White House Announces ‘Cyber Trust Mark’ Labeling Initiative for Smart Devices

White House Announces ‘Cyber Trust Mark’ Labeling Initiative for Smart Devices
Smart home service devices are displayed at CES 2017 at the Sands Expo and Convention Center in Las Vegas on Jan. 5, 2017. Ethan Miller/Getty Images
Katabella Roberts
Updated:
0:00

The Biden administration is planning to launch a new cybersecurity certification and labeling program aimed at helping Americans make more informed decisions when it comes to purchasing smart devices that are less vulnerable to cyberattacks.

Known as the “U.S. Cyber Trust Mark” program, the initiative will be overseen by the Federal Communications Commission (FCC), according to a July 18 statement from the White House.

The program would “raise the bar for cybersecurity across common devices, including smart refrigerators, smart microwaves, smart televisions, smart climate control systems, smart fitness trackers, and more,” according to officials.

Under the new initiative, internet or Bluetooth-connected devices including baby monitors, home security cameras, and refrigerators that meet U.S. government cybersecurity requirements will have an identifying logo or a “trust mark” placed on them.

A QR code linking to a national registry of certified devices will also provide consumers with specific information regarding how safe the smart products are, the White House said.

“Working with other regulators and the U.S. Department of Justice, the Commission plans to establish oversight and enforcement safeguards to maintain trust and confidence in the program,” officials said.

As part of the new program, a string of major electronics, appliance, and consumer product manufacturers, retailers, and trade associations have made voluntary commitments to increase cybersecurity for the products they sell.

Companies Join Forces With FCC

Amazon, Best Buy, Google, LG Electronics USA, Samsung Electronics, and the Consumer Technology Association have all announced support for the new initiative.

Before the program launches, the FCC will seek public comment to determine what criteria is used to label products with the trust mark. The new initiative is expected to be up and running in 2024.

“As proposed, the program would leverage stakeholder-led efforts to certify and label products, based on specific cybersecurity criteria published by the National Institute of Standards and Technology (NIST) that, for example, requires unique and strong default passwords, data protection, software updates, and incident detection capabilities,” the White House said.

The announcement came on the same day the FCC applied to register a national trademark with the U.S. Patent and Trademark Office that would be applied to products meeting the cybersecurity criteria.

In June, Amazon, one of the companies supporting the latest initiative, agreed to pay the Federal Trade Commission (FTC) $5.8 million to settle claims that it allowed employees and third-party contractors of its Ring video camera doorbell unit to surveil customers in their homes.

The FTC said the company was compromising its customers’ privacy by allowing employees and third-party contractors, including some based in Ukraine, to access consumers’ private videos and use the videos to train algorithms without their consent.

A woman with a smartphone in front of displayed Amazon logo in an illustration on July 30, 2021. (Dado Ruvic/Reuters)
A woman with a smartphone in front of displayed Amazon logo in an illustration on July 30, 2021. Dado Ruvic/Reuters

Amazon Sued Over Cybersecurity Issues

According to the FTC, the doorbell company violated customers’ privacy on multiple occasions, including in one instance during which an employee is said to have watched video recordings amounting to thousands of hours of a female customer who had purchased cameras and placed them in her bedroom and bathroom.

The company also failed to implement basic privacy and security protections for customers who purchased the cameras, the FTC said, allowing hackers to take control of consumers’ accounts, cameras, and videos, and in some cases threaten and harass customers.

As part of the settlement, the home security camera company—which Amazon purchased in 2018—must delete all data, models, and algorithms derived from videos it “unlawfully reviewed” and must implement a privacy and security program with “novel safeguards on human review of videos” and multifactor authentication for both employee and customer accounts, among other things.

At the time, an Amazon spokesperson told The Epoch Times that the company’s devices and services are “built to protect customers’ privacy, and to provide customers with control over their experience.”

Meanwhile, Google, which has also partnered with the FCC for the Cyber Trust Mark program, agreed to pay $391.5 million in 2022 as part of a settlement with 40 states over claims it tracked users’ locations via their mobile phones and other devices.

At the time of that settlement, Google said it had addressed and corrected some of the location-tracking practices raised in the lawsuit and that the issues were based on “outdated product policies that we changed years ago.”

A recent Statista report estimates that by 2025, more than 57 percent of U.S. households will have a smart device in their homes.

According to an April report from the cybersecurity firm Bitdefender and networking equipment company NetGear, the most vulnerable smart devices in 2022 were smart TVs, followed by smart plugs, routers, and digital video recorders.

The Associated Press contributed to this report.
Related Topics