By Shaun Murphy
It can be tempting for parents to purchase the latest must-have toys for their kids, like interactive teddy bears or talking dinosaurs that can teach math and science. But before giving in to kids’ desires or buying a toy you think will be good for your child’s education, more research might be justified.
The Federal Trade Commission has announced that it has updated the Children’s Online Privacy Protection Act (COPPA) to specifically cover web-enabled products directed to children under the age of 13. While this regulation is a step in the right direction, parents should remain vigilant when it comes to web-enabled toys.
The FBI said parents should “consider cyber security prior to introducing smart, interactive, internet-connected toys into their homes. These toys typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities, including speech recognition and GPS options. These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.”
* When signing up for a toy’s online component, don’t give the company real data about your life. Perhaps the device could have your child’s first name, but it should not require his or her last name. The toy should certainly never be provided with your real address and/or phone number.
* When creating passwords or security questions, use approximate birthdays if you deem it necessary, but avoid if possible. Also, never connect these types of toys to social networks. This can allow the service (and anyone who hacks in) to correlate your online/toy presence with your real identity.
* Wi-Fi-capable toys can keep track of location just like GPS, though not as precise. If a toy has Wi-Fi, make sure it is turned off when you travel or are outside your home. Be aware that the toy can expose a rough location of your child when it is connected.
* Don’t buy your children any internet-connected toys that have a camera or microphone; until the recent COPPA updates, there was little-to-no protection or oversight on the provided service to keep that data safe. Even if the toy company has an excellent defense against outside threats, the employees inside these companies can access, store, and do whatever they want with the data. There’s just too much risk in toys like this.
Shaun Murphy is one of the nation’s leading experts in communication security with more than 20 years’ experience. He worked as a subject matter expert on high-level government communications software and hardware systems for numerous agencies. You can read more at sndr.com or on Twitter @privateshaun.