New Standards in Privacy and Data Security

It’s easy to take for granted how connected everything is now days, especially the things we use in our day-to-day business. This interconnection makes things smarter and more efficient, but it also makes them open to security vulnerabilities in ways that these things haven’t been before. It can be tough to directly ascertain whether or not the products and services you use are secure – most people are forced to rely upon the assurances of a distant regulatory agency or the providers themselves. To help businesses and solo-entrepreneurs get a handle on their digital security, Consumer reports launched the Digital Standard this week.

In a release announcing its launch, Consumer Reports President and CEO Marta L. Tellado explained: “While the pace of new technologies is exciting and brings greater convenience to our lives, it also carries with it new threats to our security and personal privacy.”

The new Digital Standard brings together work from many industry players – there’s Disconnect, creators of technology that helps block data collection and tracking; Ranking Digital Rights, which assesses companies on their commitment to security and privacy; the Cyber Independent Testing Laboratory(CITL), which consults clients about software safety; and Aspiration, an ethical investing service.

Peiter “Mudge” Zatko, info-security expert and co-founder of CITL, likes to compare software safety to automobile safety. It’s impossible to create something that’s 100% safe, but you can know that having certain features increases the chance of preventing catastrophe. “If you have a car that doesn’t have airbags, seat belts, or antilock brakes, you, as the consumer, need to know this,” he says.

What sort of software features help prevent catastrophe? The standard makes recommendations that seem like common sense but that remain remarkably absent in  many contemporary practices and technologies. The standard recommends such things as securing devices from outside intrusion, limiting the amount of personal data that devices collect, clarifying issues related to maintenance and ownership, and holding companies accountable for unethical behavior. Consumer Reports provides guidance and tools for helping consumers enforce the standards recommended in their report.

The publication of these standards is meant to launch a wave of public collaboration over privacy standards. “We are making a long-term commitment to tackle a challenge of staggering complexity. In the spirit of collaboration, we are seeking participation from everyone who cares about these security and privacy issues. We’re excited about the potential to make a real difference that will empower consumers.” said Maria Rerecich, Director of Electronics Testing for Consumer Reports.

The problem may be likely to get worse before it gets better, as the the Internet of Things continues to evolve and new vulnerabilities present themselves. That said, the standard represents an important step in the right direction, and hopefully the beginning of a broader trend to help us stay safer together.

The full first version of the Digital Standard is available here.