Access and Feeds

IoT Nutrition Labels: Communicating Security Risks to Consumers

By Dick Weisinger

Privacy and Security are top concerns for users, but if you’re not a techie, evaluating or understanding the intricacies of security might be challenging. Something that is easy to cross your fingers and skip over. Or worse yet when a product has no information about security and privacy practices — that’s often the case with many IoT devices on the market.

Researchers at Carnegie Mellon are pushing the idea of a security and privacy ‘nutrition label’ that could present is a standard and concise way security information that could be used by consumers to help them evaluate a product. The idea comes from the nutrition labels used by the FDA on standard food packaging.

The labels would include the following:

  • Essential security and privacy factors that affect consumers
  • Present the information in a visually easy way to understand it
  • Labels should be subject to updates so that the most recent information is always presented

Yuvraj Agarwal, professor at Carnegie Mellon University, said that “in an IoT setting, the amount of sensors and information you have about users is potentially invasive and ubiquitous. It’s like trying to fix a leaky bucket. So transparency is the most important part. This work shows and enumerates all the choices and factors for consumers.”

Cisco responded to the proposal to use IoT Nutrition labels, saying that “much of the software that consumers purchase and use for connected devices is consumed via application stores or marketplaces that are already well-tended. We believe that the emerging area of risk where NIST’s efforts can be most effectively focused is on software embedded or otherwise incorporated with devices, such as IoT devices in the consumer environment that interact with the physical environment.”

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published.