U.S. Sen. Mark Warner (D-VA) urged the Federal Trade Commission (FTC) on Tuesday to work with Congress to strengthen efforts to protect children’s personal information on internet-connected “smart toys” that collect and store data on minors and their parents.
Warner sent a letter to FTC Chairwoman Edith Ramirez expressing concern that children are vulnerable to identity theft as toys and applications gather personal information such as names, birthdates, gender and where they live. Warner said that hackers could exploit cybersecurity weaknesses within those devices as an entrance point to a family’s wireless networks.
“Over the past few years, security researchers have uncovered some startling vulnerabilities in a wide variety of connected toys,” Warner said. “For instance, researchers have been able to gain control of dolls that respond to children’s questions and alter the doll’s responses. Security analysts have also shown that conversations recorded by toys and uploaded to the cloud are easily accessible to hackers.
“Meanwhile, the data breach at Hong Kong-based toymaker VTech exposed the personal information of 6.4 million children, including details like their names, genders, and birthdays, and demonstrated that even children are at risk of data theft. Finally, these connected devices present a risk to parents’ data and security as well, as hackers may begin to see connected toys as the weak-link in a family’s home network.”
The Children’s Online Privacy Act of 1998 (COPPA) was enacted to protect the privacy of children online by prohibiting the unauthorized collection, storage and use of children’s personal information. Congress, however, didn’t envision that those protections would need to be extended to baby monitors, dolls and stuffed animals, all of which can now be used as targets for identity theft.