Yes, the robot dog ate your privacy
The $2,900 Sony Aibo comes equipped with facial recognition cameras and always-listening microphones. So just how much of your personal data is it lapping up?
- 10 years product testing experience with the CNET Home team
Sony's robot dog Aibo.
At $2,900, Sony's robot dog Aibo sits at the fringe of technology, but it might not stay there. Whether you find it cute or creepy, the tech that makes Aibo tick is continuing to evolve, and it isn't hard to imagine a whole litter of less expensive Aibo competitors aimed at consumers -- and even at children -- in the not-so-distant future.
To be clear, Aibo's tech already includes artificial intelligence, sensors and microphones that help it interact with people, and cameras that can recognize faces and help it navigate your home like a Roomba. A reasonable consumer might rightly wonder just how much data this dog gathers as it wanders their home scanning faces and learning about its owners. Perhaps more important -- what exactly does Sony do with that data?
That's what I wanted to know, so I dug into this robot dog's privacy policy to see what I could learn.
A look under Aibo's hood
First, here's a quick summary of the tech inside of Aibo, as described on the Aibo website:
- Processor: 64-bit Quad-Core CPU
- Display: 2 OLED eyes
- Camera: 2 cameras (front camera, SLAM camera)
- Sound: Speaker, 4 microphones
- Sensors: Time-of-Flight sensor, 2 ranging sensors, pressure-sensitive/capacitive back sensor, capacitive head/jaw sensor, 6-axis detection systems (3-axis gyro/3-axis acceleration) in both head and torso, motion sensor, light sensor, 4 Paw Pads
- Terminals: Charging pins, SIM card slot
- Communications: LTE Data transmission, 2.4GHz Wi-Fi (802.11 b/g/n)
- Accessories: Charging station (stand/mat), AC adapter, power cord, pink ball, SIM card
Aibo is clearly a sophisticated product -- both in its ability to use sensors, cameras and robotics to navigate your home, but also in the way it leverages artificial intelligence to learn about its owners, and build an emotional connection with them, even.
What Aibo (and Sony) learn about you
A person or a product -- or, for that matter, a company -- can't get to know somebody without getting to know things about them. And, sure enough, Aibo is designed to learn about you and adapt to you as you live with it. That means that it's gathering data about you.
There are legitimate privacy concerns about the products in our homes that gather data about us, says Kathleen McGee, former bureau chief of Internet & Technology for the New York Attorney General's office. That's because user information isn't just something that data-hungry devices like these need in order to function -- it's another commodity that the company can sell.
"The problem with that second purpose is that [information] is bundled and sold in ways that the consumer is not necessarily aware of or may not approve of if she knew about them," McGee says. "What if I'm on a health care regimen with my doctor and I cheat on my diet? Am I now going to be profiled for insurance companies in a less than attractive way?"
Sure enough, Aibo's privacy policy makes no bones about the fact that Sony reserves the right to use your personal information for a variety of purposes, including marketing. Sony told CNET that it does not share personal information with third parties, but the privacy policy reserves the right to share certain "de-identified" bits of personal information with third parties, including third parties who want to market to you, reading:
"We may share non-Personal Information, such as aggregate user statistics, demographic information, hashed or otherwise de-identified data, and Usage Information with third parties freely in our discretion for a variety of purposes, including tailoring promotions, advertising and communications we present to you."
"Hashed user data may be problematic," says Lorrie Cranor, director of Carnegie Mellon University's CyLab and a professor in security and privacy technologies. "If two companies use the same approach to hashing a user's identifier, then they will both end up with the same hash for that user and they will be able to match up their data and combine it into a single profile. They may or may not know who the user is, but they will be able to profile this user and target ads to them based on information in their profiles."
"[Sony collects] IP addresses and unique device identifiers but they don't treat this as personal information," Cranor added. "This is information that could be used to identify people, but they're not treating it as personal information. That's a little concerning."
With all of that in mind, let's take a look at the specific data Aibo collects:
Aibo doesn't record audio of your commands, but it does send Sony information about the content of those commands, as well as the information on the way it interpreted your tone.
Aibo's microphones
Aibo uses its onboard microphones to hear commands -- but unlike other voice-activated devices like the Amazon Echo Dot or Google Nest Hub that record audio snippets and send them to the cloud to process an appropriate response, Aibo processes that microphone data itself using its built-in quad-core CPU.
"Aibo does not record audio," a Sony representative tells CNET. "In the same way that many voice-activated products listen for a verbal cue to react, Aibo's tricks are triggered by recognized verbal commands, such as 'sit' or 'shake.' Unlike many common household voice-activated products that primarily draw information from the cloud, the code enabling Aibo's tricks is stored locally within Aibo."
But just because the microphones aren't recording or uploading audio to Sony's cloud doesn't mean that they aren't gathering data about you. Sony's privacy policy for Aibo states that:
"We may collect Usage Information through the Aibo Product, including information about the device itself and information the Aibo Product collects through its microphone and camera (to assist your interactions with Aibo) such as data on voice commands the Aibo Product receives and how it interprets and responds to those commands (including both the content of the command and the tone/manner in which it is delivered)..."
In other words, even if Sony can't listen to your Aibo commands, it can still see what you're saying, as well as information about how Aibo interpreted your tone.
"That seems like fairly sensitive information," says Cranor.
Aibo includes two built-in cameras -- an upward facing camera above its tail that helps it map your home, and a camera on its nose that can remember and recognize up to 100 individual faces.
Aibo's cameras
The camera on Aibo's back is there to help it navigate your home by mapping your ceilings -- a trick that robot vacuums have been employing for years. The camera on Aibo's nose helps with navigation, as well, but its main purpose is to help Aibo interact with people.
That front-facing camera uses facial recognition technology to remember and identify the people it's interacting with. That's why Sony can't sell Aibo in the state of Illinois, where the collection of biometric data, including face scans, is regulated by the Biometric Information Privacy Act.
"In order to mimic the behavior of an actual pet, an Aibo device will learn to behave differently around familiar people," reads a statement on Sony's support page. "To enable this recognition, Aibo conducts a facial analysis of those it observes through its cameras."
"This facial-recognition data may constitute 'biometric information' under the law of Illinois, which places specific obligations on parties collecting biometric information. Thus, we decided to prohibit purchase and use of Aibo by residents of Illinois."
Sony tells CNET that Aibo's facial recognition functionality is based on the sensing and measurement of facial features, and by detecting specific expressions, too, including smiles.
"Aibo also learns its surroundings by sensing and measuring elements of its physical environment, as well as its proximity to those elements," Sony says. "This data, which is stored both locally on Aibo and in the cloud, is intended to support and enhance Aibo's functionality, help Aibo find its charging station, as well as to protect Aibo from collisions with household objects."
So, in addition to tracking facial recognition data that can be used to identify you, Aibo collects details about the layout of your home too.
"Positional and facial recognition data is used to support and enhance Aibo's functionality, and it is not provided to third parties," Sony tells CNET.
A camera in Aibo's nose can take photos of the inside of your home and store them in Sony's cloud.
Surveillance concerns
Another feature worth mentioning is called Aibo Patrol. Turn it on, and the dog will keep a log of its interactions with each face it recognizes.
"It seems like you can basically stalk the people in your house, or have the dog stalk them for you," Cranor noted, "and the owner can then get information about their interactions with the dog, or when the dog sees them."
Aibo Patrol also asks for personal info like names and birthdays for each person you're tracking in order to personalize the experience. All of that information is stored both in the device and in Sony's cloud.
Cranor also found it interesting that the privacy policy claims that Aibo's services are not targeted to children younger than 13.
"They say it's not designed for children," she told me, "which, I guess... at the same time, it's a dog. It's hard to think that children wouldn't be using it."
Aibo can take photographs and store those in Sony's cloud, too. A representative for Sony described that feature to CNET when asked about the specific data gathered by Aibo's camera, saying, "There is a feature enabling users to take still photographs, which are stored in the cloud and managed by users via the My Aibo app. The photo feature is turned off by default and the user has to enable that functionality."
It's a bit misleading to say that the feature allows users to take photographs. In fact, it's Aibo that's taking the photos automatically, with no clear means of preventing it from taking pictures you might not want it to take once the feature is enabled. From the privacy policy:
"In the event that an owner elects to enable this function, the Aibo Product will automatically capture up to 30 photographs per day using its internal cameras. After taking the photographs, the Aibo Product will analyze them, select a portion of the photographs it considers "best" (evaluating factors such as presence and position of human subjects, whether subjects are smiling, time of day, and other qualities it learns as it interacts with you), and upload those selected photos to the owner's My Aibo online account. The remaining photos will be deleted by the Aibo Product."
As for how Sony protects user data, the privacy policy claims that Sony uses "reasonable safeguards" to help protect and secure the personal information of Aibo's users. No further details on those safeguards are given, though this has presumably been an area of focus for Sony in the years since a massive hack at Sony Pictures Entertainment exposed the personal information of tens of thousands of Sony employees and celebrity clients in 2014.
"No electronic data transmission or storage of information can be guaranteed to be 100% private and secure," the policy's security section reads. "Please be careful to avoid 'phishing' scams, where someone may send you an e-mail that looks like it is from Sony asking for your Personal Information."
You can delete the data stored on the Aibo device itself by factory resetting it in the My Aibo app.
Can I delete my data?
Yes -- but you'll need to erase your Aibo's memory and restore it to its default factory settings. In other words, there's really no way to use Aibo as intended without sharing data.
You can reset (or, as Sony puts it, "initialize") your Aibo using the Aibo app. Guidance on how to do that is found in the Aibo help guide, but not the privacy policy. No real surprise, there -- utility like that in privacy policies like these is the exception, McGee says, not the norm.
"The privacy policy is designed to mitigate regulatory concerns," McGee tells me. "It is not an instrument for the consumer's use. Full stop."
And, with more and more data-gathering devices seeking places in our homes -- and with US privacy laws lagging behind Europe, where the General Data Protection Regulation (GDPR) has already seen major tech firms make big changes to their policies -- a product like Aibo only highlights the need for a larger public conversation about private data and the companies that collect it.
"It's becoming difficult to find companies that say 'we only use this information for operational purposes, we never sell it," says McGee. That's understandable, she adds -- companies have to appease shareholders and make sure that they're exploring every potential business possibility.
There's a "but," though.
"If they think that the consumer wouldn't use their product if the consumer understood what was happening, then maybe they shouldn't be doing it."