On September 9th, 2013 - The New York Times asked Adafruit's founder and engineer, Limor "Ladyada" Fried to contribute to an article series called ROOM for DEBATE. The article can be viewed here and Limor's contribution can be viewed here.
We believe Internet of Things devices should all come with a well established expectation of what they will and will not do with consumer's data. In the article we put together the start of what we hope will help this effort - Minimizing Risk Is Easy: Adopt a Bill of Rights
- Open is better than closed; this ensures portability between Internet of Things devices.
- Consumers, not companies, own the data collected by Internet of Things devices.
- Internet of Things devices that collect public data must share that data.
- Users have the right to keep their data private.
- Users can delete or back up data collected by Internet of Things devices.
- Let us take responsibility together for building systems that are easier to use for good and harder to use maliciously
- Devices that are always listening have a physical OFF and ON switch that clearly indicates to the user if and when they're listening. For example, a good practice could include a physical OFF and ON switch, which breaks one of the power lines coming into the recording component, with an indicator LED powered and controlled only by the power line, that clearly indicates to the user when the devices is and isn't listening. Services/devices and API usage of such services/devices, including, for example, Amazon Alexa, Apple Siri, Google Home, and others should clearly indicate when they are ON and listening and OFF and are not.
- A reasonable attempt should be made to secure devices to prevent data from falling into the wrong hands.
If you'd like to contribute to this living document, please fork this repo and submit a pull request with any additions or modifications. Once it's in a pretty solid place we'll ask other companies that make "Internet of Things" devices to sign on.