Skip to main content

Big Brother Barbie Sets Dangerous Precedent

The new Big Brother isn't the NSA, the CIA, our alien overlords or the Illuminati; it's Barbie! At Toy Fair last week, Mattel announced Hello Barbie, a talking doll with speech recognition that records your child's conversations and stores them in the cloud. And everyone's favorite California blonde isn't the only one uploading kids' private moments; a number of apps have been performing this "service" for a while now. If you think that's a good idea, you're being taken for a ride . . . in a pink Malibu Barbie dream car.

The technology that powers the apps, the Barbie and an untold number of future toys comes courtesy of ToyTalk, a startup founded by former Pixar CTO Oren Jacob, which is trying to let children have realistic conversations with their playthings.

Just like Siri, Cortana and Google Now voice assistants, Barbie and apps such as SpeekaZoo, which lets you talk with virtual animals, will send users' speech input to the cloud where a computer somewhere will interpret the words and offer a response. Unlike Siri, which is designed to perform tasks for you and get out of the way, the software's purpose is to interact with a child, asking questions (example: What do you want to be when you grow up?) to encourage engagement.

MORE: Is Mattel's Talking Barbie Safe For Your Kids?

ToyTalk stores voice recordings, screenshots and, potentially, even photos from your child's play sessions in password-protected online accounts where adults, presumably the child's guardians, can access them.  At first blush (or eyeliner), this sounds like a fun tool for busy parents. As a dad, I really get a kick out of watching my toddler play with his toys and hearing the stories he makes up for them. The software would make it easy for me to find out what he's saying even when he's out of earshot. What could possibly go wrong?

As Target, Home Depot, Sony Entertainment and Anthem Health can tell you, no database is completely hacker-proof. What happens if there's a data breach and your child's intimate moments fall into unsavory hands? Even if the servers are completely secure, a criminal could steal an individual parent's password and get in that way.

ToyTalk also reserves the right to access the data in order to improve the quality of the software. Its privacy policy states that "these recordings and photos may also be used for research and development purposes." Presumably, they're not looking at personally identifiable information when listening to the conversations, but who watches the watchmen? If your child tells Barbie that mom gave her a spanking, will the developers call child services?

Some would argue that there's no cause for concern, because the conversations being captured are so mundane. Who cares if a hacker knows that your daughter likes vanilla ice cream? You should.

First of all, the information the apps and doll are capturing may not be so trivial. Perhaps dad is in earshot during the recording and says something that would make him vulnerable to identity theft. Maybe mom tells junior to get ready for next week's vacation, alerting burglars that the family will be out of town.

Even if adults never appear on the recordings, children could be giving malefactors plenty of ammunition to hurt them. It's easy to imagine a pedophile using your child's love of ponies, the fact that her brother is named "Sam" and her desire to be an astronaut to lure her.

For its part, ToyTalk assures us that it takes significant security precautions. CTO Martin Reddy told Tom's Guide that his company will use Transport Level Security (TLS) to transmit the recordings from your house to its server. When we logged in to the ToyTalk site to see recordings of his conversation with a virtual Tiger in SpeekaZoo, we noticed that the Web interface is on a secure server.

MORE: 10 Worst Data Breaches of All Time

ToyTalk also says that it strictly follows the regulations laid out in COPPA (The Child Online Privacy Protection Act), which requires technology companies to obtain a parent's verified permission before gathering data from children under 13, to post a privacy policy and to keep that data secure. The ToyTalk website proudly displays a badge from KidSafe, an organization that certifies companies as COPPA compliant.

The SpeakaZoo app we tried requires parental permission before it launches and, if you go into the Web portal and revoke your permission, it stops running. There's no way to use the app and opt out of sending your data back to the company. You can log in to the Web interface and delete the recordings after they've been stored, or you can cancel your account and all your data will be erased. We don't know yet whether Hello Barbie will allow parents to turn off voice capture.

Of course, ToyTalk isn't the only company making software that interacts with kids in a very intimate way. For example, another Internet-connected doll, called My Friend Cayla, uses speech recognition to talk to your child. Recently, a security researcher hacked into her and reprogrammed her to say inappropriate things. In the future, a lot more toys could be sending data back to servers.

If you're concerned about your child's privacy and safety, you can buy a toy that stores recordings in the cloud and hope that the company's servers are never breached, that its employees all obey the highest ethics standards, and that your child doesn't say anything that could make her a target. However, the best way to win this game is not to play.