Tag Archives: request

Hello Barbie And Security Not The Perfect Couple, Claims Lawsuit

Hello Barbie says, “Privacy breach” to plaintiffs in a lawsuit that’s testing the boundaries of security in the Internet of Things age. Mattel ( MAT ), the maker of the interactive doll, is among those being sued on grounds that the doll picks up and records the voices of the children who play with the doll, voices that it uploads and stores without parental consent. The unusual case was filed in December in Los Angeles County Superior Court. Other defendants include San Francisco-based ToyTalk, which partnered with Mattel to produce the doll; and Los Angeles-based Samet Privacy, which does business as the kidSAFE Seal Program that lists, reviews and certifies interactive and online products as compliant with the federal Children’s Online Privacy Protection Act, or COPPA. “The problem is parents and children don’t really know that ToyTalk is going to use their child’s conversation for data mining and other purposes not fully disclosed,” said Steve Teppler of the Abbott Law Group in Jacksonville, Fla. “They say they’ll protect the child of the purchasing parent’s identity, but what about friends’ children?” Abbott Law Group represents the plaintiffs in the case: Ashley Archer-Hayes of Vista, Calif., who bought the doll, and her minor child; and Charity Johnson of Chula Vista, Calif., and her minor child “on behalf of all others similarly situated,” states the suit. The children of Johnson and Archer-Hayes are friends, and they played with Hello Barbie at a Barbie-themed birthday party late last year, the suit says. The suit is one of many dealing with the untapped online frontier that is the Internet of Things, referring to products used in everyday life that are increasingly connected with the Internet and that store information online. These products range from cars to home security systems. On its website, kidSAFE describes Hello Barbie as “the first fashion doll that can have a two-way conversation with girls. The doll features speech recognition and progressive learning features that enable girls to engage with Barbie like never before. Hello Barbie features more than 8,000 lines of dialogue, inspires imagination and storytelling, plays more than 20 interactive games, and tells jokes.” Although Hello Barbie must be registered to activate, and the registration process includes information relating to privacy, plaintiffs argue that Hello Barbie will pick up voices of a child’s friends, and those voices will be uploaded and stored without parental knowledge, let alone consent. Could Hello Barbie Owners Erase The Data? Interactive toys like Hello Barbie are expected to proliferate. How can parents stay informed about the privacy policies of each toy? “That’s the problem,” Teppler said. “What are your choices? You could make the doll only perform with the registered user, but that’s not the way the toy is designed. To comply with COPPA, you’d have to have a waiver for the user of the child’s voice. We don’t know what ToyTalk’s affiliates do with this information.” Teppler raised the possibility that information stored on ToyTalk computers could become discoverable in litigation, for example, if kids start talking about their parents’ activities. “It’s an interesting evidentiary issue,” said Teppler. “The terms of service say the purchasing parents can access the recordings for two years, but can they get them erased? You could deactivate your account, but they would still have the recordings.” Mattel would not make someone available for an interview, but spokesman Alex Clark said in an email, “While we do not comment on pending litigation, I can tell you Mattel is committed to ensuring every product we make meets or exceeds all applicable laws and regulations. In addition, we are confident in the robust data security technology used in our Hello Barbie product.” For its part, kidSAFE has rated Hello Barbie as “COPPA certified.” Ben Warlick, an attorney with Morris, Manning and Martin in Atlanta, says that plaintiffs have an uphill battle to recovery because Mattel and other defendants don’t control how a child uses the toy. “Plaintiffs pointed out suggestions for what Mattel could have done, including notifying parents that the toy should not be used outside the presence of other nonregistered children,” Warlick said. “But I do not think it’s a realistic argument to tell a child not to play with a toy around other kids; that’s hard to do.” Warlick, who co-chairs his firm’s Internet of Things practice group, says that the Hello Barbie case is likely just one of the first of many that will test the bounds of privacy protection in the Internet of Things age. “We started the new practice group because we’re finding that universal notions of privacy and security don’t necessarily translate to the Internet of Things,” he said. Warlick says that an argument can be made that interactive devices should have higher security and encryption features, “but many little battery-powered devices like weather or pet monitors may not have the processing power to run encryption or robust security measures.” Similar suits have been filed against ADP home security systems and Vizio smart TV sets. “It’s a real issue for product developers in this area,” Warlick said, “about what is the right level of security and encryption for these devices.”

