With the prevalence of connected devices, and the looming possibilities of the Internet of Things, Consumer Reports has decided to include cyber security as new criteria when evaluating products and services.
Connected devices have been particularly troublesome lately, specifically with DDoS attacks like the one that affected DNS provider Dyn. In many cases, these devices come with hard-coded passwords that can’t be changed, and if they can be changed the devices often don’t prompt users to change the password at setup.
In a recent survey by Consumer Reports, the nonprofit found that “65 percent of Americans are either slightly or not at all confident that their personal data is private and not distributed without their knowledge.” Which makes sense, because in many cases personal data is being distributed, and often users aren’t sure what data is captured, stored, or sold for different products and services.
That’s why Consumer Reports is launching this new initiative. They go into more detail in a recent post on the site:
That’s why we’re now launching the first phase of a collaborative effort to create a new standard that safeguards consumers’ security and privacy—and we hope industry will use that standard when building and designing digital products such as connected devices, software, and mobile apps. The goal is to help consumers understand which digital products do the most to protect their privacy and security, and give them the most control over their personal data. This standard can also eventually be used by CR and others in developing test protocols to evaluate and rate products—which will help consumers make more informed purchasing decisions.
Consumer Reports isn’t the first to attempt to create such a standard. As I’ve covered in the past, there are countless alliances, protocols, and networking standards vying for supremacy when evaluating IoT devices. However, having a multitude of evaluation methods is as problematic as having none – consumers don’t know which to follow, which to believe, and which to place their trust in.
Which is why it is important that Consumer Reports is making this move. The nonprofit is already an extremely well-established entity that consumer trust to provide unbiased product reviews. By putting their own reputation on the line when evaluating the security of products, consumers will feel more confident in purchasing these products. That’s something that newer alliances can’t offer. Without cachet, there’s no reason for end users to place trust in an alliance. If there’s no established reputation to besmirch, then placing your reputation on the line is much less impactful. Consumer Reports has worked with several partners to build on prior efforts in order to launch these new criteria.
Consumer Reports has also laid out a quick overview of its privacy standard. The standards will ask that products require consumers to choose unique usernames and passwords during setups. It asks companies to delete consumer data from their servers upon request, protect personal data with encryption as it is sent through the internet, and be transparent about how personal information is being shared with other companies.
Once the standard is in place it will allow groups to develop specific and repeatable testing procedures in order to evaluate and compare products against each other in terms of privacy.
Consumer Reports is working with a number of partners to create the standards, including:
The partners met with Consumer Reports over months to create a working draft, and applied portions of the draft for trail runs on real products, including Smart TVs, web browsers, and ride-sharing apps.
Consumer Reports doesn’t wish to own the standard. In fact, the nonprofit is releasing it in a public document you can view here.
The standard is currently in its first draft. Consumer Reports is looking for anyone to get involved to help shape it, and has placed the standard on GitHub for review and response. The nonprofit hopes that this will create a clear, single standard to evaluate the privacy of products and services in an invcreasingly connected age.
You can learn more about Consumer Reports reasoning and plans by reading the blog post about the standards.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply