Two months ago, I read something that made me furious. A chocolate company had gradually reduced the size of my favorite chocolate bar by 30%. The greedy chocolate company – no, they were “Big Chocolate” now – were cutting corners in an attempt to trick everyday people like me. I vowed I would boycott them.
A week later I found myself in the checkout lane at the grocery store, eyeing my favorite chocolate bar. Five minutes later, I was eating it. I didn’t even have the decency to feel guilty.
I enjoy being justifiably outraged, I don’t enjoy taking the time to help fix the problem. Fixing things is a pain.
There’s no area I do this more with than cybersecurity and online privacy. I’m always infuriated by the latest data breach. I’m angry when a website forces me to download an app and make an account instead of allowing me to use my mobile browser.
Yet, I still download the app. In fact, I’ll continue to do business with a company after they’ve had a data breach, sold insecure Internet-connected devices, or even been caught spying on their customers through their TVs. And then I’m infuriated all over again six months later when the company’s stock continues to rebound.
As a consumer, I should have the right to products or services that are secure and privacy-respecting. Yet, I should also act responsibly to help make these rights a reality.
As Internet-connected devices – the Internet of Things (IoT) – continue to become a bigger part of everyday life, these rights and responsibilities become even more important. As a consumer and user of connected devices:
- I should have the right to be able to buy a device that has been built with “security by design“. This means security is included all the way from the design process to me recycling the device in a few years.
- I should also act responsibly by only buying connected devices that I know are secure. I shouldn’t buy a fancy connected cooking tool unless I’m certain it won’t likely be turned into a bot to help take out a power grid.
- I should have the right to demand a device that is easy to update and has its supported life-cycle clearly conveyed. I should know how long my niece’s Internet-connected toy blocks will be supplied with updates. I should also know if they are ever planned to be bricked.
- I should also act responsibly by updating my devices in a timely manner. Would I wait months to patch a cracked car windshield? Maybe, but I know I shouldn’t. Connected devices that are not updated can be physically dangerous too, or can potentially tell criminals about your daily habits.
- I should have the right to know how the personal data collected by my devices is used and who gets to access it. Your ex shouldn’t be able to check the data from your fitness tracker to see how bad the break up hit you.
- I should also act responsibly by only buying devices where I know what will happen with the data. Is an Internet-connected refrigerator really worth it if it could be telling my insurance company (or worse, my mother) how unhealthy I’ve been eating?
- I should have the right to know how the data collected by my connected devices will be protected and stored.
- I should also act responsibly by taking 10 minutes to educate myself on what “good” data protection practices look like. Mozilla’s guide, Privacy Not Included, gives a great list of questions to ask about a product as you shop.
March 15 is World Consumer Rights Day. I care about my rights and I’m sure you do too. Now let’s both show we care by acting more responsibly and making our rights a reality.
Learn more about IoT and the steps you can take to protect your privacy.