Speakers

Bose ‘Wiretaps’ Users, Mines Personal Data from Wireless Headphone App, Lawsuit Alleges

Plaintiff Kyle Zak alleges in a class-action lawsuit that Bose spies on wireless headphone users, collecting intensely personal data through Bose Connect app, and shares with data-mining firm Segment.io in violation of Federal Wiretap Act.

Bose ‘Wiretaps’ Users, Mines Personal Data from Wireless Headphone App, Lawsuit Alleges
In a class-action lawsuit, plaintiff alleges Bose intentionally collects and shares personal listening data from Bose Connect app, in violation of Federal Wiretap Act.

Julie Jacobson · April 19, 2017

Bose Corp. violates the federal Wiretap Act by collecting consumer data through wireless headphones and the Bose Connect app, plaintiff Kyle Zak claims in a class-action lawsuit filed in the Northern District Court of Illinois, Eastern Division.

Zak claims Bose spies on headphone users, “secretly collecting, transmitting, and disclosing its customers’ private music and audio selections to third parties, including a data mining company.”

The data mining company mentioned in the suit (but not named as a defendant) is Segment.io, which claims on its website the ability to “collect all of your customer data and send it anywhere.”

There is no indication from the lawsuit that the data allegedly "shared" with Segment.io is for any other purpose than Bose's own product-development and internal marketing needs. Indeed, Segment.io purports to "stream data to every marketing integration your team needs."

There is also no indication that individual accounts were tied to any data allegedly collected.

Many electronics vendors track consumer data in aggregate to better serve their needs, often using third-party firms like Segment.io to collect the data and crunch the numbers.

This case may test the ability of product developers to collect data and "share" it with subcontractors for the purpose of gleaning valuable information for internal use.

Data via Bose Connect App

Bose wireless headphones work in conjunction with the Bose Connect app, which pairs smartphones with Bose products, enabling audio streaming and system-wide controls.

Allegedly, Bose collects information through the app, including the content streamed, as well as the transports used – for example, when tracks are skipped or repeated – demonstrating “a wholesale disregard for consumer privacy rights.”

Behaviors related to listening can be intensely personal, the lawsuit alleges, and can be used to determine, for example, if the listener is Muslim, autistic, gay or HIV-positive.

From the lawsuit:

Unbeknownst to its customers, however, Defendant [Bose] designed Bose Connect to (i) collect and record the titles of the music and audio files its customers chose to play through their Bose wireless products and (ii) transmit such data along with other personal identifiers to third parties – including a data miner – without its customers’ knowledge or consent.

Though the data collected from its customers’ smartphones is undoubtedly valuable to the company, Defendant’s conduct demonstrates a wholesale disregard for consumer privacy rights and violates numerous state and federal laws.

Indeed, one’s personal audio selections – including music, radio broadcast, Podcast, and lecture choices – provide an incredible amount of insight into his or her personality, behavior, political views, and personal identity. In fact, numerous scientific studies show that musical preferences reflect explicit characteristics such as age, personality, and values, and can likely even be used to identify people with autism spectrum conditions. And that’s just a small sampling of what can be learned from one’s music preferences. When it comes other types of audio tracks, the personality, values, likes, dislikes, and preferences of the listener are more self-evident. For example, a person that listens to Muslim prayer services through his headphones or speakers is very likely a Muslim, a person that listens to the Ashamed, Confused, And In the Closet Podcast is very likely a homosexual in need of a support system, and a person that listens to The Body’s HIV/AIDS Podcast is very likely an individual that has been diagnosed and is living with HIV or AIDS. None of Defendant’s customers could have ever anticipated that these types of music and audio selections would be recorded and sent to, of all people, a third party data miner for analysis.

In the lawsuit, plaintiff refers to various studies that link personality traits with a user’s listening habits.

 For example, in a 2016 study called “Music and Personality,” “researchers found that people could make accurate judgments about an individual’s levels of extraversion, creativity and open-mindedness after listening to ten of their favorite songs.”

Bose Encouraged Downloads, Failed to Warn Users

Bose products used with Bose Connect include QuietComfort 35, SoundSport Wireless, Sound Sport Pulse Wireless, QuietControl 30, SoundLink Around-Ear Wireless Headphones II, and SoundLink Color II.

Bose encouraged users to download the companion app to “get the most out of your headphones,” and made promises that the app “unlocks current and future headphone features.”

During the app registration, Bose collects the user’s name, email address and the serial numbers of connected products.


RELATEDOpinion On Lawsuit Against Bose: What Constitutes Digital Spying?


At that time, the lawsuit alleges, “Bose fails to notify or warn customers that Bose Connect monitors and collects—in real time—the music and audio tracks played through their Bose Wireless Products. Nor does Bose disclose that it transmits the collected listening data to third parties.”

Bose intentionally configured Bose Connect to “continuously and contemporaneously intercept the content of electronic communications” between the mobile device and the headphones, plaintiff alleges.

Plaintiff alleges violations of the Federal Wiretap Act 18 U.S.C. § 2510, which “generally prohibits the intentional ‘interception’ of ‘wire, oral, or electronic communications,” as well as “the intentional disclosure of such communications.”

Plaintiff also says Bose Corp. violates the Illinois Eavesdropping Statute, which prohibits activity that “ntercepts, records, or transcribes, in a surreptitious manner any private electronic communication to which he or she is not a party unless he or she does so with the consent of all parties to the private electronic communication. . . .”

Further claimed is “Intrusion Upon Seclusion,” in that Bose allegedly “intruded upon the seclusion of Plaintiff’s … private affairs.” Also, that Bose violates the Illinois Consumer Fraud and Deceptive Business Practice Act.



  About the Author

Julie Jacobson, recipient of the 2014 CEA TechHome Leadership Award, is co-founder of EH Publishing, producer of CE Pro, Electronic House, Commercial Integrator, Security Sales and other leading technology publications. She currently spends most of her time writing for CE Pro in the areas of home automation, security, networked A/V and the business of home systems integration. Julie majored in Economics at the University of Michigan, spent a year abroad at Cambridge University, earned an MBA from the University of Texas at Austin, and has never taken a journalism class in her life. She's a washed-up Ultimate Frisbee player currently residing in Carlsbad, Calif. Email Julie at [email protected]

Follow Julie on social media:
Twitter · LinkedIn · Google+

Julie also participates in these groups:
LinkedIn · Google+

View Julie Jacobson's complete profile.



  Article Topics


Speakers · Networking & Cables · News · Products · Bose · Cybersecurity · Lawsuit · Legal · Network Security · Privacy · All Topics
CE Pro Magazine

Not a Magazine Subscriber?
Subscribe Today...It's FREE!!

Comments

Posted by lbaltz on April 19, 2017

Now, can we sue our ISPs?

Posted by lbaltz on April 19, 2017

Now, can we sue our ISPs?