Monday, 12 May 2014

LG Disables Smart TV features in the EU to force users to accept new oppressive Privacy policy

Last November, I Reported that Smart TVs from LG Electronics were silently transmitting information about private media files stored on USB devices (amongst other things) to their servers without notification or the possibility to opt-out.

Over the course of the last week, several users contacted me with concerns about the latest firmware update which their TVs had received. I had the opportunity to look at the update over the weekend and, whilst there are many interesting technical aspects to it, I wanted to share some information about the immediate impact and comment on what it it may mean for other owners.

After completing the update, the TV first notifies the user of some immediate data collection that will take place.
Then after watching some broadcast television, the user may decide to view content from an online service such as YouTube or the BBC's iPlayer.  I have used these features many times during the ten months I have owned the TV.

At this point, a message appears warning the user that new agreement is being sought for updated terms.
Upon pressing OK a new screen is displayed containing a "Legal Notice", "Terms of Use" and a "Privacy Policy". These run into well over 20 pages but most importantly: if you decline these terms, you are denied access to most of the previously available "Smart" features.

So, maybe the terms aren't too bad?  I am not a lawyer but some of them stand out to me as being quite draconian. Here is part of the section on what data may be collected (all emphasis mine):
  • "Viewing Information. This refers to information about your interactions with program content, including live TV content, movies, and video on demand. Viewing Information may include the name of the channel or program watched, requests to view content, the terms you use to search for content, details of actions taken while viewing (e.g., play, stop, pause, etc.), the duration that content was watched, input method (RF, Component, HDMI) and search queries.
  • Basic Usage Information. This refers to information which records your interactions within the LG Smart TV, such as the menu items you click on, the apps you access (but not your activity within apps), what channels are available to you, and information regarding external devices connected to the Smart TV.
  • Voice Information. This refers to voice commands and associated data (such as information about the input device that records your voice) used to recognize and act upon the command, OS information, TV model information, content provider, channel information and service results."
"Viewing information" is described later in the document as "anonymised" and "may be used to deliver targetted advertising".

Sensitive voice information will be captured.
"Many LG Smart TVs come with a remote control or other input devices that can be operated using voice commands. We may use your Voice Information to power the voice activation used by the Smart TV or input device (e.g., remote control). If you do not agree to our use of your Voice Information then you will not be able to use the voice command and recognition features. Apart from this Privacy Policy, you will be provided a specific opportunity to agree or disagree with the collection and use of Voice Information. Please be aware that if your spoken word includes personal or other sensitive information, such information will be among the Voice Information captured through your use of voice recognition features."
Data protection laws offer considerable protection to EU citizens, which must be inconvenient if you want to sell their data to the highest bidder:
"Overseas Transfers

We, our affiliates, subsidiaries, and suppliers may use information (including your personal information) in countries other than where your LG Smart TV is located in connection with providing you with our Smart TV Services and any other purposes outlined in this Privacy Policy. The data protection laws in many of these countries may not offer the same level of protection as those in the country where you are located. By agreeing to this Privacy Policy you expressly consent to us and our business associates and suppliers processing your data in any jurisdiction, including, without limitation, Korea and the United States of America, in accordance with this Privacy Policy."
I would encourage everyone to read the privacy policy in full, as these are just a few examples of what I consider to be deeply objectionable. The document seems to be available on-screen only to LG owners but I have transcribed it here.[1]

I do get the impression that LG have badly mis-understood the expressions of infuriation from consumers to the original spying features that had been discovered. I certainly didn't receive complaints that disclosure of these features was missing from the tens of pages of legal jargon that the user must agree to. What seemed to be the problem was that it was happening at all.

But rather than change their practices of spying on their paying customers, LG seem, instead, to have opted to sell data on their customers' private leisure time on the open market.  Arrogantly, they have also chosen to punish customers who wish to retain their privacy by crippling their TVs - months after they had been purchased, and with no forewarning.

Some may observe that we are frequently asked to agree to policy changes by Facebook, Microsoft and others. But it is possible to decide not to use Facebook and users may choose to use alternative (free) software on their PCs.

By contrast, LG's software is cryptographically locked [2] to these SmartTVs and may not be replaced. Therefore, LG's arbitrary restrictions affect the devices capabilities and therefore impact the consumer's own property.

Aside from being repugnant, this action by LG appears to contravene the Data Protection act and Section 9 of the unfair contract terms legislation published by the Office of Fair Trading. This is something that I shall be looking into more when I get the opportunity.

Notes

[1] There may be typos, contact me for screenshots if required. I claim the "fair use" right to make this information available.

[2] Please see the article on GNU.org relating to such locked down systems.


6 comments:

  1. The documents are available on the LG website under Legal Documents(SmartTV), check out 'Additional Services', points 1-3.

    BTW, to make the device you bought less valuable, LG removed the ability to switch audio tracks on DLNA playback in one of the latest firmware updates, apparently due to copyright/licensing reasons (WTF?). Of course that wasn't announced anywhere since they offer no changelogs, nor are you able to get this feature you paid for back, since downgrades also aren't possible!

    ReplyDelete
    Replies
    1. I've just finished a blog post on how to downgrade your LG Smart TV's firmware to a version less intrusive on your privacy.

      Delete
    2. I've just finished a blog post on how to downgrade your LG Smart TV's firmware to a less intrusive one.

      Delete
  2. Thanks for this LG and I have had an interesting discussion today as they have told me they "collect the file names of my documents to recommend things for me" I demanded a refund but they refused so I am looking to take this further.

    Do you know if blocking the we addresses listed in your first lg post still works?

    ReplyDelete
    Replies
    1. Seriously? Was this on record eg. email?

      The blocking works but only if your router blocks by domain keywords. In other words, if you block lgsmartad.com this will also block any DNS requests that contain that term.

      Netgear and Draytek routers work fine. You also need to add grtsDownload.lge to the list as this is a new AD server they have started using.

      Delete
  3. You can use Open dns to block specific addresses just set youre routers dns too 208.67.222.222 and 208.67.220.220

    ReplyDelete