Table of Contents
- Definitions
- Introduction
- Terms of Service and Privacy Policy Documents
- Terms of Service and Privacy Policy Change Notification
- Process for Terms of Service Enforcement
- Transparency 国产视频 Terms of Service Enforcement
- Identity Policy
- Security Oversight
- Third-Party Requests for User Data
- Data Control
- Data Collection
- Minimal Data Collection
- Data Use
- Data Retention and Deletion
- Threat Notification
- User Notification 国产视频 Third-Party Requests for User Information
- Transparency Reporting
- Governance
- Open Source
- Interoperability
- Ownership
- Resale
- Functionality Over Time
- Privacy by Default
- Best Build Practices
- Authentication
- Encryption
- Known Exploit Resistance
- Vulnerability Disclosure Program
- Security Over Time
- Product Stability
- Personal Safety
- Open Innovation
- Business Model
- Repair Accessibility
- Repair Penalty
- Data Benefits
Introduction
The Internet of Things (IoT) is rapidly expanding, and more and more manufacturers of consumer products like kitchen appliances, televisions, and security systems are connecting those devices to the internet. Last year, 国产视频鈥檚 Open Technology Institute (OTI) undertook a project to educate people about the , a new framework for evaluating the privacy and security of internet-connected consumer products and software. The Standard was developed by a group of organizations, including , in collaboration with , , , , and other partners. For companies, the Digital Standard is a useful tool to help drive privacy and security-focused development, and as a checklist to add to quality assurance processes. For the press, the Digital Standard is a benchmark by which to measure products while reporting on information security and data privacy. Civil society organizations can use the Digital Standard in policy research, or as an example as they advocate for companies to implement best practices for privacy and security.
The most common complaint we heard while discussing the Standard with product designers, developers, and manufacturers was that it didn鈥檛 provide enough guidance about how to perform the tests that it describes. The Standard contains dozens of 鈥渋ndicators鈥 (individual items detailing the elements of behavior that make up a test) that need to be evaluated when testing a given device. They take the form of a broad statement to be evaluated, such as 鈥渦sers can control how their information is used to target advertising鈥 or 鈥渢he software does not make use of unsafe functions or libraries.鈥 They describe what the designated outcome should be, but by and large the indicators do not spell out how to arrive at an answer. A more in-depth step-by-step instruction manual is usually called a 鈥渕ethodology,鈥 however there is not yet a Digital Standard methodology available to the public.
OTI is setting out to fill that gap by selecting a few representative products and apps and putting them through the Digital Standard ringer. Throughout the process, we鈥檒l be taking detailed notes on how exactly we judged each indicator, including what information we needed to collect in order to measure whether the indicator is met, where we looked for it and where we found it, and how we interpreted the inevitable vagueness and edge cases. We will publish our notes openly as a resource as we go along, and we鈥檒l update the methodology in real time to keep up with our findings. We hope this enables more people to use the Digital Standard.