Today, Consumer Reports participated in an event at the White House to officially launch a national “cyber trust mark” for consumer connected devices. This announcement marks a significant step forward in enhancing the transparency—and ultimately the security and privacy—of connected devices.
While we celebrate the recent announcement as an important step, we also recognize that there’s a long road ahead to ensure effective implementation, adoption, and education around consumer IoT labels. We also believe the method and manner of product disclosures are critical.
That’s why we and our partners at the Carnegie Mellon CyLab Security & Privacy Institute and Duke University’s InSPIre Lab are supporting this effort through the development of an open reference system. The goals of this reference system are three-fold:
- Demonstrate an end-to-end system through which manufacturers can voluntarily attest to the security and privacy attributes of devices.
- Generate descriptive labels that are embeddable, understandable, and valuable to consumers.
- Enable consistent presentation of label information in a variety of contexts.
This system is inspired by NIST’s recommended criteria for connected device labeling. It’s at an early prototype stage, and we are inviting feedback from consumers, retailers, and manufacturers to refine the system ahead of release. We hope this system will serve as a useful resource to inform and influence how the US and others around the globe implement labeling schemes in the years ahead.
This work is made possible by support from Craig Newmark Philanthropies and the Alfred P. Sloan Foundation.