How to Be Smarter Than Alexa

Last holiday season, did any new "smart" devices make it into your home? Maybe you got an Amazon Echo or a Google Home -- or a wireless baby monitor, or a fridge that reminds you when you're low on milk. Perhaps you bought your child a talking teddy bear or got her a semi-smart watch. In spring of 2017, around 70 percent of Americans had connected TVs. And home-connected device use is growing. For example, a study reported that in the second half of 2017, smart speaker ownership doubled, from 20 million to 40 million people reporting them in their homes. Additionally, market forecasters expect a threefold increase in smart toy sales by 2022.

Connected toys and household gadgets can collect all manner of sensitive information, anything from audio and visual recordings of your home to the names of shows you watch, the number of steps you've taken, your child's precise location, how and when you sleep, and even which foods you eat.

Here are some things you can do before you start talking to your toys:

• Figure out whether you can limit any information collection or sharing -- this may be in settings or in a product manual -- and enter and share only what you need to in any associated apps.




• When you're setting up the device, see if you can change its default password, so it's less likely to be hacked or used as a point of entry to your broader home network.




• Turn off (or mute) devices when you aren't using them.




• Bonus: Learn how the device receives security updates (hopefully they do!) and whether you need to download them or this happens automatically.

These tips will help -- if you can use them. Sometimes, companies don't make it easy to figure out what information an object can collect or how it receives updates, or to change a password. But there also are straightforward actions that manufacturers can and should take to ensure your data is secure and private.

It boils down to one key thing: Design to protect. Devices should be secure from the moment information is transmitted from your device to the cloud.

Unfortunately, companies don't always ensure these minimal protections, as evidenced by vulnerable device after vulnerable device. And an insecure device can imperil the object itself, users, and anything it's connected to -- like the network and everything else hooked into it. In California, Common Sense is sponsoring Senator Hannah-Beth Jackson's SB 327, to ensure reasonable security for the devices more and more of us have in our homes every day.

Take action

In California, other online businesses have to make sure the sensitive information they collect, like financial information, is kept securely. The same rules should apply to so-called smart devices and the sensitive information they collect, whether that be video footage of your child's bedroom or a detailed record of your diet.