The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Feature Creep and Our Creepy Future



The robots are coming for our jobs, little by little, and now our appliances are coming for our private data, too.

This week has brought news that VIZIO, a large manufacturer of smart TVs, had installed software on millions of its sets that allowed the company to gather a huge amount of information on customers’ viewing habits. The software, known as automatic content recognition, gave VIZIO a continuous stream of data on exactly what a given customer was watching at any point in time, whether it was from a cable box, a streaming service, or a DVD player, according to a complaint from the Federal Trade Commission.

“Through the ACR software, VIZIO’s televisions transmit information about what a consumer is watching on a second-by-second basis. Defendants’ ACR software captures information about a selection of pixels on the screen and sends that data to VIZIO servers, where it is uniquely matched to a database of publicly available television, movie, and commercial content,” the FTC complaint says.

“Defendants collect viewing data from cable or broadband service providers, set-top boxes, external streaming devices, DVD players, and over-the-air broadcasts. Defendants have stated that the ACR software captures up to 100 billion data points each day from more than 10 million VIZIO televisions. Defendants store this data indefinitely.”

The amount of detailed data that the TVs were collecting about viewing habits is staggering, and it gives VIZIO, and whatever third-party companies it sells the data to, a highly specific picture of consumers’ habits and preferences. And that, of course, is exactly what the intent of the software is. Marketers have an insatiable appetite for demographic data, information about their target audience’s tastes and preference, and any other morsels that will allow them greater insights into consumers’ psyches. More data means more precisely targeted pitches, which equals more money.

But in this case, it cost VIZIO quite a bit of money. The company agreed to pay a $2.2 million fine and create a comprehensive privacy program in order to settle the charges by the FTC and the New Jersey attorney general.

We’re often told that security and privacy are about trade-offs. When faced with a decision about whether to share some private information, consumers are taught to weigh the potential benefits and drawbacks and make their decisions based on how much risk they’re willing to accept. But how are we supposed to make those choices when we don’t know that we’re even sharing the information? In its complaint, the FTC says that VIZIO didn’t properly notify buyers about the ACR software and the data that it was collecting and selling to third parties.

“Consumers that purchased new VIZIO televisions beginning in August 2014, with ACR tracking preinstalled and enabled by default, received no onscreen notice of the collection of viewing data,” the complaint says.

Making an informed decision is exceedingly difficult when there’s no information available. Most consumers have no idea how much information the devices and appliances they own are collecting about them. Even people involved in the technology world sometimes are surprised to learn how many of their appliances and vehicles and devices are phoning home to dump gigabytes of data on their daily habits and usage. It’s an ugly fact of modern life, but in most case, consumers have the opportunity to disable or minimize this data collection and sharing.

However, if there’s no clear notice of the collection and no description of what’s going to be done with the data after the fact, the scales are tipped against consumers in a big way. The future is here and it’s just as scary as we’ve been led to believe it would be.

Dennis Fisher

Dennis Fisher

Dennis Fisher is editor-in-chief at Duo Security. He is an award-winning technology journalist who has specialized in covering information security and privacy for the last 15 years. Prior to joining Duo, he was one of the founding editors of On the Wire, Threatpost and previously covered security for TechTarget and eWeek.