“I think there’s a chronic problem with consumer electronics that they don’t give people the full picture they need to evaluate whether they want to use these devices,” said Cindy Cohn, executive director of the privacy rights organization Electronic Frontier Foundation.
Last week, the CES show floor buzzed with thousands of companies making health wearables, smart TVs, autonomous vehicles and other gadgets based on data from our bodies or homes. Many present themselves as the next big thing – but almost none directly discuss how they treat customer data once it’s collected, or their approach to safety and security.
“There’s no theme to CES this year other than throwing things at the wall and seeing what sticks,” Kyle Wiens said on a YouTube live stream. Wiens is the CEO of iFixit, which advocates for consumers’ right to repair their devices. “When that happens, there are negative externalities for our society.”
Cohn and representatives from iFixit, Consumer Reports and other consumer advocacy groups rounded out the CES “Worst in Show,” highlighting which products could have the most negative impact on privacy, consumer choice and the environment. They include some of this year’s top picks, such as the U-Scan urine sensor from the connected healthcare company Withings, which analyzes hormone levels in urine and is set to launch in the US. Hormonal changes could potentially be evidence of a crime after the Supreme Court struck down abortion rights in June and banned abortion in some states. Withings said it retains this data indefinitely and will “comply with all legal requirements in the areas where it operates” if subpoenaed by law enforcement. It said it would not otherwise share the information with third parties.
Cohn noted that the media typically don’t ask tough questions about security at CES, and companies don’t volunteer information.
“Even only one company mentioned [privacy or safety]and ironically, it was a sexting app,” Leanna Miller said on the show floor. Miller said she works for a small company that makes reusable writing tablets and comes to CES to review all the new products. The company she’s referring to is Blyynd was, an adult network that claims to use encryption to promote safe sex.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), said in an interview on the sidelines of CES that, with few exceptions, tech companies focus on security issues when problems arise rather than spending more time testing products and building secure features.
These companies’ incentives are “really focused on price, capability, performance and speed to market, rather than core security,” he said.
Along with CrowdStrike CEO George Kurtz, Easterly’s CES address focused on the rapidly growing cost and threat of cybercrime, often based on products shipped in a hurry. It was the first time a cybersecurity official of Easterly’s rank had appeared on the show.
“When we think about the world we live in, we can’t accept that in ten years [cyber risks] it will be the same or worse,” he said.
That could depend on consumers demanding more secure products or the government regulating software, though Easterly noted he doesn’t support “heavy-handed” regulation. Regulation could take the form of stricter privacy protections or clearer communication with consumers about the risks posed by the product. The White House has supported the idea of nutrition label-style “software documentation” that tells buyers what software components a product contains.
For example, last week the European Union fined Meta $414 million for hiding information about its targeted advertising business in its terms of service instead of obtaining meaningful consent from its users and giving them the opportunity to opt out. Meta said it intends to appeal the decision and fines. Risky technology such as facial recognition is also under investigation in the EU
Meanwhile, at CES, companies introducing facial recognition technology hit the show floor. Claiming to keep kids busy, the Disney-backed Miko robot is equipped with facial recognition and uses its camera to analyze children’s moods and map elements of your home. Its CEO said that all facial recognition data is stored on the device, not in the cloud.
Then there are camera-powered smart home devices — like the Landroid Vision, an autonomous mower that roams your yard. Its maker, WORX, said all images taken by the mower are anonymized and any faces or house numbers are blurred before the images are sent to the company’s cloud storage. Its privacy policy leaves room for advertising to share information.
Companies could choose to make useful, proprietary, repairable products, iFixit’s Wiens said during the announcement of the worst show, but what’s the real purpose of a $200 travel mug with location-sharing capabilities and an irreplaceable battery?
“We already have thermoses,” he said. “They are incredibly successful. They have been around for a long time.”
Jamie Kaplan, vice president of communications for CES-Consumer Technology Association (CTA), said the show promotes innovation, entrepreneurship and economic growth. This year, CTA hosted 3,200 exhibitors.
“CES requires exhibitors to comply with US laws that favor innovation and are aimed at limiting bad behavior rather than banning new and innovative products,” he said.