Cisco Targets Cybersecurity For Productivity, Not Just Defense

Cisco Systems ( CSCO ) wants organizational leaders to understand that improving their competitive advantage, not just responding to fear, should inspire their cybersecurity strategy. Fearful tales, however, are hard to ignore. One recent example: Virtually all IT systems of the largest civilian hospital chain in the nation’s capital, including the MedConnect electronic health records system installed by Cerner ( CERN ), were shut down to prevent the spread of a computer virus in late March. Baltimore-based MedStar Health on March 30 called it a “despicable attack.” The disruption affected thousands of employees and many more patients, and restoration of the systems took days. “Within 48 hours of the malware penetration,” the three main clinical systems were “moving to full restoration,” said MedStar. A Cerner spokeswoman told IBD: “We continue to work closely with our client (MedStar) as the broader IT framework is brought back online.” But a week later, MedStar was still working on it: “Our partner Symantec ( SYMC ) … has been on the ground from the start of the situation and has been conducting a thorough forensic analysis,” MedStar said in an update last week, acknowledging it “has worked closely with the FBI throughout this situation.” The company again assured “that we have no evidence of any compromise of patient or associate data.” The Baltimore Sun reported the hospital’s hackers demanded ransom be paid in Bitcoin to unlock the hospital’s maliciously encrypted data. What a pain. What a danger. What a motivation for every organization to get its cybersecurity in order, as if another example were needed. “We’re very familiar with it,” James Mobley, a Cisco security services vice president, told IBD in an interview last week, acknowledging MedStar is a Cisco client. Cisco: Security-Led Firms More Prepared For Cloud, IoT Cisco, the No. 1 maker of computer networking gear and with a growing business in security, plans early next month to release a security survey of business executives. The company says productivity, growth and competitive advantage ought to be motivating cybersecurity decisions, not just fear. Its report, originally set for release early Tuesday, is titled “Nearly One-Third of Businesses View Cybersecurity Primarily as a Growth Enabler.” Silicon Valley-based Cisco, which briefed IBD and other media on the report, found that only a bit more than 30% of 1,014 corporate directors, vice presidents and C-level executives surveyed online “view cybersecurity primarily as an enabler of growth tied to digitization. “Security-led digitizers feel more prepared than others to address cybersecurity challenges in three key digital technology areas: analytics, Internet of Things and cloud computing,” Cisco said. “As a result, these organizations are far more confident about incorporating digital technologies into their business processes and offerings. “In fact, 44% of executives surveyed consider cybersecurity to be a competitive advantage for their organizations.” Cisco said cybersecurity will drive about $7.6 trillion of digital value over the next decade, with $5.8 trillion resulting from “cybersecurity’s enablement of digital use cases that instigate innovation and growth.” Is this marketing pablum or a legitimate call to action? Cisco has been under pressure to grow as fast as some of the smaller networking and software security firms with which it competes or partners. In its fiscal 2015 ended July 25, Cisco’s overall revenue rose only 4% to $49.16 billion, but its security services sales alone grew 12% to $1.75 billion. Medical IT leader Cerner grew 2015 revenue 30% to $4.42 billion, in part by selling P2Sentinnel and P2Sentinel Security as a Service (P2SaaS) products as a “security, auditing and compliance solution for tracking end-user access to confidential patient data in Mellennium, as well as other non-Cerner clinical solutions and infrastructure systems.” Palo Alto Networks ( PANW ), which specializes in security software, grew sales 55% last year. Rival Check Point Software ( CHKP ) saw revenue rise 9%. Symantec, MedStar’s prime cybersecurity contractor, reported pro forma revenue fell 6.3% year over year for its fiscal Q3 ended Jan. 1, adjusting for the sale of its Veritas business. Cisco’s survey data could serve as grist for its hungry marketing-sales machine, but it also provides a heads-up to companies that there’s more to cybersecurity than preventing hacker disruption. When a company is confident it can prevent disruption, this enables minds to focus on everything else. “It’s critically important that we stop thinking about security as a defense-centric approach that is sold by fear, uncertainty and doubt,” Mike Dahn, head of data security for payments firm Square ( SQ ), said in Cisco’s survey results press release. “We need to start thinking about security as an enablement of innovation that actually helps the business go forward.” Cisco stock touched a nearly one-year low of 22.46 in early February, but it has been on an upswing recently. Cisco closed Monday at 27.62, down a fraction. In the meantime, cybersecurity continues to be top of mind. By executive order, the U.S. Commerce Department will host its first Commission on Enhancing National Cybersecurity meeting on Thursday in Washington, D.C.

Dell Beats HP In U.S. PC Shipments For First Time In Over 6 Years

Dell retook the U.S. personal computer shipment lead for the first time in over six years in Q1 as former No. 1 HP Inc. ( HPQ ) stumbled, market research firms Gartner and IDC reported late Monday. HP had been the top PC vendor in the U.S. for 25 consecutive quarters, IDC said. Dell shipped 3.48 million PCs in the U.S. in Q1, giving it a 25.6% market share, while HP shipped 3.44 million units for a 25.3% market share, IDC said. It was Dell’s first No. 1 ranking in the U.S. since the third quarter of 2009, IDC said. Dell increased its domestic PC unit shipments by 4.2% year over year in the first quarter, while HP’s U.S. shipments declined 14.1%, IDC said. Overall PC shipments in the U.S. fell 5.8% in Q1, IDC said. No. 3 vendor Lenovo increased its shipments by 21.1% to 1.92 million units, giving it a 14.1% market share. No. 4 vendor Apple ( AAPL ) grew its shipments by 5.6% to 1.76 million units, giving it a 13% market share. Gartner ( IT ), which measures the PC market differently from IDC, said Dell was No. 1 in the U.S. in Q1 with a 26.3% market share, followed by HP with 23.7%. On a worldwide basis, PC shipments fell 11.5% to 60.6 million units in the first quarter, IDC said. Gartner put the decline at 9.6%. Gartner said it was the sixth consecutive quarter of global PC shipment declines. Consumer PC sales remain weak, hurt in part by free upgrades to Microsoft ’s ( MSFT ) Windows 10 operating system. Enterprise customers are still mostly testing Windows 10, but adoption by businesses is expected to start in earnest later this year. Lenovo was the top PC vendor worldwide with a 20.1% market share in Q1, IDC said. HP was in second place with a 19.2% market share, followed by Dell (14.9%), Apple (7.4%) and Asus (7.2%), IDC said.