Internet of Things causing concern.
By Brian Wheeler
The security services could remotely take over children’s toys and use them to spy on suspects, MPs have been told.
The draft Investigatory Powers Bill would place a legal duty on internet providers to assist in hacking devices.
But it would not be restricted to phones and PCs, a tech industry chief told the Commons science and technology committee.
Antony Walker, of techUK, said anything that connected to the internet could “in theory” be hacked into.
In the future, this could include driverless cars or household appliances connected to the internet – the so-called Internet of Things – said Mr Walker.
He said the Home Office needed to spell out more clearly where it draws the line over what it calls “equipment interference”, highlighting recent concerns about “smart toys” that connect to the internet and have microphones and cameras built-in.
“A range of devices that have been in the news recently, in relation to a hack, are children’s toys, that children can interact with,” he told the committee.
“These are devices that may sit in a child’s bedroom but are accessible.
“In theory, the manufacturer of those products could be the subject of a warrant to enable equipment interference with those devices.
“So the potential extent, I think, is something that needs to be carefully considered.”
In November, electronic toy company Vtech had its app store database hacked, allegedly resulting in the appearance online of personal data including children’s names, dates of birth and gender.
Talking dolls, such as Hello Barbie and My Friend Cayla, have also been put under scrutiny by security experts in recent months.
Barbie manufacturer Mattel reportedly made modifications to Hello Barbie, which allows children to talk to the doll over a cloud server connection, after concerns were raised about cyber attackers potentially stealing data through it.
The police, security services, HM Revenue and Customs and other law enforcement agencies can already hack into devices provided they get a warrant.
This allows them to download the contents of computers or smartphones, track locations, listen to calls, or even switch on microphones and cameras, allowing officers to listen in to conversations or take pictures of those standing nearby.
The Home Office says these powers, the existence of which were revealed earlier this year following a court case, have “made a vital contribution to counter the increased threat to the UK from Islamist terrorism and have also enabled the disruption of paedophile-related crime”, according to a Home Office fact sheet.
The draft Investigatory Powers Bill would put “equipment interference” warrants on a firmer legal footing and make sure they are “only used when necessary and proportionate for a legitimate purpose”.
A revised bill will be introduced to Parliament in the New Year, following consultation and scrutiny by the industry and other interested parties.
Mr Walker, whose organisation represents 850 UK technology firms, told MPs it needed to be more forward-looking and less vague about the limits of surveillance.
“When we start to think, not just about the world today, but the world in five, 10 years’ time as the Internet of Things becomes more real, and more pervasive.
“I think it requires careful thought in terms of where the limits should be.”