Washington, D.C. (May 4, 2017) — Svakom, a designer and distributor of intimate products, has responded seriously, though incompletely, to a complaint Access Now filed with the Federal Trade Commission (“FTC”) concerning one of its products. The product, called the Siime Eye, is an internet-enabled sex toy equipped with a camera. Research had shown that the product had been shipped with serious inherent vulnerabilities that left users’ most personal information and intimate moments insecure. Access Now had alleged to the FTC that this was an unfair and deceptive trade practice.
From Access Now’s complaint (PDF):
“Due to the extreme nature of the privacy violation at risk due to Svakom’s grossly inadequate security practices Access Now respectfully requests the Federal Trade Commission to conduct an investigation pursuant to its legislative and regulatory authorities.”
Svakom’s response is a good initial step toward recognizing the serious threats to users of insecure devices. For example, they indicated they are launching a new app and are considering a full recall of the product. However, they do not provide enough information about the steps they claim to be taking to evaluate their full impact on user security. It is of vital importance that security be central to any distribution of this type of product.
All companies dealing with user data need to understand digital security and provide adequate transparency and protections for any personal data that is collected, but companies that deal directly with the most private moments of our lives should take these issues exceptionally seriously. Access Now believes that reasonable digital security is crucial to the free exercise of human rights.
The following can be attributed to Access Now U.S. Policy Manager Amie Stepanovich:
“While so-called ‘internet of things’ manufacturers may have less experience with digital security, it is nonetheless important to protect user data and they cannot be excused for neglecting users and their personal information. We’re glad that our complaint was able to provoke additional actions from Svakom and hope that other companies will think twice before bringing insecure products to market. While no product or service may ever have perfect security, it is incumbent upon providers to know and show their respect for human rights, including the right to privacy, of all people whose data they collect.”
You can read the entire corporate response here (PDF). Our response is available here (PDF).