The Digital Standard for privacy and security

A couple of weeks ago, I took some time to get stuck into The Digital Standard, a new project from Consumer Reports, Disconnect, Ranking Digital Rights, and The Cyber Independent Testing Lab.

Digital Standard
Screenshot of The Digital Standard website


The standard is a community effort to bring together great privacy and security practices for those building digital products and services. Specifically, it aims to help organisations test products - maybe a smart thermostat - and assess how well it respects the owner’s rights.

It’s hard to understand the devices we buy

My own perspective is probably a little unusual. On the one hand, I built myself a “smart” front door - from scratch - using open hardware and my own software. I know exactly how it works, where the data lives, who can see what... everything.

Doorbot
Photograph of the casing of Paul's smart front door system


On the other hand, I also have a proprietary internet-connected thermostat. It was much quicker to install than my door, it’s got a slick app, and it “just works”.

But... I really don’t like that it knows when I’m home or what times I sleep. I don’t like that there’s a database somewhere with the fact that I’m on holiday, strongly linked to my real name and address, which I was required to give.

Every time I see an update to the slick iOS app I wonder who’s funding that development team. I’m not paying them anything - so who is?

The Digital Standard encourages secure and private by default

The Digital Standard encourages manufacturers to answer the sort of questions I’m not able to answer:

  • Who’s my data shared with?
  • Will it still work if the company loses interest?
  • Can I update the software after it’s out of warranty?
  • Does it give hackers an easy way into my network?

One of my favourite examples from the standard is to do with digital restrictions:

“The company does not use technical, feature-level, or legal means to block a consumer's ability to get a device repaired.”

The standard is being debated and developed the right way - in the open. It’s an example of the sort of approach Richard advocated earlier this week. I got a bit over-excited and bombarded the repo with suggestions…

Several issues were along the same theme: products should have a clear “supported until” date and manufacturers should publish a plan for beyond the support date. Once a product’s software is no longer supported, it should become open source so the community can continue to fix bugs and keep users safe. Bugs in home devices aren’t just inconvenient, they harm our digital rights. And of course, if users really own a product then they should be allowed to install third-party firmware whenever they like.

This work feels important and we’re happy to be able to contribute. See you on Github.