Advocacy Organizations Pen Letter to Retailers Urging Privacy, Security Guidelines
The Mozilla Foundation aligned with the Internet Society’s Online Trust Alliance and nine other organizations to petition major retailers to adopt minimum privacy and security guidelines for IoT products they carry. A Tuesday letter to Amazon, Best Buy, Target and Walmart referenced “serious concerns regarding standards of privacy and security” with connected consumer products.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
By 2020, some 10 billion IoT products will be active, up from 7 billion in August, said the letter, citing August data from IoT Analytics. Most of the connected devices will be in the hands of consumers, whose private information and conservations need to be protected to enhance consumers’ trust, said the letter.
The situation is particularly concerning for children’s privacy, it said. The signers noted the 2017 CloudPets data breach (see 1705220057) that leaked email addresses, passwords, profile pictures and voice recordings of CloudPets users before it was discovered the toy also could be compromised, enabling hackers to use the devices to say whatever they wanted.
To minimize such risks, the letter asked retailers publicly to endorse five minimum guidelines for all IoT devices: 1) use encrypted communications for all network communications; 2) support automatic updates for a “reasonable period after sale” and be enabled by default so when a vulnerability is discovered, the update can be installed “seamlessly”; 3) require strong passwords, including resetting default passwords after device setup; 4) have a point of contact to manage vulnerabilities that arise as part of a systemized response plan; 5) have an easily accessible, understandable privacy policy that enables consumer opt-out of data collection practices.
The groups noted recent headlines about “privacy and security failings in the IoT space,” and said it often has been the “same mistakes that have led to people’s private moments, conversations, and information being compromised.” Because of the trust retailers have with customers, they have an important role in addressing internet privacy and security and “helping to build a more secure, connected future,” it said.
Signers included Color of Change, Open Media & Information Companies Initiative, Common Sense Media, Center for Democracy and Technology and the Consumer Federation of America. Amazon declined to comment. The other three retailers didn’t respond to requests for comment.