-
Not Synced
Do you remember when you were a child,
-
Not Synced
you probably had a favorite toy
that was a constant companion,
-
Not Synced
like Christopher Robin
had Winnie the Pooh,
-
Not Synced
and your imagination
fueled endless adventures?
-
Not Synced
What could be more innocent than that?
-
Not Synced
Well, let me introduce you
to my friend Cayla.
-
Not Synced
Cayla was voted toy of the year
in countries around the world.
-
Not Synced
She connects to the internet
and uses speech recognition technology
-
Not Synced
to answer your child's questions,
-
Not Synced
respond just like a friend.
-
Not Synced
But the power doesn't lie
with your child's imagination.
-
Not Synced
It actually lies with the company
harvesting masses of personal information
-
Not Synced
while your family is innocently
chatting away in the safety of their home,
-
Not Synced
a dangerously false sense of security.
-
Not Synced
This case sounded alarm bells for me,
-
Not Synced
as it is my job to protect
consumers' rights in my country.
-
Not Synced
And with billions of devices such as cars,
-
Not Synced
energy meters, and even vacuum cleaners
expected to come online by 2020,
-
Not Synced
we thought this was a case
worth investigating further,
-
Not Synced
because what was Cayla doing
-
Not Synced
with all the interesting things
she was learning?
-
Not Synced
Did she have another friend she was
loyal to and shared her information with?
-
Not Synced
Yes, you guessed right. She did.
-
Not Synced
In order to play with Cayla,
-
Not Synced
you need to download an app
to access all her features.
-
Not Synced
Parents must consent to the terms
being changed without notice.
-
Not Synced
The recordings of the child,
her friends and family,
-
Not Synced
can be used for targeted advertising.
-
Not Synced
And all this information can be shared
with unnamed third parties.
-
Not Synced
Enough? Not quite.
-
Not Synced
Anyone with a smartphone
can connect to Cayla
-
Not Synced
within a certain distance.
-
Not Synced
When we confronted the company
that made and programmed Cayla,
-
Not Synced
they issued a series of statements
-
Not Synced
that one had to be an IT expert
in order to breach the security.
-
Not Synced
Shall we fact-check that statement
and livehack Cayla together?
-
Not Synced
Here she is.
-
Not Synced
Cayla is equipped with a bluetooth device
-
Not Synced
which can transmit up to 60 feet,
-
Not Synced
a bit less if there's a wall between.
-
Not Synced
That means I, or any stranger,
can connect to the doll
-
Not Synced
while being outside the room
where Cayla and her friends are,
-
Not Synced
and to illustrate this,
-
Not Synced
I'm going to turn Cayla on now.
-
Not Synced
Let's see, one, two, three.
-
Not Synced
There. She's on. And I'll ask a colleague
-
Not Synced
to stand outside with his smartphone,
-
Not Synced
and he's connected,
-
Not Synced
and to make this a bit creepier
-
Not Synced
(Laughter)
-
Not Synced
let's see what kids could hear Cayla say
in the safety of their room.
-
Not Synced
Man: Hi. My name is Cayla. What is yours?
-
Not Synced
Finn Myrstad: Uh, Finn.
-
Not Synced
Man: Is your mom close by?
-
Not Synced
FM: Uh, no, she's in the store.
-
Not Synced
Man: Ah. Do you want
to come out and play with me.
-
Not Synced
FM: That's a great idea.
-
Not Synced
Man: Ah. Great.
-
Not Synced
FM: I'm going to turn Cayla off now.
-
Not Synced
(Laughter)
-
Not Synced
We needed no password
-
Not Synced
or to circumvent any other
type of security to do this.
-
Not Synced
We published a report
in 20 countries around the world,
-
Not Synced
exposing this significant security flaw
-
Not Synced
and many other problematic issues.
-
Not Synced
So what happened?
-
Not Synced
Cayla was banned in Germany,
-
Not Synced
taken off the shelves
by Amazon and Wal-Mart,
-
Not Synced
and she's now peacefully resting
-
Not Synced
at the German Spy Museum in Berlin.
-
Not Synced
(Laughter)
-
Not Synced
However, Cayla was also for sale
in stores around the world
-
Not Synced
for more than a year
after we published our report.
-
Not Synced
What we uncovered is that there
are few rules to protect us,
-
Not Synced
and the ones we have
are not being properly enforced.
-
Not Synced
We need to get the security
and privacy of these devices right
-
Not Synced
before they enter the market,
-
Not Synced
because what is the point
of locking a house with the key
-
Not Synced
if anyone can enter it
through a connected device?
