Protect Your Data: Smart TV Spying, the Devil’s Advocate Version

Yay, I got a new Smart TV!

Over the holidays I braved the Black Friday crowds and decided to gift myself a brand spanking new Samsung Smart TV. Although I’m not super worried about it personally, my purchase did make me wonder why other people – the ones who have the heebie-jeebies about data privacy and security – are so uptight about connected devices and what they do to protect themselves?

Data? Privacy? Yes, you should be concerned

One of the people I talked to about this, who’s on the more concerned end of the spectrum, ended up sending me this article: Why ‘I have nothing to hide’ is the wrong way to think about surveillance.

The article sheds light on the fact that a lot of people don’t understand why they should have concerns about surveillance due to the “I have nothing to hide” mentality. It more or less comes down to the following points:

1. Laws on laws on laws: The U.S. Code has about 27,000 pages worth of laws… This creates the problem that people won’t always know when they have something to hide, because they aren’t aware of the laws they may be violating.
2. Too much “free rein” power: Another related issue is that “those in power will essentially have what they need to punish anyone they like, whenever they choose”. This means the federal government has the ability to selectively investigate possible violations – and would likely be able to find something if they looked hard enough through the thousands upon thousands of obscure laws they have to choose from.
3. The suffocation of freedom: Those who have control over the selective monitoring of personal data, promote a system that restricts the way information is distributed and the possibilities of what people are able to do. (Note: Many legal victories that have taken place in the U.S. over the years have occurred due to the ability to break the law and then engage in the legal democratic process in order to change things).

These are only three of the overarching reasons of why someone would be bothered by this. Clearly there’s plenty of logic behind being concerned by what a Smart TV could be used for.

But, I’m not though…

Alright, here’s my devil’s advocate response to that article, just for fun because why not.

So, sure, it’s not like the United States government doesn’t know that there are people violating one of those 27,000 pages of federal statutes or 10,000 administrative regulations. (People break some type of law every single day). However, the United States has a population of approximately 325,398,017, which is about 4.3% of the total world population… In the grand scheme (of the other 95.7% of the world population), with individuals, or more likely entire governments, organizations, terrorist groups, and so forth, impacting the United States on a massive scale, I highly doubt that the U.S. government is going to go on some random “witch hunt” to figure out that I had a lobster that wasn’t the appropriate size for me to legally possess (one of the obscure laws mentioned in that article).

Yes, I can agree with the issue dealing with power abuse, but I still don’t think the government is going to go sifting through every email, text, phone call, Netflix show, or whatever else that’s potentially streaming across the internet from my TV. The problems occurring on a global scale are far more substantial than some obscure law I may be breaking at some point.

I also am still a believer that it’s a choice that we are constantly at arms length from these devices that are able to monitor the content of our ideas, actions, information, etc.

And the response to my response

I’ve been told my thoughts on the article are really just a more fleshed out version of “I’m not doing anything wrong, so I have nothing to hide”. It doesn’t actually address the underlying issues, including the fact that there are dedicated agencies to track compliance and automation to detect information; or Dragnet (along with any type of mass surveillance) that sacrifices rights and abuses power. “Evidence in search of a crime” is also a problem. So, as our normal everyday devices are becoming more and more fundamental to carrying out societal functions, the compromise and monitoring of these devices pose major control problems.

Ultimately, I was glad to learn from other views and logic that differs from my own.

Simple ways to protect your data from your “evil” smart TV

Regardless of whether you are a privacy nut, or you’re like me and don’t really care about it, there are still security precautions that are best practice anyway. Below are some simple steps that can go a long way when it comes to protecting your Smart TV and your data from the bad guys.

• Cut the head off the snake: Disconnect from the Internet (gasp!). Your Smart TV’s Wifi and Bluetooth capabilities can be cool for streaming, applications, and pairing your devices at home, but when you’re not doing anything with those features why not disconnect? As with the risk of any Internet of Things device, your connected Smart TV leaves your information open to being hacked. At the very least, limit your online activity through your Smart TV (aka not logging into your bank’s website on your TV is a good idea).
• Careful with those apps: Just like everywhere else you can download apps, only install from known sources. Rogue applications can wreak havoc on your Smart TV (from DDoS attacks to spying) and enable remote hacking among other related problems. Also, update, updated, updated. Updates will be released by your TV manufacturer every once in a while, many of which will be designed for a security fix.
• Know that free isn’t really free: If anyone is giving you a service “for free,” they’ve figured out a way to make money off you somehow, such as selling your personal data or selling something that uses your personal data. You just have to decide whether you’re okay with that upfront. Many people are (think Facebook). One of our previous blog posts OPSEC and Privacy: Do more, and say less… goes into more details about that concept.
• Protect personal details: This means it’s a good idea to leave forms blank where possible. If they don’t require it, don’t fill it out. KeePass and LastPass are good options to store information you may not remember offhand. (Note: Make up your birth date).
• Lastpass and 2FA: As far as protecting your information goes, where applicable use LastPass Personal + Duo Personal for all accounts that mean anything. If you’re going to have trouble remembering your “fake answers” to security questions, put them in a LastPass note. Also, never use the same password you use as your master password elsewhere on the Internet.
• Hear no evil, see no evil: Your physical security is important too. The bad guys don’t need to see what you’re doing or hear the ins-and-outs of your daily activities. If your Smart TV has a webcam, cover it with tape. Also, turn off voice recognition features. Don’t make it easy for those looking for sensitive information to get ahold of it.

Any other tips, tricks, or words of wisdom?

I’m curious to hear what other people have to think about this – whether that’s telling me my thoughts are ludicrous, to sharing other best practices for securing your Smart TV. Feel free to leave a comment, talk to us on Twitter @hurricanelabs, and/or chat with me at @unfoldmybrain!