(1/6) CyLab director Lorrie Cranor along with Yuvraj Agarwal and Omer Akgul joined forces with Consumer Reports to request amendments to the The FCC's Cybersecurity Labeling for Internet of Things Order, to be voted on by the #FCC this week: cylab.cmu.edu/_files/documen…

(2/6) We’re concerned that the current order omits critical privacy and security information and does not do enough to address consumers’ needs. The CyLab/CR letter asks the FCC to amend the order to correct three problems:

(3/6) The FCC order specifies labels on IoT device packaging with QR codes and the US Cyber Trust Mark and assumes that consumers will all scan the QR codes to get more information.

(4/6) However, our research shows that consumers want security and privacy information on product packaging, accessible without scanning. There should be an explicit requirement to include basic information on the product packaging.

(5/6) The FCC order mentions privacy along with security, but does not include any privacy requirements. IoT labels should include basic privacy information important to consumers such as what sensors a device has and what they do with the data they collect.

(6/6) The FCC order includes a list of required information that must be available through the label QR code. That list is missing critical security and privacy items. The FCC should revisit this list to ensure it includes key information.