“My Friend Cayla” isn’t just a cheerful-faced toy that converses with children. Data security experts say the blond-haired “smart” doll presents an inviting target for hackers. Last month, German authorities advised parents to destroy Caylas in their home.
Cayla has a lot of company, though. With everything from home-security cameras to the Amazon Echo voice-controlled speaker linked to the web, critics say consumers are at risk of invasions of privacy and hacking. Thousands of hacked devices participated in last October’s Internet attack that deprived access to Twitter, SoundCloud and other sites.
Newly amended California legislation would require manufacturers to better secure products sold in the state, as well as require buyers’ consent before collecting any personal information. Senate Bill 327 also would require manufacturers to notify customers about security patches and other updates.
“Internet connected devices have gone so far beyond desktop computers,” state Sen. Hannah-Beth Jackson, D-Santa Barbara, the measure’s author, said Tuesday. “Consumers are not well-informed about how these devices use the Internet, what kind of information they collect, and where this information goes.”
Jackson called her bill the first of its kind on the issue, and expects it will initially be heard in the Senate Judiciary Committee, which she chairs. She expects companies that make the products “are not going to be real happy with this.”
“This technology is so far beyond what we understand. They’re getting away with these privacy violations now,” she said, adding, “I’m happy to sit at the table with them.”
The California Manufacturers and Technology Association has not taken a position on the bill. Other electronics industry trade groups were not immediately available for comment.