The Consumer Federation of America, along with 10 other advocacy groups, including Mozilla and the Internet Society, have sent an open letter to Target, Amazon, Best Buy and Walmart asking the retailers to endorse minimum privacy and security guidelines for connected consumer products. Citing an estimated 10 billion active IoT products by 2020, the advocacy groups recommend the following minimum guidelines for IoT devices, including:
- Encryption for all network communication functions and capabilities;
- Automatic updates for a reasonable period after sale and enabled by default;
- For devices using passwords for remote authentication, a requirement that default passwords be reset along with password strength requirements;
- The vendor having a system to manage vulnerabilities, including a point of contact and a vulnerability handling process; and
- An easily accessible, easily understood privacy policy at the point of sale with a mechanism in place to notify user of any substantives changes to the policy.
Read the Consumer Federation of America’s letter here. Contact us at Ossian Law P. C. regarding any information technology law matter.
© 2019 Ossian Law P.C.