■ our reporter Liu Xuying
"Xiao AI, help me turn on the air purifier." "Small degree, small degree, how many degrees today?" "Tmall elf, call me in ten minutes." When we talk to the smart speaker every day, do you know that it is also collecting our information at any time and becoming more and more familiar with its users?
With the advent of intelligent information age, people enjoy convenience, but also face the risk of audio information, privacy information and communication information being collected. How to regulate the healthy development of smart speaker industry and safeguard the rights and interests of consumers? The person in charge of the evaluation center put forward suggestions on this.
For consumers, more attention should be paid to using smart products such as smart speakers.
First, pay attention to the rules for product collection and use of personal information. In the registration information, consumers should consult the content, purpose, frequency, accuracy and other contents of the product collection in detail in the privacy agreement, and clarify the terms and contents of its processing, use and third-party sharing, so as to protect their own interests. After registration, consumers can enter settings or user authorization management and other pages, and turn off the authorization of sensitive information according to needs. In case of compulsory collection or illegal use of personal information, it shall be reported to the regulatory authority in time.
Second, we should pay attention to account security. The account at the control end of the smart speaker is usually shared by multiple apps and products. Once the account is leaked or stolen, it is likely to log in to other smart devices through it, causing a greater threat. The account password should be complex and changed regularly to avoid sharing the password with other accounts.
Third, we should pay attention to the personal information processing of waste equipment. The relevant person in charge told reporters that the evaluation found that after leaving the owner and accessing the new network environment, the smart speakers of multiple brands can normally control the devices bound under the original account without verification, and even some screen speakers can directly view their bound cameras. It is suggested that consumers should exit their personal account, delete equipment information or reset equipment before discarding products, and choose a safer discarding method, such as a reliable waste electronic equipment recycling organization.
For enterprises, on the one hand, we must implement the relevant provisions of the data security law and the personal information protection law, and carry out the security protection of the whole life cycle of data, so as to ensure that the collection of information should be authorized, the transmission and storage should be encrypted, the processing and use should be desensitized, the deletion of data should be thorough, and the provision and disclosure should be legal.
The above person in charge further analyzed that enterprises should standardize the rules for the collection and use of users' personal information. Products should not be mandatory in collecting users' personal information and should not refuse to provide services because a certain information user is not authorized. In the process of collecting and using users' personal information, the content, method, scope, purpose, frequency and accuracy of the collected information should be described in detail, especially the collection of users' sensitive information should be clearly prompted; The use of personal information, such as whether it will provide data to third parties and overseas, shall be described in detail; For the channels and methods of revocation of authorization, application for deletion, complaint and reporting of personal information, comprehensive and easy to understand operating instructions shall be provided.
On the other hand, enterprises also need to build a "protective wall" of network security at the technical level, including timely repairing the loopholes of intelligent operating system and strengthening system configuration security and port security management; Secure the system firmware and mobile applications by means of signature verification, shelling, anti memory modification and other means; Regularly carry out penetration test and risk assessment on server-side and smart speaker app.
