Companies And Users Can Do More To Stay Secure With Smart Devices
These days just about every device is "smart." There are smart cars, phones, TVs, grills and speakers, and most people don't think twice about buying a new TV, hooking it up to the internet and giving it access to different apps.
But all that connectivity means data is being shared and collected by the devices and the apps used.
Earlier this month, Consumer Reports announced a new initiative to create standards for consumer privacy and security protections that will later allow them to rate products and services and see how well consumer information is protected.
To do this, CR is partnering with Ranking Digital Rights, a nonprofit that specializes in evaluating privacy standards of telecom and internet companies. In other words, they carefully read through all the privacy agreements most others accept without question.
"What we're looking in the Ranking Digital Rights Corporate Accountability Index is companies' public commitments and disclosures about what their policies are affecting users' privacy as well as their freedom of expression, and the company's general governance," says Rebecca MacKinnon, director of Ranking Digital Rights. "So, do they have institutional mechanisms in place to make sure that all their managers and employees are thinking about their users rights in the course of day to day operations?"
This year's rankings were the first that included Apple and Samsung, two large industry players. Despite their influence in the markets, both companies received failing grades.
"They disclose less information than you'd expect, which we believe is a baseline for companies to demonstrate to users what's happening to their information, with whom it's being shared, both in terms of governments, but also commercially," MacKinnon says. "Apple has no transparency about its rules about what can and can't be in the app store, or about what kind of government requests they're getting to remove content from the app store."
But really none of the companies received a grade above a D, with the top two companies being Google and Microsoft.
"It's not necessarily that they're doing all the right things, but at least they're telling us what their policies are to a greater degree than the other companies," MacKinnon says. "They're disclosing more data about the kinds of things they're handing over to the government, the kinds of content that they're removing both in response to external demands but also forcing terms of service and they also have strong governance."
Digital Ranking Rights also looks at freedom of expression and how transparent companies are in terms of what content users can access. Issues like this made news at the beginning of year when The New York Times' app was blocked in China.
MacKinnon says a lot of companies have started transparency reporting, or releasing data about the number of requests they're getting to block and remove content as a form of censorship.
"The relationship between the law and human rights is complicated," MacKinnon says. "In pretty much all countries you have governments demanding that companies do things that based on international human right standards of free expression or privacy are violating privacy rights. And companies are caught in the middle."
While transparency is important, legal requirements for companies to disclose this information don't exist at this time.
"What's really important is that companies be transparent so people know who to hold accountable," MacKinnon says. "If your content is being removed or you're being prevented from accessing certain information you need to know who is responsible for that decision."
MacKinnon says companies need to be more transparent, so users can decide for themselves what, if any, actions they can and want to take.
"In the very least if they're in a country where they can influence the policy, then as citizens and voters, they can try and do so," she says. "They can try and hold their political leaders accountable. If they're not in a place where they can influence the policy, they can at least make more informed decisions about how they're going to use the technology and how they're going to protect themselves."
Self-protection is on the minds of many people, especially after stories of baby monitors and cars being hacked surfaced. Seamus Tuohy, a consultant with the digital security firm Prudent innovation says there are some ways to keep data secure and personal information private, especially when using mobile devices.
Tuohy says while it's possible to get virus from clicking on a link, it's less likely to happen when you visit a site than when you download a file and open it. Another good practice Tuohy suggests is checking to see if the site is secure. If begins with "https," the "s" means the site is secure.
Tuohy says this is easier to check on laptops or other computers than on apps, but he says if a company's main website is secure, there's a good chance the company took the same security precautions in its app.
This type of app and site security also matters to people who are concerned about connecting to public Wi-Fi networks.
"These days about half the websites on the internet are secured this way and that protects from the Wi-Fi hotspot or from the mobile network seeing what you're going to," Tuohy says. "They can see the basic site you're on when you go to a browser ... but they can't see what you're searching for."
As for the cases of hackers taking control of cameras on computers, Tuohy says he personally would choose to cover up the camera with a small piece of paper or plastic cover.
Audio was produced for Weekend Edition by Ian Stewart and edited by Barrie Hardymon.
Copyright 2021 NPR. To see more, visit https://www.npr.org.