Updates
EPIC Joins Coalition Urging FCC to Strengthen Consumer Privacy and Trust in IoT Cybersecurity Label
August 20, 2024
On August 19, EPIC joined Consumer Reports, Carnegie Mellon University, Public Knowledge, and New York University in calling on the Federal Communications Commission to take five key steps to boost consumer confidence in its voluntary cybersecurity labeling program for the Internet of Things (IoT). The groups explained that the U.S. Cyber Trust Mark must ensure accurate labels, include disclosures about sensors and other privacy concerns, and promote third-party accountability.
The FCC’s Trust Mark program is designed to counter historically inadequate investment in cybersecurity by equipping consumers to select IoT products on the basis of a company’s minimum threshold commitment to supporting cybersecurity for the product. This indirect incentive, part of the White House’s National Cybersecurity Implementation Plan, is meant to both strengthen the security of U.S. networks and protect consumer data.
The coalition of consumer advocates urged the FCC to improve its U.S. Cyber Trust Mark program by (1) requiring a clear, public process for complaints about inaccurate use of the label; (2) limiting the scope of manufacturer and administrator confidentiality protections to promote accountability; (3) including privacy and encryption elements in the label; (4) ensuring the registry of labels is standardized, following specific design principles; and (5) ensuring the registry is programmatically accessible (e.g., via machine-readable JSON).
EPIC has been an active consumer advocate in the FCC’s Trust Mark proceeding. EPIC also regularly comments on regulations and testifies on policies to promote better cybersecurity practices that protect consumer data from unauthorized access and other misuse.
Support Our Work
EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.
Donate