Speakers

Opinion On Lawsuit Against Bose: What Constitutes Digital Spying?

Opinion: Class-action lawsuit claims Bose violates Federal Wiretap Act by collecting data from wireless headphone users and sharing with a third-party data-mining firm. So what?

Opinion On Lawsuit Against Bose: What Constitutes Digital Spying?
Plaintiff alleges in class-action lawsuit he would not have purchased Bose wireless phones if he knew data might be collected. Really?

·

Bose Corp. looks pretty bad for allegedly “spying” on users of its Bose Connect headphone app. A class-action lawsuit filed yesterday in the Northern District of Illinois, alleges violations of the Federal Wiretap Act and other laws that protect consumer privacy.

Plaintiff Kyle Zak (rather, his attorneys) claims Bose collects listener information through the app, and shares that data with at least one party: the data-mining firm Segment.io.

The lawsuit uses a bunch of damning language, lambasting Bose for “secretly collecting, transmitting, and disclosing its customers’ private music and audio selections to third parties, including a data mining company.”

The attorneys note that one’s personal audio selections “provide an incredible amount of insight into his or her personality, behavior, political views, and personal identity.”

Music selections, for example, could reveal if a listener is Muslim, gay, HIV-positive or autistic.

Indeed, such data if exposed could enrich a lot of companies or destroy a lot of individual lives. But there’s no suggestion in the lawsuit that Bose actually shared any data outside its walls except for Segment.io.

Segment.io helps companies crunch data from their users in order to inform their product, marketing and strategic roadmaps.

Instead, maybe we should warn consumers, “No one monitors your data; therefore, we cannot look for security breaches, and we cannot make improvements to your devices.”
 

I’m guessing in this case, Bose didn’t actually share personal identifiable information with anyone at Segment (or Bose itself). Rather, they likely used Segment’s API to crunch the numbers. I’m guessing also that Bose – with all its fancy lawyers – is pretty protective of this data and the privacy of its customers.

Let’s just assume Bose didn’t share consumer data with any third-party entity beyond the Segment servers. Let’s also assume the data allegedly collected was done so in aggregate, without clues as to the identity of any individuals.

Should companies be prohibited from “sharing” or “transmitting” data with subcontractors, including “virtual contractors” like cloud-based servers and APIs?

Virtually every respectable purveyor of electronic devices monitors those devices for product performance, user experience, diagnostics, marketing, security, and so many other purposes.

What if Bose were running consumer data through a third-party security provider to check for malware? Would such "sharing" be prohibited under privacy laws?

One important allegation in the lawsuit is that Bose failed to warn consumers about data collection or dissemination.

Even if that’s the case, at what point must suppliers disclose collection or dissemination of data? At what point do we need to advise connected consumers that their connected products might be monitored?

Instead, maybe we should warn consumers, “No one monitors your data; therefore, we cannot look for security breaches, and we cannot make improvements to your devices.”

The plaintiff alleges “few, if any, of its customers would have purchased a Bose Wireless Product in the first place had they known that it would monitor, collect, and transmit their Media Information.”

We know that plaintiff owns a smart phone. Presumably he owns a smart TV or an Internet-connected computer, maybe a connected security camera or alarm system.

And he wouldn’t have purchased a Bose wireless headphone, nor use the Connect app? 


RELATED: Bose ‘Wiretaps’ Users, Lawsuit Alleges




  About the Author

Julie Jacobson, recipient of the 2014 CEA TechHome Leadership Award, is co-founder of EH Publishing, producer of CE Pro, Electronic House, Commercial Integrator, Security Sales and other leading technology publications. She currently spends most of her time writing for CE Pro in the areas of home automation, security, networked A/V and the business of home systems integration. Julie majored in Economics at the University of Michigan, spent a year abroad at Cambridge University, earned an MBA from the University of Texas at Austin, and has never taken a journalism class in her life. She's a washed-up Ultimate Frisbee player currently residing in Carlsbad, Calif. Email Julie at [email protected]

Follow Julie on social media:
Twitter · LinkedIn · Google+

Julie also participates in these groups:
LinkedIn · Google+

View Julie Jacobson's complete profile.



