Privacy advocates ask regulators to take a closer look at gadgets that are ‘always on’

WASHINGTON — It’s fun to dream about living in a house with something like the “Star Trek” computer — a frictionless piece of software that can answer whatever question pops into your head and out of your mouth. And we’re getting closer to that futuristic vision with gadgets such as Microsoft’s Kinect controller, Amazon’s Echo assistant or smart-televisions from Samsung and others.

The flip side to that? If your device is always ready to hear your commands, does that mean it’s always listening, too?

The Electronic Privacy Information Center (EPIC) would like regulators to delve deeper into the privacy implications of devices, such as those with voice-controls that are “always on.” The group posted a letter Friday to the Federal Trade Commission and the Justice Department asking for an investigation always-on technologies present in devices from Microsoft, Google, Amazon and others.

The group said that the average person probably isn’t thinking about the privacy implications of these kinds of systems when they buy these devices. “It is unreasonable to expect consumers to monitor their every word in front of their home electronics,” the letter says. “It is also genuinely creepy.”

EPIC also pointed to cameras made by Canary Connect as well as the home appliance firm Nest — which Google bought last year — which makes security cameras that store audio and video when triggered by an “unusual noise.”

Companies have addressed some questions about just how closely their gadgets are listening in the past, often pointing to the fact that while the systems are always at the ready, they only really engage when consumers trigger them by saying a certain phrase. (Or making a certain gesture, in the case of motion-controlled devices.)

But as EPIC points out in its letter, those designs don’t always work as planned. It pointed to recent reports that developers believe Google Chromium — an open-source version of Google’s Chrome browser — appeared to be recording without their knowledge. (In a statement to the Guardian, Google said there is a voice-control feature in the browser, but users must opt-in to use it.) The group also noted that many companies don’t offer much information about how their products are able to distinguish between their trigger words and other noises — giving consumers little information on how these products avoiding accidental recordings.

EPIC also asked regulators to organize a workshop that looks specifically at always-on devices to ask more probing questions about how data are collected and stored, as well as whether consumers fully understand what’s being collected.

The Federal Trade Commission has looked at a number of these issues in the past, as part of a broader look into the privacy of the “Internet of Things” — a catch-all term for Internet-connected devices ranging from smartwatches to smart water meters.

FTC Chairwoman Edith Ramirez has spoken publicly about the need to examine the privacy implications of “ubiquitous data collection,” and the agency has convened workshops to examine the issue and issued some guidelines for companies making smart devices. The FTC also brought a case in 2013 against TRENDnet, a company that makes networking equipment, for allegedly making insecure child monitoring products that left consumers open to hacking.

An FTC spokesman declined to comment on whether the commission would take up this latest call, saying, “FTC investigations are non-public and we do not comment on an investigation or the existence of an investigation.”