Throughout the semester I have been researching smart toys. Security expert and privacy advocate Patrick Hung defines smart toys as a device consisting of a physical toy component that connects to one or more toy computing services to facilitate gameplay in the Cloud through networking and sensory technologies to enhance the functionality of a traditional toy. As the use of smart toys becomes more widespread a number a security vulnerabilities have come to light. In recent years there have been my notable smart toy security breaches with millions of private accounts compromised exposing address photos and voice recordings of children. As part of my research into this topic of have been looking at the different stakeholders involved trying to determine whose responsibility it is to protect the kids using smart toys. This week I have been looking into some the government has been taking to make smart toys safer.
In 1998 the federal trade commission which works for the consumer to prevent fraudulent, deceptive, and unfair practices in the marketplace and provides information to businesses to help them comply with the law, enacted COPPA the Children’s Online Privacy Protection Act. COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. COPPA recommends such practices as data minimization, reasonable data security, limits on data retention, and parental rights of review and data deletion. However COPPA was created the smart toy boom and only now are manufactures and legislatures begging implement security guidelines and best practices for smart toys. Prior to many of the large security breaches in the smart toy and IOT world the security vulnerabilities were not widely known by legislators and manufacturers, they were not aware of how serious the security issues were and what need to be done to mitigate them, many toys were released that are not following the same security practices as the toys being manufactured today. It was not until recent large scale DDOS attacks made possible by insecure IOT devices, that manufacturers and legislators began to look at IOT devices including smart toys more closely. Groups such as the Future of Privacy Forum gather security experts and privacy advocates to examine the what can be to secure new old smart toys in order to better protect kids. The groups are developing best practices and recommendations for toy manufacturers and parents. Security experts say that there’s no one-size-fits-all checklist to guarantee the security of connected devices. What’s reasonable will depend on a number of variables, including the kind and amount of information that’s collected, the type of functionality involved, and the potential security risks. In my opinion legislators have began the proper steps to help increase smart toy security, but I think there are still many issues millions of toys already in the marketplace.