On 16 July 2020, the government announced a proposed approach to make changes in the law to ensure ‘smart’ products are safer and more secure.
The proposals build on PETRAS research and aim to support the government’s vision of a more secure, confident and prosperous nation in the digital world.
In supporting evidence, the PETRAS Gender & IoT project, led by Dr Leonie Tanczer, is cited and includes a case study on Consumer IoT-facilitated abuse. One example illustrates how the password and user authentication system of a smart doorbell allowed an ex-partner to access and download videos of their victim through an app linked to the doorbell.
Work from PETRAS research project Consumer Security Index led by Professor Shane Johnson and Dr John Blythe was also heavily cited.
An example focussed on the economic implications, stating that to ‘five types of consumer IoT devices (smart TVs, smart watches, Wi-Fi routers, security cameras and thermostats) individuals were willing to pay, on average, between 14% and 63% more for greater security in IoT devices’. Additional research showed that survey respondents were willing to pay a premium for a product with a security label, compared to one without it, but that the type of label matters, with some being more effective than others.
Further research by Professor Johnson demonstrated that there is an information asymmetry in the marketplace, with it currently being very difficult (if at all possible) for consumers to establish the security of devices prior to their purchases. Blythe, Sombatruang and Johnson examined the content of the online user manuals and related materials for over 270 devices to provide a “consumer eye” view. They found that manufacturers currently provide too little information about security with, for example, none providing an indication of how long security updates would be provided for devices.
Commenting on the impact of their research, Professor Johnson said ‘New technologies are frequently introduced to the market-place with little attention to their crime and security implications. With the number of internet connected devices in people’s homes, and the variety of the types of devices increasing, it’s great to see DCMS pioneering the secure by design agenda in this space and we’re delighted that our work has informed this work.’
The government note that although the guidelines in the Code of Practice for Consumer Internet of Things Security (click here), both in the UK and overseas, have been widely adopted, change has not been swift enough, with poor security still commonplace.
Matt Warman MP, Minister for Digital Infrastructure, said ‘Cyber security is at the heart of the government’s approach to digital technology, and plays a critical role in ensuring people and businesses can benefit from the huge opportunities of technology.’
The government is keen to hear from experts, businesses and the general public in a Call for Views. This can be done via an online feedback survey (click here).