​Germany bans Q&A IoT doll ‘Cayla’ as illegal spy device

Germany’s Federal Network Agency has banned a smart doll called My Friend Cayla after deeming it a hidden surveillance device.

Bundesnetzagentur, Germany’s telecoms watchdog, announced the ban on Friday after determining the doll fit Germany’s definition of a “concealed surveillance device” under the Telecommunications Act, which are illegal to sell and buy in the nation.

Cayla promises to answer any question a child has about the world when online, but as the regulator warned parents, anything the child says can also be recorded and transmitted without their knowledge.

The smart doll is made by LA-based Genesis and distributed in Europe by UK toy firm Vivid. It's also sold in Australia. Cayla connects over Bluetooth to a smartphone app that records what children say and sends it to US-based speech recognition company Nuance Communications in order to return an answer.

Anyone caught selling the doll in Germany following Friday’s determination can face fines.

“Items that conceal cameras or microphones and that are capable of transmitting a signal, and therefore can transmit data without detection, compromise people's privacy. This applies in particular to children's toys. The Cayla doll has been banned in Germany”," said Jochen Homann, Bundesnetzagentur's president. "This is also to protect the most vulnerable in our society."

The regulator intends to survey the market for other smart toys that meet the definition of a concealed surveillance device.

It won’t force parents to take any action, but rather will leave it to parents to ensure the doll no longer poses a risk to children.

Germany’s telecommunication act bans the sale of transmission equipment that is disguised as another object. It currently lists hidden cameras in watches, alarm clocks, smoke detectors, weather stations, fake flowers or power banks, as well as hidden microphones in credit cards, and charging cables. Labels that warn others of a hidden camera or microphone doesn’t bypass the law.

The public notice highlights the risk of surveillance due to the toy’s unsecured Bluetooth connection.

The Norwegian Consumer Council (NCC) in December singled out My Friend Cayla and a robot toy from Genesis, i-Que, for lacking a way to authenticate phones that pair with the toys over Bluetooth. The toys didn't tell parents voice recordings were being sent to the US.

NCC’s tests found that any mobile device within 15-meters of an unpaired toy could connect to it and transmit audio to the toy or listen to a child.

Genesis claimed to have fixed this issue last year after a pen testing firm in 2015 drew attention to the lack of authentication in the doll's Bluetooth module. It could, for example, restrict pairing to phones that are physically present with the doll.

NCC's tests found that both Cayla and i-Que were sending encrypted recordings of the children to third-party servers. NCC questioned the legality of Cayla’s user terms, which allowed personal data to be used for targeted advertising, and sharing with third-parties. Nuance also reserved the right to share voice recordings with third-parties.

In the US, the Federal Trade Commission opted not to act on a complaint about Cayla and i-Que by EPIC and several consumer rights organizations.