Datenspuren

IT-Sicherheit für Verbraucher stärken

Entwicklung eines IT-Sicherheitsbewertungssystems für "intelligente" Produkte: Auf dem Weg zu einem sicheren Internet der Dinge für Verbraucher
Großer Saal
Wie ist der Stand der IT-Sicherheit bei Verbraucherprodukten? Wie könnten europaweit verbindliche Vorgaben zur IT-Sicherheit gemacht werden? Wie lässt sich die IT-Sicherheit eines Produkts transparenter machen? Informatikerin Anja Hirschel und der Europaabgeordnete Patrick Breyer schlagen ein Bewertungssystem zur IT-Sicherheit von Produkten vor und haben einen entsprechenden Antrag eingereicht. Wie nützlich wäre eine „IT-Sicherheitsampel“ (ähnlich Ernährungsampel) oder bestimmte Icons, die klar zeigen, ob ein Produkt aktualisierbar ist, verschlüsseln kann usw.?
Einreichungstext des Forschungsprojektes: When buying goods with embedded digital technology, like smart products (e.g. connected cars, mobile phones, 'Smart TVs' or any other ‘smart’ products that make up the Internet of Things), which IT security features are to be subject to the contract? The answer should be clear for the consumer. With the Internet of things, 'smart' devices start affecting the world in a direct and physical manner (e.g. car technology). IT devices that are insecure and vulnerable to integrity and availability threats increasingly risk our lives and property. Consumers will get more and more familiar with the digital world, and in particular with 'smart' goods. Such growing digital literacy will favour the demand for easy access to more detailed information about smart goods and about how to facilitate their use. The Pilot Project will aim to make the new 'Digital Contract' rules easily readable for consumers thanks to the development of an IT security rating system for smart goods. This IT rating system could for instance consist in 'traffic lights' or icons that would show whether a device will be automatically updated, whether encryption will be applied to stored data, or other security features. This information will trigger the consumer's rights and the manufacturer's liability. According to the Digital Content Directive, suppliers of digital goods and services will have to provide updates to smart goods, which is not just important to make them function longer, but also to increase cybersecurity. The Directive provides for objective requirements for the conformity of the goods and services, including performance features such as those related to security, which the consumer may reasonably expect. Thanks to the rating system in 'smart' goods, consumers will for instance know whether such updates happen automatically. In order to foster EU innovation in the highly competitive field of the Internet of Things (IoT), the European industry needs to attract EU consumers with consumer friendly features in the development of their products. The legal protection of consumers, and the legal certainty about such protection, are key in developing future markets and make the EU compete worldwide, while keeping high level EU standards of consumer protection. Defining a common set of standard rules to rate smart goods and their contractual mechanisms could be an asset for European SMEs wishing to make their products consumer friendly. This can also support the EU-level development of 'legal design' tools on contract rules to be further developed by industry players in the field of IoT products, in partnership with lawyers and data protection experts. JUSTIFICATION: The European legislator has endeavoured to bring clear legal solutions for consumers, especially when buying 'smart goods', with a Directive on Contracts for the Supply of Digital Content and Digital Services, and with a Directive on the Sale of Goods, both adopted in 2019. However, practical solutions are needed to make sure that consumers can identify and compare the IT security features of 'smart goods' and exercise their contractual rights in this respect.

Additional information

Type lecture
Language German

More sessions

9/20/19
Datenspuren
Großer Saal
Tilo Jung, Stefan Schulz und Hans Jessen kommen nach Dresden und machen den zweiten A!Live außerhalb Berlins.
9/20/19
Datenspuren
Großer Saal
Party
9/21/19
Datenspuren
Nerd Norbert
Großer Saal
Eröffnung der Datenspuren 2019
9/21/19
Datenspuren
Zentralwerk Hof
Ganztägig an beiden Tagen: Freifunk Infostand; Fabmobil: Laser, 3D Drucker; Infostand GNUnet; Infostand Libertäre Tage; Infostand Extinction Rebellion; Schließsport aka Lockpicking; Elektrobike; YOLO900;
9/21/19
Datenspuren
schanzen
Großer Saal
re:claimID is a decentralised service for self-sovereign personal data sharing. It allows users to reclaim their privacy and control over their digital identities and data while at the same time offering standard compliant protocol support through OpenID Connect. In this lecture, we present the motivation behind the technology and the technical foundations.
9/21/19
Datenspuren
frehberg
Kleiner Saal
TCP is a stream oriented protocol. The protocol is widely used but few know about its signaling capabilities, This talk will present the signalling capabilities of the TCP protocol, and I would like to discuss useful usage of this feature.
9/21/19
Datenspuren
Seminarraum
This workshop will quickly introduce GNUnet and then will head into hands-on directly: If you have an installation, then lets try out whatever possible - if you don't have an installation then let's get it installed on your system. We'll focus then on installing re:claimID, too.