The Path to Value in Consumer IoT Security Labeling

Daniel Browning -
Illustration: © IoT For All

An estimated 1.9 billion smart consumer devices were sold in 2019, at a value of $109 billion worldwide. As the types of consumer-grade IoT devices and the volume of devices sold both grow, a sizable opportunity is opening up for manufacturers. With increases in competition over time, keeping products competitive with differentiations like new features will not be enough. A tipping point is coming when consumers will expect better insight into the privacy and security considerations made in the design of their connected devices.

Many studies have been conducted to understand how consumers consider security and privacy in their IoT purchases. Even so, there are very few tools today for them to understand the potential risks of their buying decisions. Current standards are neither standardized in terms of the security measures companies take, nor in how consumers are equipped to make sound decisions about what they bring into their homes.

A recent study from University College London and Australian National University sheds new light on the revenue benefit of better informing customers about security and privacy details on Consumer IoT Device packaging.

Takeaways for IoT Professionals

Consumers let their perceived value of connectedness and convenience influence their level of concern about how companies handle their data.

Sample user interviews reviewed in an analysis by Princeton recently highlighted the balance of convenience and concern that many consumers weigh in their IoT purchases. Individuals have shared that, while anecdotally they have learned that thermostats, lightbulbs, and other IoT devices can be hackable, the value added to their daily life outweighs any potential consequences.

How long can the benefits of convenience outweigh security liabilities? Impacts of inadequate or hard to understand privacy and security considerations may become too significant to ignore sooner than we expect. Consumers will become more mature in their understanding of IoT, vulnerabilities will be exploited to greater effect, and the ubiquity of these devices in consumers’ lives will continue to increase.

Today, consumers generally have limited insight on the device manufacturer’s activity to maintain the privacy and security of their data.

Average users do not currently understand the privacy risks posed by inference algorithms on IoT devices lacking audio or visual inputs, for example. IoT manufacturers face a difficult dichotomy in user experience. Humans are wired to delight convenience. But tech that infers too well can unsettle users and creates entirely new sensitive data consumers may not be mindful of in the assessment of vulnerabilities.

Smart thermostats’ abilities to adapt to a user’s preferences are convenient, for example. However, many consumers have likely not considered what ‘data’ is being composed by service providers as devices become more connected.

Along with improvements in device security itself, actionable privacy and security disclosure is conspicuously missing from the Buyer’s toolbox today. This lack of clarity on Consumer IoT privacy and security has been a focus of the United States’ Federal Trade Commission in the past several years. As explained by FTC Commissioner Julie Brill at a conference in 2016, “Consumers want to know – and should be able easily to find out – what information companies are collecting, where they’re sending it, and how they’re using it.”

Drawing Inspiration for Consumer Advice

Creating a standard means of communicating complicated information successfully to a broad range of demographics is a challenging charter. When considering the customer segments for consumer IoT, manufacturers will ideally be able to entice people of many backgrounds. Differing levels of income, education, literacy, and tech savvy all increase the burden of a label serving as a customer’s guiding light when making a buying decision.

To inform their study, the research team of University College London and Australian National University defined three basic classifications of labels that could be used:

  1. Graded Labels
  2. “Seal of Approval” Labels
  3. Informational Labels

Of these three types, graded labels yielded promising results for customer comprehension and price increase justification, but these labels came at an additional cost. Introducing new means of evaluating products, whether by seal of approval or by some degree of grading, requires customers to understand what those grades imply. This is a challenge faced across many countries that have adopted similar approaches to advisory labeling for consumer goods.

For inspiration, the London and Australia-based research team looked to the United Kingdom’s Energy Efficiency consumer product labeling conventions. Creating a scale for privacy and security considerations, paired with a few key details about what information is stored and by whom, led to the best outcome in their pricing study.

Adopting new standards such as energy efficiency labeling has required a coordinated effort across industry and government. In the case of IoT devices, it will be no different. However, manufacturers may now see a very clear value proposition for leaning into the trend: when looking at an item such as a smart TV, shoppers have shown a willingness to pay the same for improved and well-articulated security features as they will for premium product features.

The Path to Smarter Customers and Higher Profits

Across government, industry, and consumers, awareness has been building for years around the needs for better security information disclosure. With this research, there is now a deep analysis proving the value proposition of security feature labeling for manufacturers. This research further introduces various formats for sharing this data on packaging, identifying graded labels as the best for price competition.

From these tests, several conclusions merit consideration by the industry. First, graded labels as a standard would allow exemplary producers to stand out on shelves shared with competitors. Second, customers will come to better understand the implications of their purchasing decisions. Finally, this transparency does not just align with government expectations for consumer disclosure.

It shows promise for improving perceived and accepted value of security as customers make purchasing decisions. At the low end, customers suggested they would pay 27% more for a product with security and privacy disclosures. For some products, the benefit of this labeling could command the same margin increase that a more premium device itself may fetch.

Author
Daniel Browning, Do Supply Inc.

Contributors
IoT For All
IoT For All
Guest writers are IoT experts and enthusiasts interested in sharing their insights with the IoT industry through IoT For All. If you're interested in contributing to IoT For All, cli...
Guest writers are IoT experts and enthusiasts interested in sharing their insights with the IoT industry through IoT For All. If you're interested in contributing to IoT For All, cli...