taxed rather than fined.
[ link to this | view in chronology ]
taxed
yep. govt wetting its beak.
[ link to this | view in chronology ]
11 million victims, $2.7 million in penalties. That comes out to less than 25 cents per victim, after running a scam that made them "mountains of cash" according to the linked blog post. That's not even the proverbial "slap on the wrist!"
ISTM we need a law with real teeth to deal with stuff like this. It would be very simple: Any business that is found to have made money by breaking the law must be subject to a penalty no less than 100% of the gross revenue brought in by their illegal acts.
Since all the laws these days have to have some sort of snappy name, let's call it The Crime Does Not Pay Act.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
It's even more screwed up than that when you think about it.
With most asset forfeiture laws the police/government doesn't even need to demonstrate that you're guilty, your stuff is assumed to be 'guilty' and it's up to you to 'prove it's innocence' if you want it back, and one of the (bad) justifications for this is to prevent criminals from profiting from their crimes.
Conversely even when a company is found guilty of scams like this they not only get to keep everything they made from it, the 'fine' is paltry, and little more than the financial equivalent of a disapproving shake of the head.
[ link to this | view in chronology ]
Re: Re: Re:
Many fight and argue over the vote for a president while ignoring most other things that effect them more. They even, or rather more so, participate in the disaffection of members of opposing parties or ideologies as though they are real enemies, while completely ignoring the politicians that laugh at our ignorance and profit off our ignorance and gullibility.
We have auctioned our liberties in exchange for shackles with with to adorn ourselves with, and we mock & ridicule anyone that dares to expose it.
[ link to this | view in chronology ]
$2.2, $1.2 or $22 mil?
I think the actual number is $22mil....
[ link to this | view in chronology ]
Re: $2.2, $1.2 or $22 mil?
https://www.ftc.gov/news-events/press-releases/2017/02/vizio-pay-22-million-ftc-state-new-jersey- settle-charges-it
The $2.2 million payment by VIZIO includes a payment of $1.5 million to the FTC and $1 million to the New Jersey Division of Consumer Affairs, with $300,000 of that amount suspended.
[ link to this | view in chronology ]
Re: $2.2, $1.2 or $22 mil?
I think they're making up alternative numbers. The real number is probably closer to zero.
[ link to this | view in chronology ]
Re: $2.2, $1.2 or $22 mil?
[ link to this | view in chronology ]
"400-page EULA"
Some text hidden in a EULA is not "transparent".
[ link to this | view in chronology ]
civil asset Forfeiture
[ link to this | view in chronology ]
Re: civil asset Forfeiture
[ link to this | view in chronology ]
Data Sharing Disclosure Act
[ link to this | view in chronology ]
Those that tell you otherwise are the ones telling you it's ok that the camera on the utility pole outside your house with its attention trained on your window is there "for your safety".
These companies harvesting your data with or without your knowledge are not interested in either security (nor privacy) and the only way to stop this intrusion into our personal security is to not buy "smart devices" who's real purpose is not to provide you with a convenience, it's to harvest your daily habits to monetize them (or monitor them).
Please read 1984 and you'll find that the TVs and video screens in that novel are now a reality. If that doesn't run a chill down your spine, nothing will.
[ link to this | view in chronology ]
User-Experience Enrichment Is Job One
[ link to this | view in chronology ]
Re: User-Experience Enrichment Is Job One
[ link to this | view in chronology ]
"Oh woe is me, they fined me a couple of pennies from the hundred I made..."
It's not really clear how many settlements of this type it's going to take before "smart" hardware vendors acknowledge that being transparent with consumers (which frankly is neither onerous or particularly difficult for them in the 400-page EULA era) is important.
So long as it remains highly profitable to engage in such underhanded and sleazy tactics no amount of 'settlements' will get the message across. Sure they paid out 2.2 million, but if they didn't get several times that amount from selling what they gathered I would be extremely surprised, meaning the only lesson they learned is to be a little sneakier next time so their profits are even higher.
Hit 'em hard or don't bother.
[ link to this | view in chronology ]
Re: "Oh woe is me, they fined me a couple of pennies from the hundred I made..."
The message from government is quite clear; "You idiots got caught. Get your house in order."
The fine is for having a brief light shone on an industry that some people would rather remain unexposed.
[ link to this | view in chronology ]
So, it is ok then .....
if you tell them in the fine print (font 2.5) in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.'
[ link to this | view in chronology ]
This is not a fix, but...
[ link to this | view in chronology ]
Re: This is not a fix, but...
[ link to this | view in chronology ]
Re: Re: This is not a fix, but...
[ link to this | view in chronology ]