Table of Contents
- What is the Digital Standard?
- Who Created and Maintains the Digital Standard? Who can Contribute?
- Why is Testing Important?
- Why was this Testing Handbook Necessary, and Who is it For?
- How does the Handbook Score Products?
- How did we Pick the Products? (And Why aren’t We Naming Them?)
- What Products did we Ultimately Choose?
- How did we Design the Technical Testing Procedures?
- How did we Design the Policy Testing Procedures?
- What would we Change in the Standard?
- Conclusion
What is the Digital Standard?
Over the years, product safety testing has been standardized for all sorts of categories of consumer goods. From cars to cribs, increased testing to ensure that products are adhering to best practices in safety has turned many types of products from possibly deadly, to generally safe and trustworthy. For example, the implementation and testing of seatbelts and airbags has dramatically reduced injuries and deaths in auto accidents. These standardizations of best practices often happened in reaction to observed safety issues, and an inability of the buyer to evaluate the comparative safety of products they are purchasing. The growth in popularity of internet-connected smart devices presents a similar problem. These devices are vulnerable to a new range of security and privacy threats; ones that your refrigerator and slow cooker have never had to face before. Previously, a refrigerator may have been tested for temperature regulation and energy efficiency. Now, it and many kitchen appliances are connected to the internet, allowing you to check what's in your fridge from the grocery aisle, or turn down your slow cooker from a phone app.
Having built reputations based on mechanical, electrical, and design expertise, many manufacturers who have made versions of a product for decades, are now faced with a completely new category of product safety that they've never had to consider. A coffee maker never used to be able to gather personal data, or be made part of a botnet. The risks that these more advanced "internet of things" (IoT) products pose to consumer privacy and security calls for the implementation of a standardized testing framework, so that products can be evaluated and compared.
Such a testing framework is already publicly available through the Digital Standard. With the goals of enabling consumer organizations to "test, evaluate, and report on whether new products protect consumer security and privacy," and helping consumers to "make smarter choices about the products they buy," the Digital Standard is working to "create a digital privacy and security standard to help guide the future design of consumer software, digital platforms and services, and Internet-connected products." The standard is composed of 35 tests on issues ranging from encryption, to data retention, to identity policies. Each of these tests includes specific criteria and indicators to review when conducting the test. Most of the tests have existing criteria and indicators listed, however a few of the tests remain “under development” or “under discussion,” which may mean that some aspect of the test language is currently incomplete or nonexistent.