  Article Topics


Speakers · Networking & Cables · Networking · News · Blogs · Bose · Lawsuit · Legal · Privacy · All Topics
CE Pro Magazine

Not a Magazine Subscriber?
Subscribe Today...It's FREE!!

Comments

Posted by Julie Jacobson on April 21, 2017

Bill, is there something in this piece that you disagree with? Would love to hear your thoughts. My thoughts and questions are generally in line with others. See, for example:

http://bgr.com/2017/04/20/bose-lawsuit-privacy-connect-app-meh/
https://arstechnica.com/tech-policy/2017/04/man-claims-his-bose-headphones-capture-what-hes-listening-to/

We shall see if Bose actually did something illegal. Perhaps they did. I think some of the questions raised in this piece would be interesting to ponder. But that’s just me. I happen to be very interested in law stuff and would enjoy hearing yours and others’ opinions on the matter.

Thanks for reading.

Posted by Bill Kearney on April 21, 2017

For the sake of clarity, what funds has Bose paid to CEPro or their respective companies?  What, if any, financial relationship exists involving Bose or their representatives?

Posted by paul greatreps.com on April 20, 2017

I wonder if the plaintiff has a Facebook account?

Posted by hmurchison on April 19, 2017

It’s not just Bose it’s generally any company that has a networked product that can collect data.  There is a fine line here between collecting useful data and collecting data for profit.  Citizens need to understand that in the digital age it’s more important than ever to have a Bill of Rights for Privacy codified.

Posted by kabazo on April 19, 2017

I agree that it would be a normal expectation that a connected device collects some data and than without that data the usefulness of the device (or service provided) will be reduced if not obsolete. The issue should be more about the extent of data collected, its purpose, the way it is kept (identifiable or aggregate) and for what it’s being used. All of these deserve to be communicated to users much like it’s normal to have “opt in” for direct emails. If not government regulations there may be room for industry best practices and even standards (if such don’t exist) for both disclaimer language and data collection itself.

Posted by kabazo on April 19, 2017

I agree that it would be a normal expectation that a connected device collects some data and than without that data the usefulness of the device (or service provided) will be reduced if not obsolete. The issue should be more about the extent of data collected, its purpose, the way it is kept (identifiable or aggregate) and for what it’s being used. All of these deserve to be communicated to users much like it’s normal to have “opt in” for direct emails. If not government regulations there may be room for industry best practices and even standards (if such don’t exist) for both disclaimer language and data collection itself.

Posted by hmurchison on April 19, 2017

It’s not just Bose it’s generally any company that has a networked product that can collect data.  There is a fine line here between collecting useful data and collecting data for profit.  Citizens need to understand that in the digital age it’s more important than ever to have a Bill of Rights for Privacy codified.

Posted by paul greatreps.com on April 20, 2017

I wonder if the plaintiff has a Facebook account?

Posted by Bill Kearney on April 21, 2017

For the sake of clarity, what funds has Bose paid to CEPro or their respective companies?  What, if any, financial relationship exists involving Bose or their representatives?

Posted by Julie Jacobson on April 21, 2017

Bill, is there something in this piece that you disagree with? Would love to hear your thoughts. My thoughts and questions are generally in line with others. See, for example:

http://bgr.com/2017/04/20/bose-lawsuit-privacy-connect-app-meh/
https://arstechnica.com/tech-policy/2017/04/man-claims-his-bose-headphones-capture-what-hes-listening-to/

We shall see if Bose actually did something illegal. Perhaps they did. I think some of the questions raised in this piece would be interesting to ponder. But that’s just me. I happen to be very interested in law stuff and would enjoy hearing yours and others’ opinions on the matter.

Thanks for reading.