White House Announces ‘Cyber Trust Mark’ Labeling Initiative for Smart Devices

The Biden administration is planning to launch a new cybersecurity certification and labeling program aimed at helping Americans make more informed decisions when it comes to purchasing smart devices that are less vulnerable to cyberattacks.

Known as the “U.S. Cyber Trust Mark” program, the initiative will be overseen by the Federal Communications Commission (FCC), according to a July 18 statement from the White House.

The program would “raise the bar for cybersecurity across common devices, including smart refrigerators, smart microwaves, smart televisions, smart climate control systems, smart fitness trackers, and more,” according to officials.

Under the new initiative, internet or Bluetooth-connected devices including baby monitors, home security cameras, and refrigerators that meet U.S. government cybersecurity requirements will have an identifying logo or a “trust mark” placed on them.

A QR code linking to a national registry of certified devices will also provide consumers with specific information regarding how safe the smart products are, the White House said.

“Working with other regulators and the U.S. Department of Justice, the Commission plans to establish oversight and enforcement safeguards to maintain trust and confidence in the program,” officials said.

Before the program launches, the FCC will seek public comment to determine what criteria is used to label products with the trust mark. The new initiative is expected to be up and running in 2024.

“As proposed, the program would leverage stakeholder-led efforts to certify and label products, based on specific cybersecurity criteria published by the National Institute of Standards and Technology (NIST) that, for example, requires unique and strong default passwords, data protection, software updates, and incident detection capabilities,” the White House said.

The announcement came on the same day the FCC applied to register a national trademark with the U.S. Patent and Trademark Office that would be applied to products meeting the cybersecurity criteria.

The FTC said the company was compromising its customers’ privacy by allowing employees and third-party contractors, including some based in Ukraine, to access consumers’ private videos and use the videos to train algorithms without their consent.

The company also failed to implement basic privacy and security protections for customers who purchased the cameras, the FTC said, allowing hackers to take control of consumers’ accounts, cameras, and videos, and in some cases threaten and harass customers.

As part of the settlement, the home security camera company—which Amazon purchased in 2018—must delete all data, models, and algorithms derived from videos it “unlawfully reviewed” and must implement a privacy and security program with “novel safeguards on human review of videos” and multifactor authentication for both employee and customer accounts, among other things.

At the time, an Amazon spokesperson told The Epoch Times that the company’s devices and services are “built to protect customers’ privacy, and to provide customers with control over their experience.”

Meanwhile, Google, which has also partnered with the FCC for the Cyber Trust Mark program, agreed to pay $391.5 million in 2022 as part of a settlement with 40 states over claims it tracked users’ locations via their mobile phones and other devices.

At the time of that settlement, Google said it had addressed and corrected some of the location-tracking practices raised in the lawsuit and that the issues were based on “outdated product policies that we changed years ago.”

According to an April report from the cybersecurity firm Bitdefender and networking equipment company NetGear, the most vulnerable smart devices in 2022 were smart TVs, followed by smart plugs, routers, and digital video recorders.