LG says it will push out firmware update for spy TVs, but fails to apologise

LGSmart TV manufacturer LG, which is embroiled in a controversy after reports that their devices were spying on what channels viewers were watching, has issued a statement.

Here it is:

At LG, we are always aiming to improve our Smart TV experience. Recently, it has been brought to our attention that there is an issue related to viewing information allegedly being gathered without consent. Our customers’ privacy is a very important part of the Smart TV experience so we began an immediate investigation into these claims. Here’s what we found:

Information such as channel, TV platform, broadcast source, etc. that is collected by certain LG Smart TVs is not personal but viewing information. This information is collected as part of the Smart TV platform to deliver more relevant advertisements and to offer recommendations to viewers based on what other LG Smart TV owners are watching. We have verified that even when this function is turned off by the viewers, it continues to transmit viewing information although the data is not retained by the server. A firmware update is being prepared for immediate rollout that will correct this problem on all affected LG Smart TVs so when this feature is disabled, no data will be transmitted.

It has also been reported that the names of media files stored on external drives such as USB flash devices are being collected by LG Smart TVs. While the file names are not stored, the transmission of such file names was part of a new feature being readied to search for data from the internet (metadata) related to the program being watched in order to deliver a better viewing experience. This feature, however, was never fully implemented and no personal data was ever collected or retained. This feature will also be removed from affected LG Smart TVs with the firmware update.

LG regrets any concerns these reports may have caused and will continue to strive to meet the expectations of all our customers and the public. We hope this update clears up any confusion

So, let's look at the statement bit by bit:

Information such as channel, TV platform, broadcast source, etc. that is collected by certain LG Smart TVs is not personal but viewing information.

Surely what *I* watch on *my* TV in my *own* home is personal information? I don't want to share it with anyone else. Although I agree it would be more troublesome if it could be easily identified with me specifically.

This information is collected as part of the Smart TV platform to deliver more relevant advertisements and to offer recommendations to viewers based on what other LG Smart TV owners are watching.

More relevant adverts? I'm not sure how that really tunes in with "improve [the] Smart TV experience". I would imagine that many LG Smart TV owners would, like me, choose to not have any adverts at all introduced by their television.

Recommendations? Okay, well maybe. But that's something I'd like to have the choice of opting into, rather than have to try to find a way of avoiding.

We have verified that even when this function is turned off by the viewers, it continues to transmit viewing information

LG options screen. Source: DoctorBeet

LG options screen. Source: DoctorBeet

Oh dear oh dear. Clearly whoever coded that part of the LG Smart TV firmware forgot the part about how "customers’ privacy is a very important part of the [LG] Smart TV experience".

although the data is not retained by the server.

Well, that's something I suppose. Although presumably it is retained for *some* period of time, otherwise how would the adverts and recommendations be possible?

A firmware update is being prepared for immediate rollout that will correct this problem on all affected LG Smart TVs so when this feature is disabled, no data will be transmitted.

Good. Let's hope people apply the firmware update.

But why not go one step further, LG, and have data transmission turned *off* by default - and put the onus on consumers to enable the functionality if they actually want adverts and recommendations? At least then they will be more aware that they are sharing information with LG.

It has also been reported that the names of media files stored on external drives such as USB flash devices are being collected by LG Smart TVs.

Which, you have to admit, could be embarrassing if you are watching a file called Midget_porn_2013.avi.

Network traffic from LG Smart TV mentioning "Midget_Porn_2013.avi". Source: DoctorBeet

Network traffic from LG Smart TV mentioning "Midget_Porn_2013.avi". Source: DoctorBeet

While the file names are not stored, the transmission of such file names was part of a new feature being readied to search for data from the internet (metadata) related to the program being watched in order to deliver a better viewing experience.

Presumably LG was also planning to enable this "feature" by default?

This feature, however, was never fully implemented and no personal data was ever collected or retained. This feature will also be removed from affected LG Smart TVs with the firmware update.

Glad to hear that it's being removed with the firmware update, but how on earth do features that have only been partially implemented manage to ship in hundreds of thousands (maybe millions) of TVs that end up in consumers' front rooms?

What does this say for LG's quality control if surplus code, which hasn't been properly tested, that sends details of what should be confidential filenames in *plaintext* across the internet, doesn't get picked up before the product is bought?

LG regrets any concerns these reports may have caused and will continue to strive to meet the expectations of all our customers and the public. We hope this update clears up any confusion

And there we have it.

LG Smart TVLG is sorry if the media reports concerned you.

But they're not sorry about what they did.

At least, I assume they're not sorry because they've passed up the opportunity to apologise to the consumers who may find it disturbing that their TVs were spying on their viewing habits, and the files on their USB sticks.

And they're not saying sorry to the users who may have realised what LG was logging, and turned off the feature - not realising that the TVs still behaved precisely the same, even when the feature was seemingly disabled through the options screen.

All they had to do was say, "We're sorry. We screwed up". How hard is that?

What's gone so wrong with big companies that they can't simply say *sorry* when they screw up?

See also: LG fumbles response to Smart TV spying revelation, withdraws Smart Ad video

Tags: , , , , ,

Subscribe to the free GCHQ newsletter


, , , , ,

Leave a reply

15 Comments on "LG says it will push out firmware update for spy TVs, but fails to apologise"

Notify of
avatar

Sort by:   newest | oldest | most voted
Sam Spade
Visitor
Sam Spade
November 21, 2013 11:18 pm

Here's something to ponder. 1) Was the info
transmitted with a unique ID? ("UID") 2) Could
that UID be tied to, for example, a TV serial number? 3) Can that
serial number be tied to, for example, warranty or other owner
registration? If the answers are yes, then guess what, any
information transmitted with such a UID that can be tied, even
after two or three steps, to PII, becomes PII itself.

John
Visitor
John
November 25, 2013 3:44 pm

I think they're simply being sincere. They aren't sorry, so why do you expect them to apologize? Having worked in the field, this type of data collection is fawned over by pretty much all the higher ups.

paul
Visitor
paul
November 25, 2013 8:28 pm

Nothing to comment, but I swear my next TV is not from
LG.

Matt
Visitor
Matt
November 25, 2013 9:05 pm

It's interesting how their first response to DoctorBeet was basically "you bought the TV, deal with it", but they quickly changed their tune when one complaint turned into a PR disaster.

LG – We don't give a stuff about your problem unless it costs us sales.

qsaxffo
Visitor
qsaxffo
November 26, 2013 2:14 am

today my tv upgraded to new software version; in this new
so called fix they have done two things. 1. option to collect info
in main menu has gone. 2. new service agreement forced on user,
where he/she agrees to give personal information this information
can be shared with thirdparty and sent to south korea. if i dont
agree to this agreement, my tv is just dumb tv, none of the options
work. is that they call fix ? looks like lawyers fixed this
problems than the RD team.

StuC
Visitor
StuC
November 26, 2013 6:53 am

I am Pretty sure that several of the other Manufacturers are up to similar tricks. My Phillips TV needed to be in pretty much constant contact with the Internet based EPG in order to record anything – no Internet then no recording. Since I record most of what I watch in order to avoid advertisments it is clear that they recieved pretty much all my viewing information.

My Solution: I bought a cheap non IP enabled reciever that uses the transmitted EPG and use a Rasberry PI (+ XBMC) for the digital stuff.

Brian
Visitor
Brian
November 28, 2013 7:24 pm

Was drawn to this when my "telly" asked
me to update firmware / software 9mins. When I tried to access the
"home page" I got a whole book on LG updating
it's "privacy" policy. I took it that
they wanted me to sign up to them spying (agree) or
"disagree" which left me without the
"smart" part of my "telly". As
a retired sick of tech used to be into tech (first PC circa 1978)
I'm sick to death of this implanted stealth software that
beams anything and everything it can gather and sends it back to
Big Brother central. There is not alot you can do even if you are
of technical mind it should just not be there in a democratic
country like the UK. I have nothing to hide but I do fear
totalitarianism. Anyhoo I got my horse before my cart and learned
(because I wouldn't press agree without thinking) that
this is infact the update to stop spying that I've had no
idea about. So thanks Graham and I'm a guy who doesn’t
write or say a thing unless I have to. These corporates must learn
and I will remember this LG when I next purchase a TELLY.

