
German parents told to destroy Cayla dolls over hacking fears - mavdi
http://www.bbc.com/news/world-europe-39002142
======
_ph_
The headline of the article is misleading. As the article mentions itself at
the end, the legal problem with the doll is, that it is a concealed listening
device, a bug. And the sale and possession of these kind of devices is banned
in Germany. That it can be too easily hacked, only makes the situation worse
in practical terms, but the decisive factor is, that it is banned by the kind
of its design.

~~~
kazagistar
What about the xbox one or whatever similar always-on listening devices?

~~~
germanier
An Xbox looks like a technical device and it's not unreasonable to assume that
it might contain a microphone that is transmitting what it picks up but this
is still on the line.

A doll looks like stuffed fabric and it would never occur to me that it might
contain a microphone that's sending what I'm saying in the room.

~~~
ominous
but now it does (occur to you that dolls can have hidden microphones).

I also wouldn't expect a TV to have a microphone, but smart TVs proved me
wrong.

~~~
treve
This isn't really about what logically makes sense to you personally,
Germanier just explains how the law is currently interpreted.

~~~
germanier
Yes, the law prohibits to own "transmitting equipment which, by its form,
purports to be another object or is disguised under an object of daily use
and, due to such circumstances, is particularly suitable for intercepting the
non-publicly spoken words of another person without their detection". Neither
Smart TVs nor Xboxes claim to be something they are not.

~~~
acqq
From what I see, the doll also doesn't hide how it works, exactly like the
"listening" TV: nobody would have expected that the TV would listen and send
somewhere "the non-publicly spoken words" just a decade ago, and as far as I
know, there are now such on the market, probably also in Germany. Then such a
TV could be also considered a "clandestine listening device." If it's "does it
have a manual that says it does that" both the TV and the doll have it. It's
the matter of what is considered "normal." The specific quote you provide
doesn't make the difference that makes the doll less legal than the TV. But
maybe there's something clearer?

The FAQ pdf of the doll:

[http://myfriendcayla.co.uk/public/downloads/cayla_FAQ.pdf](http://myfriendcayla.co.uk/public/downloads/cayla_FAQ.pdf)

"Do I need an internet connection to play with Cayla?

An internet connection will be required to download the free app which unlocks
all of the fun things which Cayla can do. Some functions, such as searching
for information on the internet (famous people, places, time, weather, etc),
require an internet connection. Cayla can do lots offline, like having
conversations, playing games, reading stories, and exploring her photo album.
In fact, most of the interactive play requires no internet connection at all."

I agree that it's not clearly stated that it's the _recording_ of the voice
that gets transmitted somewhere. But it's obvious that something is
transmitted. Somebody can compare with the manuals of the "listening" TVs.

The site of the doll:

[http://myfriendcayla.co.uk/cayla](http://myfriendcayla.co.uk/cayla)

"Ask Cayla Questions -- ONLINE"

"Play games like noughts and crosses together -- Offline"

See my other post here for more technical details.

~~~
germanier
There is not a clearer quote because that's all there is. The specifics are up
to interpretation in every situation. It's not about the packaging or manual –
hopefully any clandestine listening device tells you that it is one on the
box. It's about the device itself.

Assume you are a visitor somewhere, back at the time when smart TVs where
still new and uncommon. You see two things in a room: A regular-looking doll
and a TV. A doll is made out of fabric, so a doll cannot transmit your voice.
A TV is – that's known to any layperson – a complex technological object that
does a lot of stuff with electronics. It's not absolutely far-fetched to
assume a probability that it contains a microphone. That's the difference in
the eyes of the law. The "smart doll" is in fact not a doll but a microphone-
speaker-device concealed in a doll. The TV does not conceal anything, it's
just "electronicy" looking.

I've never heard of anybody argue that Smart TVs fall under that law even when
they were new.

~~~
eveningcoffee
This is load of bullocks and failure of Germans to follow their own law.

If am certain than a common person does not expect TV to be equipped with a
microphone transmitter. This is not a function of a TV.

That it has been somehow overlooked does not make it right.

------
alexcroox
What's interesting about this, is Cayla is just a bluetooth speaker. The
accompanying Android app is what people have been modifying, not remotely but
locally. I think the entire thing has been blown out of proportion. Give
anyone physical access to your device and they can do a lot worse than make a
bluetooth speaker say some offensive words...

~~~
yorwba
If it can answer questions, then there must be a mic somewhere. And if it's
always on and its data can be sniffed, the doll effectively becomes a bug,
open to everyone who wants to listen.

