Blog
From smart thermostats to intelligent lighting systems and video doorbells, the modern household is increasingly becoming a hub of interconnected devices. By 2030, it’s estimated that there will be around 30 billion Internet of Things (IoT) devices globally. These devices offer unprecedented convenience but often require access to sensitive personal information, such as location data, email addresses, and even biometric scans like faces and fingerprints.
The Hidden Cost: Your Privacy
What many consumers may not realize is that private data is often used for targeted advertising, providing an additional source of income to companies. The privacy policies provided when you buy the device are often intentionally confusing, leaving many in the public buying tech while blind to the dangers.
Moreover, there is a lack of clarity behind the risks of using such digital tools. For example, there have been several instances of hackers infiltrating Ring cameras and harassing children through them. But how common is this?
Introducing the U.S. Cyber Trust Mark
A new program called the U.S. Cyber Trust Mark, which was announced in July by the FCC in cooperation with the White House and device manufacturers and retailers, aims to answer this threat and other privacy questions. Like Energy Star, the EPA program that started in the 90s to help companies produce more eco-friendly devices and keep consumers informed, the Cyber Trust Mark, set to launch next year, will certify the privacy and security features of many smart devices.
Each device will get a Trust Mark badge, a label with information about a product’s privacy and security practices, and a QR code linking to a database of a device’s security history.
To get a good mark, companies need to follow specific standards, such as allowing for unique passwords, the ability to identify when someone has hacked the system, solid encryption, and a working system update capability. The QR code provided on each device is especially important because it will allow consumers to get real-time updates on how the company is adapting to new security problems. Another benefit is that 20 major companies including Amazon, Google, Samsung, LG, and Logitech have already agreed to be part of the program.
The Road Ahead: Challenges and Opportunities
However, there is still some lack of clarity about how the program will work. At a recent White House event that introduced the program, officials said that the label will be on an honor system so that companies will potentially be able to make false claims. However, in an interview with Ann Neuberger, U.S. Deputy National Security Advisor, she said the label will be based on verified third-party testing, not just on the manufacturer’s word. If this is true, the costs for such a procedure may be quite extensive as hack testing can run to tens of thousands of dollars — for just a single device.
But despite the cost, testing makes a big difference in whether the program is likely to be accepted by the public. The example of Energy Star highlights that standards work best when they are measurable. When you buy an Energy Star product, you can easily understand how environmentally friendly it is through a percentage mark that quantifies the process. To be embraced by consumers, the Cyber Trust Mark should have a similar system.
The Importance of Measurable Standards
It is also important to be aware that while the Trust Mark will ensure the safety of a specific device, it will not consider every possible form of usage. For example, if you integrate a safe device with a platform like Amazon Alexa or Google Home, your personal data will likely be made available to the company and could be used for other purposes – even if it has a high Cyber Trust Mark. Finally, consumers should know that the program is voluntary. This means if companies do not want to participate, they will still be able to keep consumers guessing about their privacy policies.
At this point, the Cyber Trust Mark is a voluntary collection of proposals that depends on consumers to do a lot of homework including using a QR code to research current policies as they change. That may be asking too much of the public. However, if mandated testing with measurable results is established, the program could prove to be very helpful to consumers.
Conclusion
There is a lot riding on the Cyber Trust Mark concept. Based on some studies, we know that consumers will pay more for devices that ensure device security, and a majority say that they would switch brands if they felt the device was not secure. This means there is a major need for a reliable, quantifiable cybersecurity labeling system.
The Cyber Trust Mark program represents a significant stride toward ensuring the privacy and security of smart devices. However, its success hinges on clear, measurable standards and widespread industry participation. As consumers, we have a vested interest in the security of our devices, and studies indicate that many are willing to pay a premium for guaranteed security. The Cyber Trust Mark has the potential to fill a critical gap in the smart device market, but it must be carefully designed and rigorously implemented to truly serve the public’s needs. Hopefully this bold measure develops into the right solution.
For additional resources and guidance, the Interfor team is here to help.