We are a group of researchers at Carnegie Mellon University. We are designing a usable security and privacy label for smart devices to help consumers make informed choices about Internet of Things device purchases and encourage manufacturers to disclose their privacy and security practices. Our label design is based on multiple rounds of input from both experts and consumers. If you want to share the summary of the label project with your team, we prepared a one-page handout.
We are releasing our label under a Creative Commons CC0 license. Please visit the Licensing tab for more information.
We’re looking for IoT devices to label!
IoT device manufactures: Show your commitment to security and privacy and be one of the first to try
our
label generator
to create labels for your products. Please send us your questions and
feedback, and let us know if you would like your label to be
featured
on our website.
Watch our video!
Our designed label includes information on privacy and security practices of the smart device, such as the type of data the device collects and whether or not the device gets automatic security updates. In addition to privacy and security information, our label includes some general information about the device, such as the firmware version and whether the device can function without internet connectivity.
We have designed a
two-layer label
that
includes a simple, understandable primary layer for consumers and a more
detailed secondary layer that includes information important to experts.
The primary layer is designed to be affixed to device packaging or shown
on an online shopping website, while the secondary layer can be accessed
online via a URL or QR code.
Click on the label below to toggle between primary (overview) and secondary (details) layer.
National Institute of Standards and Technology (NIST) drafted a white paper exploring various mechanisms to establish confidence in IoT device security. They proposed an IoT label as a potential method. Check out our response to their call for comments here!
Our IoT Privacy and Security Label has been featured on Tech Xplore.
Pardis Emami-Naeini presented our risk perception and purchase behavior project at the IEEE Symposium on Security and Privacy (S&P'21). Check out the presentation here!
Our IoT Privacy and Security Label has been featured on The Wall Street Journal.
Lorrie Cranor discussed our label in an interview with TechRepublic.