~~~
alexcroox
AFAIK there is no mic in the doll, you cannot get responses from the internet
without the smart device app, you technically talk into your phone/tablet, not
the doll

~~~
tauchunfall
In the text on Netzpolitik linked in the BBC article it says, the doll has a
microphone.

>Jedes bluetoothfähige Gerät in Reichweite von etwa zehn Metern kann eine
Verbindung zu ihr [der Puppe] aufbauen und Lautsprecher und Mikrofon nutzen.
In einem Versuch hatte ich auch über mehrere Wände hindurch auf die Puppe
Zugriff.

Google Translate: Each bluetooth capable device within a range of about ten
meters can connect to it [the doll] and use speakers and microphone. In an
attempt I had access to the doll over several walls.

~~~
phreeza
Off topic: Google translate is getting really good.

------
leereeves
> Germany has strict privacy laws to protect against surveillance. In the 20th
> Century Germans experienced abusive surveillance by the state - in Nazi
> Germany and communist East Germany.

Do these laws apply to the state?

~~~
qznc
In general, yes.

For example, there is currently a commission which investigates the "NSA
Affair". Just yesterday, chancellor Merkel was questioned for hours.

Good german news about NSA-UA: [https://netzpolitik.org/tag/nsa-
ua/](https://netzpolitik.org/tag/nsa-ua/)

~~~
tiatia
It is very well possible that the German chancellor Merkel worked for the
former East German State security under the name "IM Erika". The once was a
very compromising picture of her her on the internet, showing her in front of
a house of a former "dissident". Possible doing "observation" work.

~~~
dpark
This definitely needs a citation. It sounds like internet conspiracy theory
trash. Wikipedia seems to have no mention of this either.

I am especially amused by the claim that at one point there was a compromising
picture on the internet, as if there is a viable way to eliminate such a thing
from continued existence on the internet.

~~~
tiatia
As far as I remember, the picture was discovered by a government founded TV
station.

There was a report and the picture was shown (I've seen it!) in a Swiss
magazine. The website does not work anymore:
[http://schweizmagazin.ch/news/336/ARTICLE/4283/2008-05-29.ht...](http://schweizmagazin.ch/news/336/ARTICLE/4283/2008-05-29.htm)

Ms. Merkel disputed the publication of this image since it would violate her
"privacy rights".
[http://www.spiegel.de/spiegel/vorab/a-377389.html](http://www.spiegel.de/spiegel/vorab/a-377389.html)

Otherwise, just google "IM Eirka"
[https://www.google.com/#q=%22im+erika%22+merkel](https://www.google.com/#q=%22im+erika%22+merkel)

On a discussion board someone asked if the German chancellor could be
blackmailed if someone had this information? Answer from another user:"How?
Everybody knows already she was working for the state security..."

~~~
dpark
My German is really bad but there seems to be little of substance here. One of
the first results cites "the internet rumor mill".

I'm not saying it's guaranteed untrue, but it seems without real evidence and
therefore without merit.

~~~
tiatia
Spiegel is THE MAJOR German magazine.

Here is a bad English translation of some information:
[https://antilobby.files.wordpress.com/2012/04/stasi.pdf](https://antilobby.files.wordpress.com/2012/04/stasi.pdf)

This picture in front of Havemann actually IS in the pdf. 1. What was she
doing, far in the outskirts of Berlin, in front of the house if this
dissident?

2\. Why does this picture violate her "privacy rights"? (What in fact proofs
that it is her on the picture)

~~~
dpark
I know what the Spiegel is. That's a story about the supposed picture, though,
not a story claiming that Merkel was a security informant.

> _What was she doing, far in the outskirts of Berlin, in front of the house
> if this dissident?_

I have no idea. I don't know why being in the outskirts of Berlin seems
questionable. Maybe it's odd that she was in front of a dissident's house.
Maybe there was a clear reason to be there. Maybe she was going to a pub. I
have no clue and don't think this random picture is very interesting by
itself.

~~~
tiatia
If you can read German, read this, despite the source [http://www.pravda-
tv.com/2013/11/platzt-die-bombe-war-angela...](http://www.pravda-
tv.com/2013/11/platzt-die-bombe-war-angela-merkel-ein-stasi-spitzel-videos/)

"I have no idea. I don't know why being in the outskirts of Berlin seems
questionable." Because there war nothing to do there. No Pubs. No Bars.
Nothing. And his house was observed around the clock, including by many
unofficial state security helpers.

Why does she not say what she was doing there?

Why does the publication of the picture violate her privacy?

It was media from Switzerland that asked the serious questions. Not German
media. So what was she doing there? Nothing? Just chance? Take her word for
it! She admitted she was requested to become an unofficial state security
member but never signed (still was admitted to University). Take her word for
it! Her father was a pastor, something that was not liked in the GDR. Still
she was allowed to study in the UdSSR as an exchange student, a huge
privilege. Just luck, take her word for it! Later as a scientist she was
allowed to visit conferences abroad, again a huge privilege. During the break-
up of the GDR she walked "by chance" by church were all the dissidents met and
thought "why not let's have a look?"

Look, do I know that Merkel was working for the Stasi? No. Do I like her? No.
But I think there are many serious questions to be asked and basically for all
answers we have to take her word.

