As IoT devices become more popular, consumers are more frequently questioning the security and/or privacy practices of said devices. The answers to these questions aren’t often easy to find. That could change in the near future.
Carnegie Mellon University’s CyLab IEEE Symposium on Security & Privacy team has recently published a study about the prototype for a security and privacy “nutrition label” they have developed. Just like the nutrition labels—containing information on food and drink ingredients and caloric values—you find on consumables, these labels will provide consumers with the security and privacy settings the IoT device uses.
These nutrition labels were developed through consultation with a group of 22 privacy and security experts from academia, the tech industry and the government. Additionally, they also created an IoT label generator for manufacturers who wish to include a label on their products with ease.
The lead author of the study, Pardis Emami-Naeini, states, “[T]he display of this information should be concise and understandable, akin to a nutrition label on food products.”
Informed consent is one of the driving forces behind a need for a security label on IoT devices. A survey from the Economist Intelligence Unit discovered that nearly 90 percent of survey participants feel uneasy about personal information being distributed to other parties without their consent. Additionally, 92 percent stated companies should inform consumers before collecting their personal data. Even with concerns this high, device privacy and security practices aren’t readily made available upon purchase.
CyLab’s devices are made up of 2 layers. The primary layer would show consumers information—consisting of the device’s most important information, including data types it collects and where it will be shared—on the IoT device’s box. The second layer is accessed through scanning a QR code, which will take them online to provide more information, including the length of time the data collected is retained and the frequency at which it is shared.
Currently, the CyLab team is reaching out to those in the IoT device manufacturing and retail industries to find companies who might be interested in adopting the labels for their products.
One day, the team hopes that their labels will be industry-standard to allow consumers to be able to compare IoT devices features at a glance rather than resorting to internet research. If the team achieves its goal, it could help decrease the number of security and privacy threats we see every day around the world.
The next big hurdle for the team is deciphering just how much consumers will be willing to pay for the service. It’s likely that prices for IoT devices would increase in order to offset the manufacturer’s costs.