From facial recog­ni­tion to per­son­al data col­lec­tion, this thing is down­right scary — and so are the implications

I just bought a new TV. The old one had a good run, but after the vol­ume got stuck on 63, I decid­ed it was time to replace it. I am now the own­er of a new “smart” TV, which promis­es to deliv­er stream­ing mul­ti­me­dia con­tent, games, apps, social media and Inter­net brows­ing. Oh, and TV too.

The only prob­lem is that I’m now afraid to use it. You would be too — if you read through the 46-page pri­va­cy policy.

The amount of data this thing col­lects is stag­ger­ing. It logs where, when, how and for how long you use the TV. It sets track­ing cook­ies and bea­cons designed to detect “when you have viewed par­tic­u­lar con­tent or a par­tic­u­lar email mes­sage.” It records “the apps you use, the web­sites you vis­it, and how you inter­act with con­tent.” It ignores “do-not-track” requests as a con­sid­ered mat­ter of policy.

It also has a built-in cam­era — with facial recog­ni­tion. The pur­pose is to pro­vide “ges­ture con­trol” for the TV and enable you to log in to a per­son­al­ized account using your face. On the upside, the images are saved on the TV instead of uploaded to a cor­po­rate serv­er. On the down­side, the Inter­net con­nec­tion makes the whole TV vul­ner­a­ble to hack­ers who have demon­strat­ed the abil­i­ty to take com­plete con­trol of the machine.

More trou­bling is the micro­phone. The TV boasts a “voice recog­ni­tion” fea­ture that allows view­ers to con­trol the screen with voice com­mands. But the ser­vice comes with a rather omi­nous warn­ing: “Please be aware that if your spo­ken words include per­son­al or oth­er sen­si­tive infor­ma­tion, that infor­ma­tion will be among the data cap­tured and trans­mit­ted to a third par­ty.” Got that? Don’t say per­son­al or sen­si­tive stuff in front of the TV.

You may not be watch­ing, but the tele­screen is listening.

I do not doubt that this data is impor­tant to pro­vid­ing cus­tomized con­tent and con­ve­nience, but it is also incred­i­bly per­son­al, con­sti­tu­tion­al­ly pro­tect­ed infor­ma­tion that should not be for sale to adver­tis­ers and should require a war­rant for law enforce­ment to access.

Unfor­tu­nate­ly, cur­rent law affords lit­tle pri­va­cy pro­tec­tion to so-called “third par­ty records,” includ­ing email, tele­phone records, and data stored in “the cloud.” Much of the data cap­tured and trans­mit­ted by my new TV would like­ly fall into this cat­e­go­ry. Although one fed­er­al court of appeals has found this rule uncon­sti­tu­tion­al with respect to email, the prin­ci­ple remains a bedrock of mod­ern elec­tron­ic surveillance.

Accord­ing to retired Gen. David Petraeus, for­mer head of the CIA, Inter­net-enabled “smart” devices can be exploit­ed to reveal a wealth of per­son­al data. “Items of inter­est will be locat­ed, iden­ti­fied, mon­i­tored, and remote­ly con­trolled through tech­nolo­gies such as radio-fre­quen­cy iden­ti­fi­ca­tion, sen­sor net­works, tiny embed­ded servers, and ener­gy har­vester,” he report­ed­ly told a ven­ture cap­i­tal firm in 2012. “We’ll spy on you through your dish­wash­er,” read one head­line. Indeed, as the “Inter­net of Things” matures, house­hold appli­ances and phys­i­cal objects will become more net­worked. Your ceil­ing lights, ther­mo­stat and wash­ing machine — even your socks — may be wired to inter­act online. The FBI will not have to bug your liv­ing room; you will do it yourself.

Of course, there is always the “dumb” option. Users may have the abil­i­ty to dis­able data col­lec­tion, but it comes at a cost. The device will not func­tion prop­er­ly or allow the use of its high-tech fea­tures. This leaves con­sumers with an unac­cept­able choice between keep­ing up with tech­nol­o­gy and retain­ing their per­son­al privacy.

We should not have to chan­nel surf wor­ried that the TV is record­ing our behav­ior for the ben­e­fit of adver­tis­ers and police. Com­pa­nies need to become more mind­ful of con­sumer pri­va­cy when decid­ing whether to col­lect per­son­al data. And law enforce­ment should most cer­tain­ly be required to get a war­rant before access­ing it.

In the mean­time, I’ll be in the mar­ket for a new tin­foil hat and cone of silence.

Michael Price is coun­sel in the Lib­er­ty and Nation­al Secu­ri­ty Pro­gram at the Bren­nan Cen­ter for Jus­tice at NYU School of Law.