One thing I wonder. The Russians prefer that Merkel does not stay chancellor.
If she worked for the State security it is likely that the Russians have
compromising material. We may now before the next elections.

------
kriro
I can already see the reaction of parents...Alexa/Siri how can I destroy a
Cayla doll...let me search the internet for destroy Cayla doll...thank you
Alexa/Siri

~~~
mtgx
I doubt Germans use Siri, let alone Alexa, all that much.

~~~
bebna
I only have seen one guy asking Siri a question to this day. Everybody in the
room was frowning to that, he never repeated it.

Killing Cortana is one of the first steps of everybody I know who switched to
Win10.

Haven't seen an Amazon Echos yet, not even in flats which homeowners use a
massive amount of home automation gadgets.

\- East German

~~~
moftz
I'm seeing more people get Google Homes and Amazon Echos now compared to when
they first came out. It's still a novelty for most people. I was reading a
newspaper the other morning at the kitchen counter when I looked over at the
Echo my mom got my dad for Valentines Day. I realized I could just ask Alexa
for the news but then I wouldn't have the convenience of just skimming
headlines. I would have to verbally skip to the next story and that just felt
like a lot more effort than continuing to read the paper. We don't have any
other home automation devices in the house like the Nest thermostat or any
Hues. I feel like if I had a lot more connected devices in the home, then
having something like an Echo or some other hub for controlling them would be
necessary.

~~~
drivers99
Personal anecdote: I got one free at AWS re:Invent. I use it to play music of
my choice (specific songs or playlist categories, which requires a
subscription after trial period), set timers ("alexa set timer for 45
minutes"; "alexa how much time is left on the timer?"), do various
calculations ("alexa what is 1 plus 1?" -> "1 plus 1 is two, but you already
knew that"), and ask what time a nearby business closes ("alexa when does
Target close?" yields the closing time of the nearest target based in the
location I have set. If it's closed, it says when it opens next). Other than
that, it's mostly just a novelty that I forget about 99% of the time.

------
acqq
From what I understand, the main problem of the doll is that, as soon it is
turned on, it pairs to the first Bluetooth connection it can? That means, if
the child is using it without the parents, they can't know with whom the child
communicates.

Once paired, the Internet-dependent functionality is provided by the device
and the app with which the doll was paired. The attacks are possible because
the hacker can provide his own "server side" handling (the doll being the
client).

The doll has a built in microphone and speaker.

It's the app on the mobile phone that connects to the internet and
"transcripts" the voice of the questions into something that can be processed
by sending it to some servers. The iOS version of the app can do 3000
transcriptions before you have to purchase more.

[http://myfriendcayla.co.uk/public/downloads/cayla_FAQ.pdf](http://myfriendcayla.co.uk/public/downloads/cayla_FAQ.pdf)

From what I read, when not paired, the doll is offline but if powered it still
"talks" and "listens", just without the processing possible through the app
and the servers across the internet and for EU, that's another problem: are
the servers in the EU or not, are they doing special treatment of the data as
it's known the data are from minors etc.

~~~
germanier
No, the main problem is that a) it looks like a doll b) it has a microphone c)
it can transmit recorded voice. That's enough to make owning that device
illegal.

That it transmits the voice of unsuspecting children (who of course also have
privacy rights) to who-knows-where is just the icing on the cake.

------
asp_net
German parent here. No one is going to destroy anything just because some
agency asks for it. That's for sure ;-).

------
ekianjo
> A spokesman for the federal agency told Sueddeutsche Zeitung daily that
> Cayla amounted to a "concealed transmitting device", illegal under an
> article in German telecoms law (in German).

Funny, but when the State does Surveillance, all of a sudden it's OK.

~~~
_ph_
No it is not ok and illegal until a judge gave an order to wiretap a person.
Even then, it required an extension of the laws to allow wire tapping of
organized criminals within private rooms, which previously was completely
forbidden.

~~~
nilved
> No it is not ok and illegal until a judge gave an order to wiretap a person.

So it's illegal unless the state says so. Who do you think the judge's boss
is?

~~~
_ph_
It is not the state, strictly speaking. In Germany, there are 3 pillars of the
law. There is the police, which may not wiretap except under very limited
conditions - it was a huge political discussion, when those exceptions were
added to the German law. Before that, wiretapping in private rooms was
completely banned. There is the state, which can creates laws, by which police
has to act and judges judge. These laws can of course changed the legality of
certain measures, but they are bounded by the constitution, and laws have been
voided by the federal court due to being in violation of the constitution.
Judges are independant in their role from state and police. While their salary
is paid by the state, there is a good reason, that judge positions in Germany
are for-life. Unless the judge performs an actual crime, he cannot be fired.
This is to ensure maximal independence.

------
andrewclunn
I see the plot for a more realistic "Child's Play" reboot here.

