e dot dot dot
a mostly about the Internet blog by

home << Policy << auto consumer reports proposes open source security standard to keep the internet of things from sucking

March 2024
Sun Mon Tue Wed Thu Fri Sat
         
           

Sat, 11 Mar 2017


Consumer Reports Proposes Open Source Security Standard To Keep The Internet Of Things From Sucking

Furnished content.


Thanks to a laundry list of lazy companies, everything from your Barbie doll to your tea kettle is now hackable. Worse, these devices are now being quickly incorporated into some of the largest botnets ever built, resulting in some of the most devastating DDoS attacks the internet has ever seen. In short: thanks to "internet of things" companies that prioritized profits over consumer privacy and the safety of the internet, we're now facing a security and privacy dumpster fire that many experts believe will, sooner or later, result in mass human fatalities.Hoping to, you know, help prevent that, the folks at Consumer Reports this week unveiled a new open source digital consumer-protection standard that safeguards consumers' security and privacy in the internet-of-broken things era. According to the non-profit's explanation of the new standard, it's working with privacy software firm Disconnect, non-profit privacy research firm Ranking Digital Rights (RDR), and nonprofit software security-testing organization Cyber Independent Testing Lab (CITL) on the new effort, which it acknowledges is early and requires public and expert assistance.As it stands, most of the proposals are common sense and take aim at most of the common issues in the IOT space. For example, encouraging companies to spend a few minutes engaged in "penetration testing" of their products before shipping (a novel idea!). The standard also hopes to ensure companies notify consumers of what's being collected and who it's being shared with, and that devices aren't using default login credentials. But Consumer Reports also notes that it hopes to develop these standards with an eye on more broadly incorporating them into product reviews:

"The standard should be easy enough for consumers without a technical background to understand, yet sophisticated enough to guide testing organizations such as Consumer Reports as we develop precise testing protocols. We want to rate products on measures such as security, in much the same the way we currently assess products for physical safety and performance."
This isn't the first effort of this type. Both the Department of Homeland Security and the FCC have started pushing for some voluntary sort of consistent standards. Of course the problem is that these standards are voluntary, meaning that the kind of companies that cut corners in the first place to sell unsecured products, aren't likely to give much of a damn. It's why folks like Bruce Schneier have advocated for stronger regulations. But with government agencies already walking back even existing consumer privacy protections under Trump, that doesn't seem likely anytime soon. And even if they were open to it, does anyone actually think that federal bureaucrats would come up with reasonable, workable standards that didn't do more harm than good? Having prominent reviewers, such as Consumer Reports take this on through an open standard and reviews seems like a pretty good way of shaming companies into better behavior.Consumer Reports is quick to acknowledge this is just the beginning of what they hope evolves into a more comprehensive standard:
"The standard as it's now written is a first draft. We hope that everyone from engineers to industry groups to concerned parents will get involved in shaping future versions of it. We've placed the standards on GitHub, a website that's widely used by software developers to share ideas and work on group projects. Because GitHub can be hard for newcomers to navigate, we've also built a website that has the same information."
Folks that are curious or want to lend their assistance can check out the full standard here.

Permalink | Comments | Email This Story


Read more here

posted at: 12:00am on 11-Mar-2017
path: /Policy | permalink


0 writeback(s)

comment...

 
Name:
URL/Email: (optional)
[http://... or mailto:you@wherever]
Title: (optional)
Comments:
Please enter the anti-spam code shown below: 

home << Policy << auto consumer reports proposes open source security standard to keep the internet of things from sucking

March 2024
Sun Mon Tue Wed Thu Fri Sat
         
           


Categories
 - blog home

 - Announcements  (0)
 - Annoyances  (0)
 - Career_Advice  (0)
 - Domains  (0)
 - Downloads  (3)
 - Ecommerce  (0)
 - Fitness  (0)
 - Home_and_Garden  (0)
     - Cooking  (0)
     - Tools  (0)
 - Humor  (0)
 - Notices  (0)
 - Observations  (1)
 - Oddities  (2)
 - Online_Marketing  (0)
     - Affiliates  (1)
     - Merchants  (1)
 - Policy  (3743)
 - Programming  (0)
     - Bookmarklets  (1)
     - Browsers  (1)
     - DHTML  (0)
     - Javascript  (3)
     - PHP  (0)
     - PayPal  (1)
     - Perl  (37)
          - blosxom  (0)
     - Unidata_Universe  (22)
 - Random_Advice  (1)
 - Reading  (0)
     - Books  (0)
     - Ebooks  (0)
     - Magazines  (0)
     - Online_Articles  (5)
 - Resume_or_CV  (1)
 - Reviews  (2)
 - Rhode_Island_USA  (0)
     - Providence  (1)
 - Shop  (0)
 - Sports  (0)
     - Football  (0)
          - Cowboys  (0)
          - Patriots  (0)
     - Futbol  (0)
          - The_Rest  (0)
          - USA  (0)
 - Technology  (1055)
 - Windows  (1)
 - Woodworking  (0)


Archives
 -2024  March  (170)
 -2024  February  (168)
 -2024  January  (146)
 -2023  December  (140)
 -2023  November  (174)
 -2023  October  (156)
 -2023  September  (161)
 -2023  August  (49)
 -2023  July  (40)
 -2023  June  (44)
 -2023  May  (45)
 -2023  April  (45)
 -2023  March  (53)
 -2023  February  (40)


My Sites

 - Millennium3Publishing.com

 - SponsorWorks.net

 - ListBug.com

 - TextEx.net

 - FindAdsHere.com

 - VisitLater.com