The proposed labels overcome a common IoT problem: People cannot find information about the privacy and security practices of devices at the moment of purchase,
Researchers at Carnegie Mellon University’s CyLab have proposed “nutritional labels” for the Internet of Things devices.
The labels, printed on the back of a product’s box, would inform customers on data practices, security mechanisms, and country of manufacture.
Activating a QR code on the back would provide customers with more information about the device. In total, the label displays 47 pieces of information on privacy and security.
“Survey results show that the vast majority of people are concerned about the security and privacy practices of devices, so we need to provide them with this information,” said CyLab’s Pardis Emami-Naeini, the study’s lead author. “The display of this information should be concise and understandable, akin to a nutrition label on food products.”
Lawmakers are beginning to push for better security and privacy, through the Cyber Shield Act and California Consumer Privacy Act, but pre-purchase a customer is still regularly making an uninformed choice on what IoT device has the best practices.
“People cannot find information about the privacy and security practices of devices at the moment of purchase,” said Emami-Naeini.
The team is in talks with manufacturers to adopt the labeling system. However, it will most likely take a law or a collective decision by major manufacturers before we see labels on most devices.