On Valentine’s Day, toy maker Mattel introduced its Wi-Fi, microphone-sporting, speech-recognising, interactive Barbie doll.
“What could possibly go wrong?” we asked.
The Register also wondered what hijinx an internet-enabled doll might get into.
In fact, the publication took a deep dive into the news and wound up finding privacy concerns.
For one thing, it discovered that recordings of children’s voices are stored on remote computers so ToyTalk – the startup that developed the so-called “Hello Barbie” doll along with Mattel – can improve its voice-recognition engine.
Now, a privacy group, Campaign for a Commercial-Free Childhood (CCFC), has started a petition against Hello Barbie, citing The Register’s coverage.
As of Thursday evening, the petition had garnered 3297 signatures from those calling on Mattel to stop its “eavesdropping” doll.
The rationale:
Kids using "Hello Barbie"' won't only be talking to a doll, they'll be talking directly to a toy conglomerate whose only interest in them is financial. It's creepy - and creates a host of dangers for children and families.
Children naturally reveal a lot about themselves when they play. In Mattel's demo, Barbie asks many questions that encourage kids to share information about their interests, their families, and more - information advertisers can use to market unfairly to children.
Hello Barbie wakes up when you press a button on her belt buckle. The doll asks a question and turns on its microphone while the switch is held down.
ToyTalk CEO Oren Jacob says the child’s replies are recorded, encoded, encrypted and sent to the company’s servers, where they’re processed by voice-recognition software.
After ToyTalk’s systems puzzle out what was said, it then selects one of its scripts to read back. It could be a joke or something else a chatty friend might say.
Parents can sign up for weekly or daily emails in which Barbie spills the beans on what’s been said to her by a given tot.
While ToyTalk’s privacy policy isn’t clear on how long the recordings are stored, Jacob stressed to The Register that none of the recordings are used to play advertisements to children.
The Register is a bit bemused by all the kerfuffle.
Advertising at children is not the concern raised by the news outlet, writes Iain Thomson:
Although the group cites our story, the activists may want to read it again. Mattel's servers don't hold the conversations Hello Barbie records, ToyTalk does, and the startup has stated explicitly that the audio will never be used for advertising purposes.
What ToyTalk is really after is to enhance its voice recognition. That’s particularly desirable, given that kids use completely separate voice cadences, sentence structures and verbiage, making their voices a far less charted territory than adult voices.
What’s really at issue, he writes, is security and privacy.
After all, as one infosec commentator pointed out, all it takes is one renegade in the toy factory to blow a hole in kids’ opsec:
All it would take is a "rogue" employee and your child's interactions with Barbie are now the whole internet's business.
Backstagecrew
At least they encode and encrypt the data before they send it, unlike Samsung TVs
Ron Cook
They “say” the data are encrypted. “encoded” means little: OGG, WMA, WAV, etc. are just audio files. The encryption, if it is performed at all, would be the important step. One can add a password to a ZIP file and call it “encrypted”.
Will the first teardown be from Tom’s Hardware or a similar group?
Tom
Sure, “no problem here, just move along.” How could the IoT ever be a problem? TV’s that listen, gaming systems that listen, baby monitors, “all your data is safe, so just don’t worry.” What about the things we aren’t even aware of? Want to have a private conversation, go to a wilderness area and hope that some satellite isn’t watching. It’s like the movie The Conversation on steroids.
Mark
People ask what’s the big deal, but you know all of that data will be mined and sold. If not now, then in a couple of years when everyone has moved on and the TOS are quietly changed. It is pretty hard to stay vigilant on what multinational corporations are doing with the secret data they have already obtained, much easier to prevent them from getting data on your children in the first place.
Laurence Marks
“Now, a privacy group, Campaign for a Commercial-Free Childhood (CCFC), has started a petition against Hello Barbie, citing The Register’s coverage.”
Is their president named Ned Ludd?
Reader
Is this device able to record all conversations in a house when someone (e.g., a child) activates it?
I thank my lucky stars I was young before the internet went public and household goods became spying devices.
Grey
What happens when one of those trusting toddlers tell their best friend and Confident Barbie something like, “Please make daddy stop hurting me.”?
And the parents have signed up for email transcripts of everything said?
Or even if not, an employee at ToyTalk hears it. Would they be under obligation to report it? Would it be bad for business and thus, ignored?
The Flying Dutchman
> the startup has stated explicitly that the audio will never be used for advertising purposes.
Um, yeah. Until they sell out (as startups do) and get bought up by, say, Google. You know what happens next.
trevor999
“After ToyTalk’s systems puzzle out what was said, it then selects one of its scripts to read back. It could be a joke or something else a chatty friend might say.”
I wonder what it responds with if the child says “Mommy hits me” or Daddy touches me”? A joke?
It’s just creepy.