-
Not Synced
You may well think,
"This will not happen to me.
-
Not Synced
I will just stay away
from these flawed devices."
-
Not Synced
But that won't keep you safe,
-
Not Synced
because simply by
connecting to the internet,
-
Not Synced
you are put in an impossible
take-it-or-leave-it position.
-
Not Synced
Let me show you.
-
Not Synced
Like most of you, I have
dozens of apps on my phone,
-
Not Synced
and used properly,
they can make our lives easier,
-
Not Synced
more convenient,
and maybe even healthier.
-
Not Synced
But have we been lulled
into a false sense of security?
-
Not Synced
It starts simply by ticking a box.
-
Not Synced
Yes, we say,
-
Not Synced
I've read the terms.
-
Not Synced
But have you really read the terms?
-
Not Synced
Are you sure they didn't look too long,
-
Not Synced
and your phone was running out of battery,
-
Not Synced
and the last time you tried
they were impossible to understand,
-
Not Synced
and you needed to use the service now?
-
Not Synced
And now, the power
imbalance is established,
-
Not Synced
because we have agreed
to our personal information
-
Not Synced
being gathered and used on a scale
we could never imagine.
-
Not Synced
This is why my colleagues and I decided
to take a deeper look at this.
-
Not Synced
We set out to read the terms
-
Not Synced
of popular apps on an average phone,
-
Not Synced
and to show the world
how unrealistic it is
-
Not Synced
to expect consumers
to actually read the terms,
-
Not Synced
we printed them,
-
Not Synced
more than 900 pages,
-
Not Synced
and sat down in our office
and read them out loud ourselves,
-
Not Synced
streaming the experiment
live on our websites.
-
Not Synced
As you can see, it took quite a long time.
-
Not Synced
It took us 31 hours,
49 minutes, and 11 seconds
-
Not Synced
to read the terms on an average phone.
-
Not Synced
That is longer than a movie marathon
of the Harry Potter movies
-
Not Synced
and the Godfather movies combined.
-
Not Synced
(Laughter)
-
Not Synced
And reading is one thing.
-
Not Synced
Understanding is another story.
-
Not Synced
That would have taken us
much, much longer.
-
Not Synced
And this is a real problem,
because companies have argued
-
Not Synced
for 20 to 30 years against
regulating the internet better,
-
Not Synced
because users have consented
to the terms and conditions.
-
Not Synced
As we've shown with this experiment,
-
Not Synced
achieving informed consent
is close to impossible.
-
Not Synced
Do you think it's fair to put the burden
of responsibility on the consumer?
-
Not Synced
I don't.
-
Not Synced
I think we should demand
less take-it-or-leave-it
-
Not Synced
and more understandable terms
before we agree to them.
-
Not Synced
(Applause)
-
Not Synced
Thank you.
-
Not Synced
Now, I would like to tell you
a story about love.
-
Not Synced
Some of the world's most
popular apps are dating apps,
-
Not Synced
an industry now worth more than,
or close to, three billion dollars a year.
-
Not Synced
And of course, we're okay
sharing our intimate details
-
Not Synced
with our other half.
-
Not Synced
But who else is snooping,
-
Not Synced
saving, and sharing our information
-
Not Synced
while we are baring our souls?
-
Not Synced
My team and I decided to investigate this,
-
Not Synced
and in order to understand
the issue from all angles
-
Not Synced
and to truly do a thorough job,
-
Not Synced
I realized I had to download
-
Not Synced
one of the world's
most popular dating apps myself.
-
Not Synced
So I went home to my wife
-
Not Synced
(Laughter)
-
Not Synced
who I had just married.
-
Not Synced
"Is it OK if I establish a profile
on a very popular dating app
-
Not Synced
for purely scientific purposes?"
-
Not Synced
This is what we found.
-
Not Synced
Hidden behind the main menu
was a pre-ticked box
-
Not Synced
that gave the dating company access
to all my personal pictures on Facebook,
-
Not Synced
in my case more than 2,000 of them,
-
Not Synced
and some were quite personal.
-
Not Synced
And to make matters worse,
-
Not Synced
when we read the terms and conditions,
-
Not Synced
we discovered the following,
-
Not Synced
and I'm going to need to take out
my reading glasses for this one.
-
Not Synced
And I'm going to read it for you,
because this is complicated.
-
Not Synced
All right.
closed TED
