Last December, Vtech, a crapgadget/toy company, suffered a breach that implicated the data of 6.3 million children, caused by its negligence toward the most basic of security measures.
Nevertheless, the company was back in January, advertising its new line of (I'm not making this up) home security products.
Now, the company has re-opened its portal for its children's products, with new terms of service, all in CAPS:
“YOU ACKNOWLEDGE AND AGREE THAT ANY INFORMATION YOU SEND OR RECEIVE DURING YOUR USE OF THE SITE MAY NOT BE SECURE AND MAY BE INTERCEPTED OR LATER ACQUIRED BY UNAUTHORIZED PARTIES.”
Even by the low standards of license agreements, this is extraordinarily abusive language.
It’s unclear when this language was added, but the document says it was updated on December 24 of last year. (VTech did not respond to a request for comment on the Terms and Conditions but said “key functions” of the Learning Lodge came back online on January 23.)
But security and privacy experts are concerned that this could be an attempt to skirt lawsuits in case of a future data breach—and they believe consumers should be aware of the move to avoid liability, especially considering that VTech is now getting in the house monitoring business.
Rik Ferguson, the vice president of security research at Trend Micro, said the clause is “outrageous, unforgivable, ignorant, opportunistic, and indefensible,” and likened it to “weasel words.” Despite this surprising change—a British law professors told me he’s “never seen a clause like that before”—legal experts doubt the provision has any real value.
Hacked Toy Company VTech’s TOS Now Says It’s Not Liable for Hacks