Every cereal box comes with a nutrition label, containing important information that lets you know exactly what you are eating. So why would something else important, such as your IoT devices, not provide the same relative information?
Many consumers do not even consider the privacy and security of their IoT (Internet of Things) devices when making a purchase. Even those who do consider this aspect have little to no luck in finding any information about the security and privacy of such devices.
IoT security and privacy research
To address growing concerns about the security and privacy of connected devices, a research study was conducted by IoT Security & Privacy. In its study, 24 consumer and 22 industry experts were interviewed.
The most important information they discovered from consumers was that privacy and security were the most important features of their IoT devices, aside from price and features. The consumers were also shown a prototype of a privacy and security label, like a nutrition facts label on a cereal box. Almost all that were interviewed found the label to be very helpful in understanding the privacy and security of IoT devices, and that it should be used when making purchase decisions.
The prototypes were drawn from the interviews with the 22 industry experts. Here is what the research group had to say regarding these interviews:
"We conduct an expert elicitation study by following a three-round Delphi process with 22 privacy and security experts to identify the factors that experts believed are important for consumers when comparing the privacy and security of IoT devices to inform their purchase decisions. Based on how critical experts believed each factor is in conveying risk to consumers, we distributed these factors across two layers—a primary layer to display on the product package itself or prominently on a website, and a secondary layer available online through a web link or a QR code."
Having labels that display the privacy and security of IoT devices is important. Currently, legislators are proposing to add such labels to make it easier for consumers to find this information, but they give no guidelines as to how they should be created.
The prototype labels
The research group created two labels, a primary and secondary label, to address the concerns of privacy and security for IoT devices. The labels show how these devices store information, where that information is stored, who can access the information, and many more important facts.
This is what the primary label looks like: