The worst products at CES for safety and privacy




Comment

LAS VEGAS — American shoppers, regulators and companies face a problem: Tech products often hit the market with giant safety and privacy flaws.

At the same time, CES, a giant annual consumer electronics exhibition in Las Vegas, brings a flood of new gadgets. It might be pouring gas on a fire, privacy and security experts say.

“I think there is a chronic problem with consumer electronics, that they are not giving people the full picture that they need to evaluate whether they want to use these tools,” said Cindy Cohn, executive director of the privacy rights organization Electronic Frontier Foundation.

This week, the CES show floor buzzed with thousands of companies slinging health wearables, smart TVs, autonomous vehicles and other gadgets that rely on data from our bodies or homes. Many pitch themselves as the next great thing — but almost none directly address how they treat customer’s data after it’s collected or their approach to safety and security.

The best (and strangest) tech we found at CES 2023

“CES doesn’t seem to have a theme this year other than throwing everything at a wall and seeing what sticks,” said Kyle Wiens in a YouTube live stream. Wiens is CEO of iFixit, which advocates for consumers’ right to repair their devices. “There are negative externalities to our society when that happens.”

Cohn and representatives from iFixit, Consumer Reports and other consumer advocacy groups rounded up a CES “Worst in Show,” calling out which products could have the greatest negative impact on privacy, consumer choice and the environment. They included some of this year’s breakout favorites, such as the U-Scan urine sensor from connected health care company Withings, which analyzes hormone levels in urine and is gearing up for U.S. launch. After the Supreme Court overturned the right to an abortion in June and some states banned abortion, hormonal changes could potentially become evidence of a crime. Withings said it stores that data indefinitely and, if subpoenaed by law enforcement, would “comply with all legal requirements in the territories in which it operates.” It said it doesn’t otherwise share data with third parties.

Media tend not to ask tough questions on safety at CES, and companies tend not to volunteer the information, Cohn noted.

“Literally only one company even mentioned [privacy or safety], and ironically, it was a sexting app,” said Leanna Miller on the show floor. Miller said she works for a small company that makes reusable writing tablets and came to CES to browse all the new products. The company she referenced was Blyynd, an adult network that claims to use encryption to promote safe sexting.

With few exceptions, tech companies address safety when problems arise rather than taking more time to test products and build in safe features, said Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly, in an interview on the sidelines of CES.

These companies’ incentives are “really focused on cost, capability, performance and speed to market, and not on basic safety,” she said.

Easterly’s CES address alongside CrowdStrike CEO George Kurtz focused on the rapidly rising cost and danger of cybercrime, which often relies on hastily shipped products, they said. It was the first time a cybersecurity official of Easterly’s rank has spoken at the show.

Buggy software in off-brand smart home devices is a hacker’s playground

“As we think about the world we’re living in, we cannot accept that in ten years [cyber risks] are going to be the same or worse,” she said during the talk.

That may depend on consumers demanding safer products or the government regulating software, though Easterly noted she doesn’t support “burdensome” regulation. Regulation could come in the form of stricter privacy safeguards or clearer communication with consumers about the risks a product poses. The White House has backed the idea of a nutrition-label-style “software bill of materials” telling buyers which software components a product contains.

Just this week, for instance, the European Union fined Meta $414 million for burying information about its targeted advertising business in its terms of service rather than obtaining its users’ meaningful consent and giving them an option to decline. Meta has said it intends to appeal the ruling and the fines. Risky technology such as facial recognition is also the subject of scrutiny in the EU.

Meanwhile at CES, companies touting facial recognition technology spatter the show floor. Miko, a Disney-backed robot that claims to keep kids engaged, comes equipped with facial recognition and uses its camera to analyze children’s moods and map elements of your home, its website says. Its CEO said all facial recognition data is stored on the device and not the cloud.

Then there’s the camera-enabled smart home devices — such as the autonomous mower Landroid Vision that navigates its way around your yard. Its maker, WORX, said all images the mower captures are anonymized and any faces or house numbers are blurred before the images are sent to the company’s cloud storage. Its privacy policy leaves room to share data for advertising.

Companies could choose to make useful, private, repairable products, said iFixit’s Wiens during the Worst in Show announcement, but what is the real purpose of a $200 travel mug with location-sharing capabilities and an irreplaceable battery?

“We already have thermoses,” he said. “They’re phenomenally successful. They’ve been around for a very long time.”

Jamie Kaplan, vice president of communications at CES-producer Consumer Technology Association (CTA), said the show has encouraged innovation, entrepreneurship and economic growth. This year, CTA hosted 3,200 exhibitors.

“CES requires exhibits to comply with U.S. law, which favors innovation and focuses on restricting bad behavior rather than banning new and innovative products,” she said in a statement.