As Furby Connect Pre-Orders Open, Senator Asks FTC for Update on Kids’ Privacy

'Over the past few years, security researchers have uncovered some startling vulnerabilities in a wide variety of connected toys'

German singer Lena Meyer-Landrut poses with the second version of Hasbo's Furby, in 2013.

German singer Lena Meyer-Landrut poses with the second version of Hasbo’s Furby, in 2013.

Two big events happened at the intersection of children and technology in 1998. Congress passed the Children’s Online Privacy Protection Act (COPPA) and the original Furby—the creepy plush toy that pretended to learn to talk—hit store shelves. Now available for pre-order on Amazon, the latest version of the robot, Furby Connect, elegantly brings the product and the law together.

At its heart, COPPA aimed to protect children by putting strong requirements of parental notification of data collected about children under the age of 13 and by limiting the amount that information could be shared with third-parties. All the issues the law raises are relevant to the Furby Connect, which is loaded with a variety of sensors, connects to its own mobile app and receives updates to its software and content from Hasbro over the internet.

Sen. Mark Warner, during a committee hearing.

Sen. Mark Warner, during a committee hearing.

The new toy’s many capabilities—and the inevitable buzz surrounding a new Furby—give added salience to a letter sent yesterday from Sen. Mark Warner of Virginia to the Federal Trade Commission, outlining his concerns about children’s privacy in the era of connected objects. “Over the past few years, security researchers have uncovered some startling vulnerabilities in a wide variety of connected toys. For instance, researchers have been able to gain control of dolls that respond to children’s questions and alter the doll’s responses. Security analysts have also shown that conversations recorded by toys and uploaded to the cloud are easily accessible to hackers,” the Senator wrote.

He went on to ask the FTC a number of questions, beginning with, “Does current law provide the Commission with sufficient regulatory authority to protect children in the age of the Internet of Things?”

“Every time we evolve the Furby brand, we want to introduce kids to a new way to play,” said Hasbro’s Kenny Davis, in a release. Which is great, but hopefully it doesn’t also introduce them to a fresh band of creeps.

Last year, a Hong Kong based toy maker, VTech, was hacked, exposing data and photos from 6.4 million children. Here’s that talking doll the senator mentions above, on the BBC. Also, a smart bear from Mattel would have exposed kids’ biographical information if Rapid7 security researchers hadn’t found it before malicious hackers could.

The Observer broke down eight of the best known failings of connected devices, including one line of nanny cams. One prominent hacker argued that connected product makers have gotten worse, not better.

The new Furby Connect.

The new Furby Connect.

Still excited about Furby Connect? Hasbro has shown consciousness of some of the prior problems in this new toy. For example, of the device’s many sensors, it doesn’t have location awareness, as CNET reports. Still, consumers that plan to get one for a kid (rather than for a nostalgia fix), might be well-advised to let it sit on the market for a few months and let white hat hackers take a crack at it first.

Oo-nye-doo, FTC? We boh-bay about the moh-mohs online.*

* Where are you, FTC? We worry about the monsters online (from the Furbish).