Testing the Digital Standard: Smart Lock

Blog Post
May 21, 2020

This post is part of a series that aims to assess the Digital Standard by testing the methodology with a few representative smart devices connected to the Internet of Things. You can view and download our full methodology to conduct your own assessments, and read our assessments of other devices as the project continues.

The Digital Standard

In 2018, New America’s Open Technology Institute (OTI) launched a project to educate people about the Digital Standard,⁠ a new framework for evaluating the privacy and security of internet-connected consumer products and software. The Standard was developed by a group of organizations, including Ranking Digital Rights, in collaboration with Consumer Reports. Building off this work, we're selecting a few representative products and apps and putting them through the tests that the Digital Standard describes. Our methodology will include exactly how we judged each indicator, including what information was needed in order to measure whether the indicator was met, where we looked for it and where we found it, and how we interpreted the inevitable vagueness and edge cases. Below you'll find information related to the first product in this series: a smart lock.

The Smart Lock

The product for our first round of Digital Standard testing is a smart lock, which is made by a well-known company that also produces traditional interior and exterior hardware and locksets. The lock consists of a touch keypad that faces the exterior side of a door and a deadbolt facing the interior of the door. The lock does not include a keyhole to override the keypad, and therefore may only be locked and unlocked using the keypad. The smart lock interfaces with mobile devices using a mobile application, operated by a third-party company, that can also be used to operate other types of smart devices. The lock is also compatible with major home assistant products.

Note: For the purposes of this project, we will not be revealing the manufacturer, service provider, or any other company or product names for the devices we are testing. Our goal is to develop and document a process to implement the Digital Standard, and we feel that publishing specific information about the products we are testing detracts from that process.

Terms of Service and Privacy Policy Documents

Terms of Service and Privacy Policy Change Notification

Process for Terms of Service Enforcement

Transparency About Terms of Service Enforcement

Identity Policy

Security Oversight

Third-Party Requests for User Data

Data Control

Data Collection

Minimal Data Collection

Data Use

Data Retention and Deletion

Threat Notification

User Notification About Third-Party Requests for User Information

Transparency Reporting


Open Source




Functionality Over Time

Privacy by Default

Best Build Practices



Known Exploit Resistance

Vulnerability Disclosure Program

Security Over Time

Product Stability

Related Topics
Technology Projects Data Privacy Cybersecurity