[BreachExchange] ‘Wholesale disregard for customers’ privacy’: Bose Corp sued over spying headphone app

Thu Apr 20 19:09:42 EDT 2017

https://www.rt.com/usa/385356-bose-corp-spying-headphones-lawsuit/

Massachusetts-based headphones and speakers producer, Bose Corp, is facing
a lawsuit after being accused of covertly collecting data about its
customers through a headphones app and then selling those private details
to some data mining companies.

The lawsuit accuses the company of violating a number of privacy protection
laws by “secretly collecting, transmitting and disclosing its customers’
private music and audio selections to third parties.” The complaint against
the Framingham, Massachusetts-based company was filed by an Illinois
resident, Kyle Zak, in federal court in Chicago on Tuesday.

Zak said he downloaded the free Bose Connect app available on Apple Inc or
Google Play stores to his smartphone to "get the most out of your
headphones.” He also said that he provided the company with his name, email
address and headphone serial number to download the app.

However, he was surprised when he found out that Bose sent "all available
media information" from his smartphone to some third-party companies. The
complainant particularly said that the app sent the customers’ data to the
Segment.io data mining company that said on its website it collects
personal data and could send it “anywhere.”

The complaint filed to the court says that audio choices, including both
music and audio podcasts could offer “an incredible amount of insight” into
customers’ personalities, including their religious views, sexual
orientation and even their state of health.

“For example, a person that listens to Muslim prayer services through his
headphones or speakers is very likely a Muslim, a person that listens to
the Ashamed, Confused, And In the Closet Podcast is very likely a
homosexual in need of a support system, and a person that listens to The
Body’s HIV/AIDS Podcast is very likely an individual that has been
diagnosed and is living with HIV or AIDS. None of the defendant’s customers
could have ever anticipated that these types of music and audio selections
would be recorded and sent to, of all people, a third party data miner for
analysis,” the complaint says, as cited by the International Business Times.

“People should be uncomfortable with it,” Christopher Dore, an attorney
representing Zak, told Reuters, adding that “people put headphones on their
head because they think it’s private, but they can be giving out
information they don't want to share.”

He also stressed that the app's user service and privacy agreements do not
mention anything about data collection. Zak now wants to stop the data
collection by Bose Corp, which he says violates the US federal Wiretap Act
and Illinois laws against eavesdropping and consumer fraud.

“Defendants’ conduct demonstrates a wholesale disregard for consumer
privacy rights,” the complaint said, as cited by Reuters.

Zak is reportedly seeking millions of dollars in damages not only for
himself but also for other buyers of headphones and speakers of various
Bose models, including QuietComfort 35, QuietControl 30, SoundLink
Around-Ear Wireless Headphones II, SoundLink Color II, SoundSport Wireless
and SoundSport Pulse Wireless.

The company, which earlier said its annual sales exceed $3.5 billion, has
not commented on the issue so far.

The lawsuit against Bose Corp is just the latest in a series of complaints
against the companies seeking to boost profit by secretly collecting their
customers’ data to press more goods on them or just to sell it to some
third parties.

   -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170420/eae7a5b3/attachment.html>