A company called VTech based in Hong Kong makes smart
toys for kids. One of their tablet
products can connect to a parent's smartphone with a service called KidConnect,
allowing children to send photos and text messages to their parents. Sounds all nice and family-friendly,
yes? Well, in November the website
Motherboard revealed that a hacker had managed to get into VTech's servers and
download thousands of private photos, messages, passwords, and other
identifying information that KidConnect users had sent and received. This has understandably upset digital
media commentator Dan Gillmor, who swears in a recent Slate article that not
only he will never buy any Internet-enabled toys for children, he doesn't think
anybody else should, either.
Reportedly, VTech has shut down the KidConnect service until they can do
something about security. But this
incident brings up a wider question:
what dangers does the Internet of Things pose for children?
In case you've been living in a cave somewhere, the
Internet of Things (IoT, for short) is the idea that in the very near future—by
some measures, right now—internet connections, sensors, and the hardware and
software needed to use them will be so cheap and ubiquitous that lots of
everyday items will be connected to the Internet, sending and receiving data
that will make great changes in our lives. The promoters of IoT naturally hope that these changes will
be for the better, and can point to examples that have done that.
This matter gets close to home for me personally,
because for the last several years I have supervised electrical engineering
senior design teams at my university, and several of the past and current teams
have worked on projects that are IoT-related. About four years ago, one team's project was a
communications system designed to monitor electric-power consumption in the
home, at a finer-grain level than just what the electric meter could sense
about overall power consumption.
The idea was that if consumers have a detailed profile of their
electricity usage, they can make more intelligent choices about what to turn on
when. Maybe doing the laundry late
at night instead of right when you get home in the afternoon will put usage
into a more favorable rate period, for example.
As I was discussing the project with the team, it
occurred to me that this information could be used for nefarious purposes. You can tell a lot about a person if
you have the kind of usage information the team was planning to measure:
whether the user is home, for instance, and even what appliances are used and
how often. So I brought up this ethical
issue with the team and made sure that they mentioned it in their final
report.
Since then, companies such as Freescale Semiconductor
have jumped into IoT-related products and devices in a big way. (Full disclosure: Freescale has donated equipment and
funds to the Ingram School of Engineering, where I work.) From all I can tell, the Internet of
Things is going to happen one way or another, and it behooves both engineers
and the general public to give some thought to any possible downsides before
something really bad happens.
Returning to the question of children and IoT, we are
in a peculiar position these days.
Many children and young adults are vastly more tech-savvy than their
parents, and this makes it hard for the parents to institute meaningful
controls on what kids do online.
In the bad old days when the list of dangerous things in the home was
mainly physical—guns, knives, poison, screwdrivers near electric outlets—it was
a fairly simple matter for parents to keep toddlers out of harm's way. But in the case of some toy that hooks
up to your WiFi network, odds are that the parents are as clueless as the
children regarding the privacy and security measures taken by the device's
maker. VTech itself didn't know
how vulnerable its servers were until some enterprising hacker cracked into them
and notified the media.
Despite living with the Internet for close to thirty
years now, we still have some things to learn about it, among which are new
ways of using it that are potentially hazardous. And children are an especially vulnerable population, as
everyone agrees. It's shortsighted
to think of children always as the innocent parties in these matters too. Some kids can be downright wicked,
bullying others mercilessly.
Before we got so interconnected, a bully's sphere of influence was
limited to the radius reachable by his fists, but hand a bully a smartphone
with some sort of anonymous chatting app on it, and it's like putting wings on
a wildcat. His bullying sphere has
instantly widened to include the entire globe, limited only by language ability
and time. And we have already seen
instances in which Internet bullying has driven some vulnerable individuals to
suicide.
Nobody is calling for a wholesale ban on
Internet-enabled toys or anything like that. But as I have often emphasized to my students in discussions
of engineering ethics, many ethical lapses in the area of engineering can be
traced to a lack of imagination.
When you are dealing with a physical structure like a bridge, it's
relatively easy to calculate the maximum loads and find out how strong each
member has to be for the bridge not to fall down. But in any system that is intimately bound up with the
behavior of people—especially millions of people at a time—your imagination has
to anticipate the character and intentions of persons perhaps very different
from you, who will twist your system around to serve their possibly sinister
purposes.
That is why privacy and security concerns need to be
considered at the very beginning of any project that involves the Internet, and
especially when a product is intended to be used by children. VTech clearly did an inadequate job in
this area, but they can serve as a bad example to warn future designers and
users of IoT-enabled gizmos. The
craft of lockmaking is nearly as old as the craft of housebuilding, and for a
good reason. There are bad actors
out there, and any time we open up a channel of communication involving a
private citizen or residence, it needs to be guarded with the same care that we
would extend to our own physical possessions. Beyond mere technical ability, doing that well requires
moral imagination, which should be in the toolkit of every good designer.
No comments:
Post a Comment