A few months back I wrote on my personal journal about how incompetently-written firmware in a VTech child’s camera led to my 5 year old daughter losing cherished memories. I also recorded their dismissive response to a flaw that would be considered recall-worthy in any camera made for adults.
Sadly, there is a deeply ingrained seam of reflexive apologetics for negligent software among hackers, as several of my peers tried to tell me it was my own fault.
Here’s the thing about negligence, though: it’s rarely found in isolation. This week it came to light that VTech had been hacked. Turns out, it was far worse than first thought: the attackers were able to access not only home addresses and passwords, bu 190 gigabytes of children’s photos.
A couple weeks ago, hackers successfully broke into the servers of connected toy maker Vtech and stole the personal information of nearly 5 million parents and over 200,000 kids. What we didn’t know until now: The hackers stole pictures of kids, too.This is very bad. The hacker’s identity is still unknown, but he’s been updating Motherboard with details about the hack. When the story broke a couple days ago, the site reported that the hacker broke into Vtech’s servers and stole the names, emails, passwords, download histories, and home addresses of 4,833,678 parents who bought the company’s devices. The massive batch of data also contained the first names, genders, and birthdays of over 200,000 children.
Source: The Horrifying Vtech Hack Let Someone Download Thousands of Photos of Children
Just in case there was any doubt as to whether this was a case of negligence:
For example, there is no SSL anywhere. All communications are over unencrypted connections including when passwords, parent’s details and sensitive information about kids is transmitted. These days, we’re well beyond the point of arguing this is ok – it’s not. Those passwords will match many of the parent’s other accounts and they deserve to be properly protected in transit.
Obviously, VTech should never be trusted again. In an ideal world they would face criminal prosecution, be dropped from store shelves, and/or be driven into bankruptcy by civil suits.
But this experience also serves to reinforce a larger lesson: outward contempt for users is always a sign of deeper organizational flaws. And the more data we entrust to corporations, the more their flaws become our problems.
I think this also suggests that an old rule for evaluating people is just as true for organizations. That rule being: how you treat children reveals a lot about your values and overall integrity.
I certainly found that to be true when I spent a year working for Comcast. Winner of the Golden Poo award, TWICE (http://consumerist.com/2014/04/08/congratulations-to-comcast-your-2014-worst-company-in-america/)… and so incompetent it took them months from “I’m going to tell HR tonight to send you an offer” to offer-in-hand, and once on board, months again to actually get me the right kind of computer. (Was supposed to get a MBP; if a colleague hadn’t had a spare Linux mini-desktop on hand, able to be sacrificed and wiped, I would have been unable to do any work.)