Senator wants feds to follow up on spying toys

Photo source: myfriendcayla.com

FTC has taken no visible action since a December complaint

It's been five months since a privacy group filed a complaint with the Federal Trade Commission (FTC) about toys that allegedly spy on children, but there's been a notable lack of action since then, and now Sen. Mark Warner (D-Va.) wants to know why.

Warner has sent a letter to Acting FTC Chairwoman Maureen Ohlhausen asking her whether the commission has "taken any action with respect to 'My Friend Cayla' or other products manufactured by Genesis Toys."

"I worry that protections for children are not keeping pace with consumer and technology trends shaping the market for these products," Warner said in the letter. He noted that the Electronic Privacy Information Center (EPIC) filed a complaint with the FTC last December alleging that the toys My Friend Cayla and i-Que Intelligent Robot violate federal privacy laws.

Warner noted that in February 2017, Germany’s equivalent of the FTC pulled “My Friend Cayla” off the market due to concerns over the doll’s surveillance capabilities.

"A message you can hug"

“Recent events have illustrated that in addition to security concerns with the devices themselves, new data-intensive functionalities of these devices necessitate attention to the manner in which vendors transmit and store user data collected by these devices,” Sen. Warner wrote in his letter to Ohlhausen. “Reports of your statements casting these risks as merely speculative – and dismissing consumer harms that don’t pose ‘monetary injury or unwarranted health and safety risks’ – only deepen my concerns.”

According to multiple media reports, CloudPets, a product line manufactured by Spiral Toys and marketed as ‘a message you can hug,’ stored customers’ personal data in an insecure, public-facing online database. CloudPets reportedly exposed over 800,000 customer credentials and more than two million voice recordings sent between parents and children.

Subsequent reports have raised questions about security at the device level, with individuals able to hack CloudPets’ toys and remotely control the devices, including the microphone, if they are within Bluetooth range.

"We all know that many of these so-called ‘smart’ devices aren’t so smart at protecting the safety and security of our kids,” said James P. Steyer, Founder and CEO of Common Sense Media. “Children's toys with weak security can put not just kids' personal information at risk, but imperil even their innermost thoughts."

Take a Home Warranty Quiz. Get matched with an Authorized Partner.