Consumer publication Consumer Reports will soon begin considering cybersecurity and privacy safeguards when scoring products.
The group, which issues scores that rank products it reviews, said it had collaborated with several outside organizations to develop methodologies for studying how easily a product can be hacked and how well customer data is secured.
In a release, it said: "In our recent CR Consumer Voices survey, 65 percent of Americans told us they are either slightly or not at all confident that their personal data is private and not distributed without their knowledge. We think it’s unfair and unrealistic to expect consumers to constantly play defense when the products and services they use aren’t engineered with basic privacy and security protections built in. Consumer Reports regularly writes about major security vulnerabilities and offers advice to our readers about good practices that can help protect their data and privacy. But as an organization, we aim to do more. That’s why we’re now launching the first phase of a collaborative effort to create a new standard that safeguards consumers’ security and privacy—and we hope industry will use that standard when building and designing digital products such as connected devices, software, and mobile apps. The goal is to help consumers understand which digital products do the most to protect their privacy and security, and give them the most control over their personal data. This standard can also eventually be used by CR and others in developing test protocols to evaluate and rate products—which will help consumers make more informed purchasing decisions."
Maria Rerecich, who directs electronics testing at Consumer Reports, is helping lead the project. “All kinds of products and services collect consumer data and rely on software to work,” she says. “But no one has defined how companies should build these products to really be good for consumers in terms of privacy and other issues.” Those products include such diverse items as smart TVs, routers, security cameras, thermostats, and digital assistants (think Amazon Echo and Google Home)—as well as pure software products such as apps and web browsers.
The release added: "If Consumer Reports and other public-interest organizations create a reasonable standard and let people know which products do the best job of meeting it, consumer pressure and choices can change the marketplace."
The standard, the release said, should require consumers to choose unique usernames and passwords during setup. It also calls on companies to delete consumer data from their servers upon request, to protect personal data with encryption as the data is sent through the internet, and to be completely transparent about how personal consumer information is shared with other companies.
The standard ultimately can be used to help Consumer Reports and other groups develop specific and repeatable testing procedures, it said. Then it can evaluate products and give consumers the ability to compare products against each other on the basis of factors such as privacy protection.
Among the groups Consumer Reports is working with are The Craig Newmark Foundation and Craig Newmark Philanthropic Fund, as well as the Ford Foundation.