EPIC, Coalition Urge FCC to Adopt User-Friendly IoT Cybersecurity Labels and Deter Misuse

On November 10, EPIC—along with the Clinic to End Tech Abuse (CETA), the Madison Tech Clinic, Public Knowledge, and Ranking Digital Rights (RDR)—filed reply comments in the Federal Communications Commission’s proceeding on voluntary cybersecurity trust labels for Internet of Things (IoT) devices. “We firmly support the FCC’s creation of a voluntary cybersecurity labeling program and urge that the program be robust in its requirements, administration, and enforcement,” the coalition wrote.

The coalition urged the Commission to mandate that a company adopt data minimization practices for a product as a condition of displaying the label on that product; to ensure that the label reflects the product’s full capabilities and risks, including auxiliary components; and to require an initial label layer with basic information plus a second layer with greater detail, including resources to help potential victims of stalking or abuse who are at greater risk of harm due to the data collected by the device. The groups also urged that the Commission bring enforcement actions against label misuse (after a brief cure period) and that use of the label not serve as a safe harbor against tort liability. The comments were drafted and filed by the Communications and Technology Law Clinic (CTLC) at Georgetown Law.

EPIC regularly comments on regulations and testifies on policies to promote better cybersecurity practices that protect consumer data from unauthorized access and other misuse, including actions against stalkerware developers. EPIC also filed an amicus brief urging that dating platform companies be held liable when they ignore harassment and abuse.