We’re designing a usable security and privacy label for smart devices to help consumers make informed choices about Internet of Things device purchases and encourage manufacturers to disclose their privacy and security practices.
The label includes information on privacy and security practices of the smart device, such as the type of data the device collects and whether or not the device gets automatic security updates. In addition to privacy and security information, our label includes some general information about the device, such as the firmware version and whether the device can function without internet connectivity.
We have designed a two-layer label that includes a simple, understandable primary layer for consumers and a more detailed secondary layer that includes information important to experts. The primary layer is designed to be affixed to device packaging or shown on an online shopping website, while the secondary layer can be accessed online via a URL or QR code.
Our paper "Ask the Experts: What Should Be on an IoT Privacy and Security Label?" has been accepted to the 41st IEEE Symposium on Security and Privacy (S&P'20).