Bad Actor: With Update, LG Says No Monitoring, No Smart TV!

Customers of consumer electronics giant LG are raising alarm about a recent software update that asks owners to agree to have their viewing behavior tracked and monitored, or see their ‘smart’ TVs made dumb: with access to features like YouTube and Netflix disabled.

A firmware update for LG SmartTVs asks users to agree to have their viewing habits monitored - or lose
A firmware update for LG SmartTVs asks users to agree to have their viewing habits monitored – or lose ‘smart’ features in their TVs.

Owners of some models of LG brand SmartTVs who have applied a recent firmware have taken to blogs to complain about a firmware update for their TVs that prompt them to agree to lengthy new Terms of Service and Privacy Agreements. The revised documents grant LG permission to monitor and record their viewing habits and their interactions with the device, including voice commands. Users who do not agree to the new terms find many of their smart TV features disabled, according to customer testimony and an analysis by one independent IT researcher.

The prompt to read and accept a new “Legal Notice,” “Terms of Use” and “Privacy Policy” appears when SmartTV users first attempt to access the non-broadcast viewing options on their devices, says Jason Huntley, a UK-based IT specialist, confessed “Linux Geek” and LG SmartTV owner who downloaded and applied the update.

Huntley said the documents contain more than 20 pages of information, but can only be viewed on the Smart TV device. Nevertheless, he painstakingly transcribed them (PDF)and was surprised at what he found. “I am not a lawyer but some of them stand out to me as being quite draconian,” Huntley wrote on his blog, DoctorBeet.

Among other things, LG requests access to customers’ “viewing information”-  interactions with program content, including live TV, movies and video on demand. That might include the programs you watch,  the terms you use to search for content and actions taken while viewing, Huntley notes.

According to the documents, the “viewing information” is “anonymised”(sp) and sent to LG where it “may be used to deliver targeted advertising.”

LG also wants to collect what it terms “Basic Usage Information” – customers’ interactions within the LG Smart TV user interface and the physical device. That could include menu selections on the GUI and peripheral devices you connect to the set.

And, because late-model LG Smart TVs can respond to voice commands, LG also asks customers for permission to collect voice information and associated data, as well. If those voice commands contain sensitive or personal information, LG warns, that would also be collected.

LG also makes clear that it will share the viewing data it collects with third parties for advertising or analytics.

Huntley said the updates in question were available for download in the UK and EU, but he does not know whether customers in North America received the same updates, so it is not clear whether users in the US are also being asked to consent to the same terms.

An LG spokeswoman, Kim Regillio, said the company is “looking into this,” but would not offer further comment on the allegations.

LG Consent Warning
Updated LG sets display a message asking owners to consent to ‘more than one document’ to use ‘smart’ features. (Image courtesy of doctorbeet.com)

Omnibus data collection is nothing new in the world of smart mobile devices. Numerous reports by the Wall Street Journal and others in recent years has revealed how mobile application publishers and a range of third-party firms mine data from mobile phone owners and provide it to advertisers.

What is different – or at least more offensive – is the way that LG has coupled core features of its SmartTVs to the monitoring activity, and made use of those features contingent on monitoring.

“My initial reaction is that this is an appalling practice,” said Corryne McSherry, the Intellectual Property Director at the Electronic Frontier Foundation (EFF), who reviewed the updated Privacy Statement. “Customers want and deserve to be able to retain a modicum of privacy in their media choices, and they shouldn’t have to waive that right in order for their TV (or any other device) to keep working as expected.”

This is just the latest imbroglio for LG. In November, the company was forced to push out an emergency software update for some models of its SmartTVs after it was discovered that some of its smart TVs were sending user viewing data to a web domain owned by the company without first obtaining customers’ consent to sharing the data.

An analysis by Huntley on his DoctorBeet blog at the time highlighted a number of sketchy or outright illegal data harvesting behaviors. Among them: sending information on which channels he viewed to an LG-owned web domain. LG SmartTV’s also sent information regardless of whether users had an option, “Collection of watching info,” enabled or disabled on the set. (It was enabled by default.)

Speaking to The Security Ledger, Huntley said that he owns an LG Model 42LN575V TV Set. Huntley said that LG provides little information or warning when it issues firmware updates. Furthermore, the company’s website is often far behind in posting new updates for download. His TV received three firmware updates in 2014 alone, labeled V04.22.11, V04.22.53 and V04.24.08. The last is dated May 10, 2014.

He started investigating the latest software update, V04.24.08, after being contacted by other LG owners that the latest software update did away with the “Collection of watching info” opt-in check box from its TV sets user interface. Upon investigation, the reason became clear: LG was essentially mandating the collection of watching info in its Terms of Service and Privacy Statements. Agreeing to those was the same as opting in to collection of watching information.

Huntley said he views the new privacy policy as a way for LG to get legal cover for the same kinds of omnibus customer monitoring they attempted earlier – though without notice and consent. “If you read the documents, they’ve covered themselves for all the activity that was going on before. But now they’re allowed to do it legally.”

That may be up for debate, however. Customers pay a premium for so-called “smart” TV features, which typically include the ability to access streaming video services like Netflix, YouTube and Amazon Video, as well as browse the web share media from other computing devices. It is unclear whether LG is within its rights to retroactively impose terms of service on its customers that were not clearly disclosed at the time of purchase and threaten to disable the product if those terms are not agreed to.

UK law contains explicit prohibitions against the inclusion of unfair terms consumer agreements – especially those that “cause significant imbalance in the parties rights and obligations.” The US FTC Act, which created the Federal Trade Commission, contains broad language giving the federal government the ability to prohibit “unfair acts or practices in or affecting commerce.”

McSherry of the Electronic Frontier Foundation said that consumers in the U.S. who have been affected by the new terms of service or had their SmartTV features disabled may have cause for bringing the case to the FTC.

“If customers were not informed when they bought their TVs that this might occur, LG may have engaged in an unfair business practice,” McSherry said. “If so, LG’s now got a legal problem as well as a PR problem.”

Spread the word!

3 Comments

  1. I was affected by this update. I’m in the US. I wish I had never upgraded the software. There was no consent or anything for the tv when I bought it, the smart functions worked fine. Then this update came along and it mandates consent or I cannot use any of the ‘smart’ features I had been using prior. I sent an inquiry to LG asking for a rollback on software version and was told to kick rocks because the update was there to stay. So now I have a ‘smart’ tv that cannot do any of the ‘smart’ things because I did not agree to the forced consent. Maybe I’m not being ‘smart’ lol.
    There is no opt out… their way or the highway. I’ll check into the FTC angle, seems this is class action worthy, though I do imagine a big chunk of the people affected just shrugged their shoulders and agreed to the mandatory consent without thinking.

    • securityledger

      Yes – the ‘just check here’ model discourages folks from paying too much attention to what they’re agreeing to. I have asked the FTC for comment – but they won’t say whether or not they’re looking into it. Worth filing a complaint, if nothing else. Also – obviously – no comment from LG despite numerous attempts to engage with them.

  2. sounds like LG likes living dangerously….ESPECIALLY since this has happened before and they got hit … until the new FTC actions just DO NOT BUY LG PRODUCTS…