Thursday, April 20, 2017

German Telecommunications Authority To Parents: "Destroy That Doll!"

The WSJ article 'German Officials Order Parents To Execute A Spy - Cayla The Doll' (April, 12, p. A1) wasn't making sport.   In the eyes of German authorities - who take seriously the protection of citizen privacy unlike the U.S., the doll "Cayla" was an unwanted intruder into the German landscape. And that meant it had to be destroyed.

As the article notes, on Feb. 17th, after a lengthy investigation, Germany's top telecommunications watchdog: the Federal Network Agency (Bundesnetzagentur) , issued a binding order to parents to find this plastic entity and destroy it. Parents who ignored the order faced a fine of up to 25,000 euros (about $26,500) an also faced up to two years in prison under paragraph 90 of Germany's telecommunications law.  And no, the word of parents was insufficient to get a pass.

The agency, on its website, posted a template for a destruction certificate that had to be faithfully completed - no bull. It then had to be signed by personnel at a waste management company as proof of destruction.  

The Bundesnetzagentur investigation found that while the spy doll can't connect directly to the internet it can be accessed via Bluetooth using any mobile device loaded with the 'My Friend Cayla' app.  Such access then is not protected so that any conversation a child might have, say with the doll or her parents, could be intercepted and eavesdropped on by a malicious outsider, or even neighbor, so the Germans weren't taking chances.

Nor is this doll the first spy toy to meet such a fate. As the WSJ article notes, "a toy robot was sent to the scrap yard because its head was embedded with an internet-enabled camera concealed behind a black visor." The agency also exposed a panda bear last year "with a camera hidden in its nose that operated as a nanny cam and could connect to a mobile phone" to enable outsider access.

So we see the Germans are not simply being paranoid and over reacting. According to one law student (Stefan Hessel) - who penned the legal opinion used by the agency:

"It's pretty bad bringing a doll on the market that anybody within a 30 foot radius can connect to. A regular Bluetooth loudspeaker is better protected."

Of course, the doll's distributor - Vivid Germany GmbH - insists it didn't "break the law" - but that's not the point. The point isn't that the doll "broke the law" any more than a legal gun lying on a desk has broken the law. But when the doll is accessed via Bluetooth and the connecting app, it can certainly be used for nefarious reasons - just like that gun when picked up and fired at someone's head.

Hyperbole - by comparing an activated spying doll to a fired gun?  Not to the Germans who've imposed prison sentences for failure to comply with 'Cayla's destruction. As I noted, the Germans take their citizens' privacy seriously - unlike the U.S. - where citizens' data, including medical - can be sold to the highest bidder.

See also:

No comments: