Is the Call to Investigate Sex Toy Security Actually a Fearmongering Double Standard?
Drawing the line between privacy issues and stigma.
On April 26, Access Now, an international organization set up to—as its site says—“defend and extend the digital rights of users at risk around the world”—asked the Federal Trade Commission of the United States to investigate the manufacturer of the Siime Eye camera-equipped sex toy.
Specifically, the organization accuses the manufacturer, Svakom, of releasing its product with “grossly inadequate security.”
The tipping point
To understand Access Now’s decision, we need to go back to a demonstration by Ken Munro, of Pen Test Partners, at Access Now’s 2017 RightsCon event. As part of a panel called “Let’s talk about sex toy security,” Munro reportedly infiltrated and also gained control of a Siime Eye’s camera.
The statement from Access Now
In an Access Now press release, US Policy Manager Amie Stepanovich said: “Selling an easily hackable sex toy is the epitome of an unfair and deceptive trade practice. The Federal Trade Commission must send a clear message to the adult Internet of Things (IoT) industry that bad security will not be tolerated.”
Released in 2016, the Siime Eye is Svakom’s first Internet-connected product: a sex toy that can wirelessly send video from its built-in camera to a wide range of devices, such as tablets and smartphones.
Access Now claims that Siime Eye’s lack of security could potentially allow a hacker to gain access to the device, and thus “expose victims to further harassment, [or] stalking.”
Sex toys and security
Internet security in regards to sex toys has become an extremely hot topic, one partially fueled by a recent lawsuit against We-Vibe that alleged the sex toy maker collected intimate user data without permission. The suit was recently settled out of court for $3.75 million dollars.
Despite this bad press, however, some people are expressing serious doubts about the actual security risks that Internet-of-Things sex toys pose.
For example, RenderMan, a whitehat hacker who runs the sex toy security project The Internet of Dongs, penned a comprehensive and thoughtful critique of Pen Test Partners’ demonstration and findings.
Is Siime Eye unsecure?
In his post “Rebuttal To Pen Test Partners,” RenderMan begins by pointing out that the report has more than a few telling errors. The first is the claim that the Siime Eye “streams to the Internet” when it actually only transmits to connected devices—though the video can be shared to the net at that point.
He then examines the criticism that, because the Siime Eye acts as a kind of WiFi access point, the security is inherently lacking. He notes that the manufacturer strenuously recommends that the initial password of 88888888 be changed to the user’s preference for security.
In particular, RenderMan writes that Pen Test’s critique of using WiFi for the sex toy shows a lack of knowledge: “Given what the product designers were attempting to accomplish, WiFi is a sane choice (some implementation issues not withstanding),” he writes.
RenderMan further debunks Pen Test’s claim that the sex toy can be geolocated; in other words, that, someone could potentially locate users without their knowledge. He demonstrates that this is highly unlikely and states that Pen Test could have determined this with a small amount of research.
Less about security, more about sexual issues
Putting aside the technical end of things, RenderMan has a much more important point: the issue is not so much with security as it is with the stigma against adult products and companies. The question is: if the Siime Eye were a regular webcam, instead of a sex toy, would this kind of alarm even be raised?
This double standard is particularly clear when looking at the language in the Access Now press release. In addition to the aforementioned warning about “harassment, [or] stalking” it goes on to say that Siime Eye’s supposed security issues could also lead to “blackmail, or anxiety and depression.”
It is true that security—especially in the age of the Internet of Things—is more important than ever. On the other hand, it’s quite clear that when addressing these concerns in regards to adult products, it’s essential to keep a level perspective.
Absolutely, security should be at the forefront when designing and building adult devices—especially when any part of them can be wirelessly transmitted or even recorded. Some developers are addressing these concerns, such as the people behind the Rumuki app, that works to secure the sharing of intimate videos.
That being said, claiming that a device can put the user’s sexual privacy at risk, when there is little evidence that it can, does nothing but further stigmatize both the manufacturer as well as the user. This results in making a reasonable and productive discussion about sex toy security even more challenging.
It’s, therefore, best in the long run to both hold sex toy manufacturers to a higher level of security, but also be accurate and knowledgeable when it comes to alerting people to potential risks.