Online Trust Alliance, IoT Trust Framework - Discussion Draft, 11 August 2015

Proposal for Internet of things Trust Framework - Call for Industry Feedback

On 11 August 2015, the Online Trust Alliance (OTA) a non-profit organization with the mission to enhance online trust, released its "Internet of Things Trust Framework - Discussion Draft", the first global, multi-stakeholder effort to address IoT risks comprehensively. The suggested IoT Trust Framework presents guidelines for IoT manufacturers, developers and retailers to follow when designing, creating, adapting and marketing connected devices in two key categories: home automation and consumer health and fitness wearables. In the spirit of collaboration, OTA openly invites industry leaders to review the document and provide feedback.

About OTA

With members that include ADT, AVG Technologies, Microsoft, Symantec, TRUSTe, Verisign and nearly 100 other subject matter experts, the OTA IoT Working Group was formed in January 2015.

The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors.

Focus of "IoT Trust Framework"

Through extensive research, this taskforce concluded that the safety and reliability of any IoT device, app or service depends equally on security and privacy, as well as a third, often overlooked component:

Sustainability — the life-cycle supportability of a device and the protection of the data after the warranty ends — is critical to the security, privacy and personal safety of users and businesses worldwide.

Without addressing sustainability, devices that may have been secure off the shelf will become more susceptible to hacking over time. This could lead to hackers remotely opening garage doors and turning on baby monitors that are no longer patched to infiltrating fitness wearables to spy on health vitals, or creating mayhem by sabotaging connected appliances.

Best Practice Recommendations – Call for Comments

OTA’s Internet of Things Working Group includes security and privacy experts, policymakers, and companies in the fields of consumer product goods, health care, retail and e-commerce, and home security. Some of its proposed best practices include:

  • Making privacy policies readily available for review prior to product purchase, download or activation.
  • Encrypting or hashing all personally identifiable data both at rest and in motion.
  • Disclosing prior to purchase a device’s data collection policies, as well as the impact on the device’s key features if consumers choose not to share their data.
  • Anonymity: Disclosing if the user has the ability to remove or make anonymous all personal data upon discontinuing device or device end-of-life.
  • Publishing a timeframe for support after the device/app is discontinued or replaced by newer version.

In parallel with these best practices, OTA is developing specific testing tools and methodologies to formalize the IoT Trust Framework with scoring criteria, leading to a voluntary Code of Conduct and a forthcoming certification program. OTA welcomes collaboration with organizations interested in partnering to help accelerate and broaden adoption of such certification programs worldwide.

Call for Public and Industry Comment

OTA is seeking public and industry comment on this list of best practices until 14 September 2015. To review the framework, provide feedback, or for information on joining the IoT Working Group, please go to:


OTA, "IoT Trust Framework – Discussion Draft", released 11 August 2015 (updated 13 August 2015)

"Internet of Things Lacks Safety Today, Opening Door to Major Threats Tomorrow, Warns OTA", OTA Press Release, 11 August 2015


Verlag Dr. Otto Schmidt vom 17.08.2015 11:50

zurück zur vorherigen Seite