Smart devices must come with trust already installed 

Many of the 7 billion interet of things (IoT) products in the world are owned, used and relied upon by consumers. From smart watches and connected speakers to fitness bands and home assistants, the market for smart products is growing rapidly.

Making these everyday products smart and trusted is the theme of this year’s World Consumer Rights Day, an annual celebration of the importance of consumers in the economy and society and an important opportunity to make a global impact on an important issue.

We chose trusted smart products as our theme for 2019 to highlight the challenges that consumers buy into when they purchase a connected product. These challenges include poor security, getting locked in to one manufacturer’s system, and a loss of control over how their data is collected and shared.

Too often the answer to these challenges is “consumer education”. This is based on the assumption that providing information and guidance to individuals will lead to change. However, in complex digital markets this is not so easy. Consumers do have a role to play, but it is also up to manufacturers, retailers and regulators to make the consumer IoT system work for consumers. They can start this process by understanding and addressing some of the things that make it hard for consumers to protect and empower themselves.

Consumers may understand how their new connected device functions, but they often don’t understand what is happening behind the scenes, how data is being collected and used, or what security issues might occur. There are also several players involved in providing an IoT service to the end customer, and it’s not always clear who is responsible for each element or who to call if something goes wrong. None of this is helped by long and complicated terms and conditions, sometimes not even in the native language of the buyer.

As a first step, companies should develop systems to make it easier for consumers to understand risks and opportunities about their products and services.

Even small consumer IoT products are part of larger connected systems and networks, and a vulnerability in any part can compromise the entire system. At home this means a hacker can enter your home network through your cat cam, gaining access to your smart locks or personal computer – as we highlighted in our spoof Buggle Baby monitor ad.

Weak security in consumer IoT products can cause even more damage at a national or international level. In 2016, a major cyberattack disrupted internet services across North America and Europe by attacking unsecure printers and home wifi routers allowing the virus to spread to nearly 65,000 devices in less than 24 hours.

Simple steps such as requiring users to set their own passwords or encrypting data can make a huge difference to the front-line security of a product. Manufacturers need to build in security by design, using best in class guidance and focusing on encryption, updates and firewalls.

One reason data security is so important is because smart products are designed to communicate and share data with each other. This data on its own may seem innocuous, but when collated and analyzed with other information could reveal a quite accurate picture of an individual.

As a key component of security, we’d like to see strong data protection to protect against harms such as invasive marketing, loss of privacy or simply being creeped out on a regular basis. The Consumers International Summit at the end of April will bring together business, regulators and consumer experts to focus on making trusted smart products a reality.

Once you own a smart product or service, being able to change or move providers is important. If you don’t like prices in your supermarket or the way it sources its food, you can shop elsewhere. But it’s not so easy for digital services like consumer IoT, where large digital incumbents dominate the smart products and systems market.

Exercising choice is made harder as consumers lean towards contracting with one company as an easy way of bringing together multiple services. While in theory consumers are free to change providers, in practice exiting contracts may be time-consuming, or inconvenient at best. Add to this the difficulties in transferring data between suppliers, and lock-in to one company’s ecosystem seems more and more inevitable.

This can, of course, have an impact on competition if new innovative apps or add-ons are not compatible with the major systems. More problems can arise if the software provider changes hands and ends support for the product, or has different data governance processes.

Interoperable and compatible device and software standards should be in place to avoid lock-in effects and enhance consumers’ ability to easily compare and switch providers.

The Consumers International Summit runs from 30 April-1 May, with side events on 29 April and a member exclusive day on 2 May. Details: consumersinternational.org/summit-2019