Consumer Protection for Technology Products

Is anyone really looking out for the consumer?

The Internet has often been referred to as the wild, wild West of the cyber age. It’s difficult to know whether websites, apps, portals and cloud-based programs are wearing black or white hats. And where’s the sheriff who should be protecting us from poachers and gunslingers?

Americans spend a good portion of their day in the cyber world. While at work, school, shopping, paying bills, or simply communicating with one another, we’re connected through smart devices of every ilk. Unfortunately, cybersecurity is grossly insufficient. Every day we read reports of government and commercial hackings, breaches and information leaks. Cyberstalkers, identity thieves and ransomware threaten even the most casual users of technology.

Are consumers irresponsible users of technology?

The success of any remedies to these problems is debatable. Maybe our approach to a solution is upside down. As things stand now, it’s technology consumers who are responsible for bungling cybersecurity. We must patch our systems, beware of which links on which to click, and continually update passwords.

But it more logical to say that technology is failing the consumers. Veracode recently reported that 61% percent of all internally developed applications failed basic compliance tests when measured against the Open Web Application Security Project’s top ten. Software developed commercially proved even less secure, with a failure test rate of 75%.

It seems apparent that innovative technology is rushed onto the market lacking the necessary security protocols to protect critical information. Too many companies lack the resources to construct, secure, and test products. Instead, they push quality and security concerns to a time when revenue is flowing.

Protecting technology product consumers

Is it time for a governing agency like the Consumer Product Safety Commission to oversee consumer technology products?

The CPSC’s responsibility is to protect consumers from products that pose a danger through product safety regulations, standards and certification processes.

Do tech companies have incentive to spend their resources on information security before launching a product?  And are consumers sufficiently savvy to ask whether and how a tech product affects the safety of their digital communication? No and no.

A new or existing agency ought to oversee and enforce security design standards for technology products. The CPSC and/or the National Institute of Standards and Technology and the Federal Trade Commission could be designated for this purpose. But creating new agency with a clear mission seems preferable.

The role of a cyber security agency

The primary responsibilities of such an agency would be:

• Development of security design standards and working with Congress in mandating appropriate standards
• Creation of an accreditation and certification program
• Quality enforcement through regular third-party testing, and conducting recalls.

The idea of more government regulations is off-putting to most. But such oversight would benefit the industry by ultimately reducing the risk of cyberattacks. It also offers incentive to small and medium-size businesses to meet certification demands. This results in an increased market capacity.

Source: Trevor H. Rudolph. “A Consumer Product Safety Commission for Cyber?” fcw.com. 28 Nov. 2017.