Mozilla and ThinksCon today announced the launch of the Trustable Technology Mark, which will help consumers determine if their latest “smart” home gizmo is designed with privacy and security in mind.
The Trustable Technology Mark is a bit like the EEA’s CE Mark. The main difference is that while the CE mark concerns itself with the overall safety of the product, the Trustable Technology Mark focuses on privacy and the security lifecycle.
For a device to achieve Trustable Technology Mark certification, it must first be evaluated by netural experts from ThingsCon, who look at five criteria.
- Privacy & Data Practices: Is it designed using state-of-the-art data practices, and respectful of user rights?
- Transparency: Is it made clear to users what the device does and how data might be used?
- Security: Is it designed and built using state-of-the-art security practices and safeguards?
- Stability: How robust is the device and how long of a life cycle can a consumer reasonably expect?
- Openness: How open are both the device and the manufacturer’s processes? Is open data used or generated?
Device manufacturers are also welcome to self-certify their devices. These self-assessments are published openly under an open license, for the IoT community to scrutiny.
Once a device has successfully completed the assessment process, the manufacturer is allowed to feature the Trusted Technology Mark on their marketing materials and packaging.
In a statement, Peter Bihr, ThingsCon co-founder and a Mozilla fellow, said: “IoT devices are only becoming more widespread and more advanced — they live in our kitchens and bedrooms, and they access our calendars and our conversations. As a result, consumers should have answers to important questions like What personal data does this product collect? How is that data stored? Who has access to that data? And can I easily export that data?”
Mozilla and ThingsCon are launching the Trusted Technology Mark with two products in two different categories: voice assistants and connected toys.
The first, Snips.ai, is a smart voice assistant platform, with a range of products expected to launch next year. The other product, Vai Kai, is a range of wooden dolls designed to teach empathy, and aimed at younger users.
Experts have long recognized “smart” home devices as a particularly troubling security and privacy achilles heel. There are no rules manufacturers are obligated to follow. Worse, manufacturers aren’t obligated to issue security updates for the entire lifespan of a product.
The consequences of this can be dire. The Mirai botnet, for example, consisted almost entirely of compromised IoT devices, and in 2016, was used to attack Dyn: a major internet infrastructure provider.
This catastrophic attack rendered an entire swathe of the Internet inaccessible. But above everything else, it was a concrete demonstration of the risks posed by insecure IoT devices.
Unfortunately, the cat is out of the bag here. By 2017, there was an estimated 8.4 billion IoT devices in circulation, ranging from Internet-connected cameras to industrial equipment. The vast majority of these have inherent (and easily exploitable) vulnerabilities. Hundreds of millions have already been hacked.
But while there’s nothing we can do about the devices already in use, developers can at least ensure that the new devices they build are secure by design.
The Trustable Technology Mark helps accomplish this in two ways: firstly, it gives consumers a way to identify the most secure devices. Secondly, it gives manufacturers a guideline to creating products that respect the user’s privacy and security.