Bose Lawsuit For Collecting Headphone Data Is Flimsy, But Highlights Continued Lack Of Real Transparency
from the dumb-tech-is-often-smarter dept
Being transparent about what private consumer data is being collected and sold appears to be a hard lesson for hardware vendors to learn. Earlier this month, Bose was hit with a new lawsuit (pdf) accusing it of collecting and selling personal subscriber usage data of the company's $350 QC 35 noise-canceling headphones. More specifically, the lawsuit claims that the Bose Connect smartphone companion app is collecting user preferences when it comes to "music, radio broadcast, Podcast, and lecture choices" -- and then monetizing that data without making it clear to the end user:
Unbeknownst to its customers, however, Defendant designed Bose Connect to (i) collect and record the titles of the music and audio files its customers choose to play through their Bose wireless products and (ii) transmit such data along with other personal identifiers to third-parties—including a data miner—without its customers’ knowledge or consent...Though the data collected from its customers’ smartphones is undoubtedly valuable to the company, Defendant’s conduct demonstrates a wholesale disregard for consumer privacy rights and violates numerous state and federal laws.
To be clear, the complaint, filed last week by Bose customer Kyle Zak in federal court in Chicago, seems more than a little thin. The suit appears to piggyback on growing concern about the wave of internet of things devices (from televisions to smart dildos) that increasingly use internet connectivity to hoover up as much as possible about consumers. Often, this data is collected and transferred unencrypted to the cloud, then disseminated to any number of partner companies without adequate disclosure.
That said, while Bose marketing insists users need the app to "get the most out of your headphones" and get the "latest features" for their headphones, in this instance, users can avoid data collection by simply not using the Bose companion app. And while Bose only appears to be collecting metadata, the suit tries to somehow claim that collecting this type of metadata -- which any and every music service also happily collects -- somehow violates the Wiretap Act:
... customers must download and install Bose Connect to take advantage of the Bose Wireless Products’ features and functions. Yet, Bose fails to notify or warn customers that Bose Connect monitors and collects—in real time—the music and audio tracks played through their Bose Wireless Products. Nor does Bose disclose that it transmits the collected listening data to third parties.
Were Bose, say, using the headphone jack on a headset to monitor actual user communications, the case might have legs. That said, while the suit's central Wiretap Act claims may be weak, the suit once again highlights that consumer data collection policies, if disclosed at all, are often buried in overlong privacy policies few if any consumers actually read -- using language carefully crafted to obfuscate what precisely is happening. Bose doesn't really help its case all that much in a statement on its website that declares the lawsuit "inflammatory" and "misleading," before being a little misleading itself:
We understand the nature of Class Action lawsuits. And we’ll fight the inflammatory, misleading allegations made against us through the legal system. For now, we want to talk directly to you. Nothing is more important to us than your trust. We work tirelessly to earn and keep it, and have for over 50 years. That’s never changed, and never will. In the Bose Connect App, we don’t wiretap your communications, we don’t sell your information, and we don’t use anything we collect to identify you – or anyone else – by name.
While Bose insists it doesn't "sell your information" -- its app privacy policy does note that it "may partner with certain third parties" to "engage in analysis, auditing, research, and reporting" (hey, it's not selling if we call it something else). And while Bose may not personally identify you "by name," we've long noted that "anonymized" data is far from anonymous. Study after study has made it clear that it only takes a shred of additional contextual data to make "anonymous" data easily and personally identifiable. If "trust" were truly Bose's top priority, they'd actually explain precisely what the app is doing, who data is sent to, and why.
Again, many may not care that Bose is collecting this data. Especially in an age where everybody carries around a miniature computer in their pocket, happily oblivious that their every step and click are being monetized by cellular carriers, app vendors, OS makers, advertising networks, and everybody else in the food chain. The problem is that companies continue to believe there's nothing wrong with hoovering up every shred of data they can, then hiding this collection in overlong, carefully-worded privacy policies -- and the false sense of security "anonymization" is supposed to provide.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: information, kyle zak, privacy, tracking, transparency, wiretap act
Companies: bose
Reader Comments
Subscribe: RSS
View by: Time | Thread
But if I download the app it should make crystal clear and visible that they want to collect the data. As you noted, shame on Bose. Going without would work but if you don't know what's happening then you don't have the information to opt by going without.
[ link to this | view in thread ]
you keep using that word....
[ link to this | view in thread ]
And here I thought Metadata was just as revealing as content if not moreso! That's been the consistent position of TechDirt's authors in the past when its come to government surveillance. Why is it "just" metadata this time around?
[ link to this | view in thread ]
Re: you keep using that word....
It's metadata, which is a type of data. So it's both.
[ link to this | view in thread ]
[ link to this | view in thread ]
Gotta update the motto
[ link to this | view in thread ]
This story may give copyright trolls another tool: When a song is downloaded, they could get a court order demanding to know whether someone at the same IP address with Bose headphones listened to it later. And if so, what name is associated with those headphones.
It would not be unreasonable to suspect that like Bose, Windows 10's default "Groove" music app - as well as iTunes and others - are reporting your playlist even when you play music off your local drive. Any guesses on whether the RIAA and MPAA will demand mandatory data collection and access "to stop criminals?"
[ link to this | view in thread ]
Re: "only appears to be collecting metadata"
That is, they really are collecting something (it's more than an appearance). But what they're collecting is only metadata (song lists).
Whether it can be de-anonymized or not matters. As the article notes, in many cases supposedly anonymized data can be pretty easily de-anonymized.
It's not clear if that's the case here.
[ link to this | view in thread ]
Bose may be hiring 3rd parties, not selling data to them
To be fair to Bose,
MAY mean that they hire 3rd parties to analyze the data for them.
Or not. It may mean they license others to use the data.
I really don't have a problem with this, on condition the data is properly and irreversibly anonymized.
[ link to this | view in thread ]
[ link to this | view in thread ]
Instead of efforts to force de-anonymization and transparency, they should simply be banned from collecting anything but the most basic, and absolutely required, data.
(Well, that and ban contracts of adhesion, but that's a different ball of wax.)
[ link to this | view in thread ]
correction
[ link to this | view in thread ]
Re: you keep using that word....
[ link to this | view in thread ]
Re: banned from collecting anything
It removes the option for people to make mutually advantageous agreements.
By all means, require real and meaningful disclosure (not buried "on page 57 of the EULA").
But let consenting adults make the deals with each other they want to make.
[ link to this | view in thread ]
[ link to this | view in thread ]
Friends don't let friends buy Bose
The basic reason for that saying is a common opinion that over the years Bose has generally offered low sound quality per dollar spent.
Now Bose has given us another reason!
A bit of history and for another reason read up on the Bose vs Consumer Reports (CR). Bose sued CR over a review of one of their speakers in 1970. CR won in the Supreme Court, but it almost bankrupted CR.
However, Bose did win something: Bose speakers were and still are rarely mentioned in the audio press. Meanwhile, through heavy advertising and successful marketing, and without any pesky negative reviews, Bose grew into one of the biggest if not the biggest speaker company in the US.
*I saw "audio-lover," instead of "audiophile." Audiophiles are often snobbish and foolish (audiophools), and buy into audio quackery and spend too much $$$$ etc. I know; I consider myself one. By audio-lover I mean anyone, including rational people, who likes good sound reproduced through audio equipment. In audio circles there are many audio-lovers who are not "audiophiles."
[ link to this | view in thread ]
Re:
Good point. What about teh Bose Soundtouch app. I found oiut today that Bose knows what Bose speakers I have turned on.
Likely that same conduit that send Bose data abut what speakers I'm using, when etc. is likely sending data on what internet radio I'm listening too. Or what from my iTunes library am I listening too. Perhaps they even know have a complete list of all my iTunes library tittles. Totally sucks. I believe this goes back to when Bose stopped supporting AirPlay. Likely Apple refused to provide them the hooks to collect user data. So they decided to begin forcing there customers to use their app..
[ link to this | view in thread ]