Cody
Visitor
Cody
November 29, 2013 5:46 pm

John is spot on and I would think that Graham knows this instinctively but he is trying to be fair and/or giving them the benefit of the doubt. Aside from that, no, LG is not sorry and so they won't apologise (or if they do it would surprise me).

I've had issues with LG before too (including rude support and when I asked to speak with a manager they claimed they were a manager which may or may not have been a lie but either way I've never liked LG since). That was years ago and nothing to do with TV (I don't actually watch TV).

As for the following:
"Glad to hear that it’s being removed with the firmware update, but how on earth do features that have only been partially implemented manage to ship in hundreds of thousands (maybe millions) of TVs that end up in consumers’ front rooms?

What does this say for LG’s quality control if surplus code, which hasn’t been properly tested, that sends details of what should be confidential filenames in *plaintext* across the internet, doesn’t get picked up before the product is bought?"

I think its fair to say that it was implemented this way purposely and that it has nothing to do with quality control but rather claiming to care about security but only under their terms (or definition of security). The files shouldn't be transferred at all even (and that it does makes me think of spyware more than anything else). In other words, you're absolutely correct: they will apologise only about the report concerning them and nothing else. If it wasn't discovered (and made public) they would almost assuredly keep it that way (and not because it is a bug in the programming sense – not known – but rather it was intentional). And yes, you're also spot on about it being kept for some duration (and realistically even transferring it is enough of a problem) and that it is still a problem. I would argue it is hardly better than keeping it indefinitely (in some ways it is worse because it is hiding the truth: they get the details they want and then they remove the evidence!).

Anon
Visitor
Anon
December 23, 2013 7:33 am

I will not consider LG for my next purchase. 100quid
cheaper than the 'other' brand I have had good
experiences with. What did I get? A spy in the lounge which had the
slowest software & broke down after 8months! Then was
greated with poor customer service – about as quick as their
software! They treat their customers like a dodgy 2nd hand car
salesman!

BD
Visitor
BD
December 8, 2013 11:26 am

Am I missing something here? I have a Samsung F6800 – 2013
smart TV which appears do exactly the same in terms of data
gathering as the LG smart TV set however; Samsung do not provide
any opt out provision. Why has nothing been published about
Samsung? Samsungs response to questions in this regard where, to
say the least, vague.

Anirud
Visitor
Anirud
December 10, 2013 3:36 pm

Now here is the problem I see. Can I trust a company which
was silently doing all these things and confesses to the action
only when confronted? I would like to ask people here whether they
really trust LG when it says that it will remove the USB collection
feature in the smart TVs. Yes, we have removed that feature but we
have put in another feature which collects even more information
and we did not tell you about it because you never asked? And one
more thing— in America all these things somehow become
transparent and subject to scrutiny. Perhaps in much of western
Europe, and may be in places like Australia and to some extent in
India. But what about regimes like China, some countries in Africa
etc? Would not those regimes love to hvae their citizenry using
these smart TVs and then these companies are abetting that
?

Cata
Visitor
Cata
December 19, 2013 1:16 am

Let me tell you something interesting about one of this Lg
Smart Tv models. I am from Romania and you see how Graham picture
looks like, the one from "Option" with UK in
Country section, well let me tell you that when you select Romania
or any other country from it's menu (most of them in that
menu being from East Europe) there is no option like
"Collection of watching info" section, there is
straight "balloon helper"… now i will admit
that i've made the new update 2 day's ago. So is
the new firmware or is just a software created without this option
to be turned off for east europe?

John
Visitor
John
May 10, 2014 5:00 pm

My LG TV just performed an update and when it was complete it prompted me to agree to their T&C and Privacy Policy. The privacy policy basically says that they have the right to gather whatever information that they want, personal or otherwise including your voice commands if you have a smart remote. If you don't agree to these policies then the majority of the smart features on your TV will not work. I can't believe that they can legally make a change like that after you have purchased the TV. One of the main reasons I purchased this TV was so I could use the smart features that are now inoperable unless i agree to their privacy policy. Emails to their support and customer service have gone unanswered.

Pyotr Magpie
Visitor
May 13, 2014 3:14 am

John! I just received the same message on my 3D LG – what the … ???

Eli Peters
Visitor
July 23, 2014 10:40 am

I have another concern which is the use of my Broadband service. I want compensation for what is essentially the theft of a service that I pay for!

wpDiscuz