Grant funding for the development of a new assurance scheme for consumer IoT (Internet of Things) products aimed at protecting children using internet-connected toys has been awarded to a Stockport-based technical auditing company.
The new scheme will help to provide assurance for internet connected devices that are intended for use by children. As a part of the Government’s Grant Programme for Consumer Internet of Things Assurance Schemes, the Age Check Certification Scheme (ACCS) has been awarded a substantial grant to develop a new “Internet of Toys Assurance Scheme”.
Under data protection laws, a new Age Appropriate Design Code is now being implemented. This “Children’s Code” and a new cybersecurity standard for the internet of things, published by the European Telecommunications Standards Institute, ETSI EN 303 645, will together be the basis for the development of the new assurance scheme for all manufacturers, importers and distributors of connected toys. The scheme will provide assurance that the relevant security provisions have been met thereby reducing the risk of vulnerabilities in children’s toys. This is intended to give parents confidence that toys are not putting their children at risk of harm from how their data, activities, photos, videos and location are shared online by the device and in turn, could be beneficial for growth of the internet-connected toy sector.
Matt Warman MP, Minister for Digital Infrastructure, said:
"This funding will help create a scheme to improve the security of smart devices and boost our burgeoning digital economy while protecting people online. The aim is to give parents more confidence the internet-connected toys they are buying have stronger security and assure retailers the products they are stocking meet key cyber security requirements."
Tony Allen, Chief Executive of the Age Check Certification Scheme said:
“This is a fantastic opportunity to build stronger assurance for parents and children – so that they can enjoy the fun and educational boost connected toys can bring, whilst being protected from cyber and data security risks, including from people who may seek to exploit or abuse them. We are delighted to have been selected by DCMS to deliver this project and even more excited to be building on our Northern Powerhouse backed investment.”
The Internet of Toys describes the range of devices that are likely to be used by children and young people and utilise connections to apps, web services or interoperability with other devices. The Internet of Toys Assurance Scheme will be testing these devices to ensure that they meet European Standards for securing consumer smart products and UK Data Protection laws.
The Age Check Certification Scheme is an independent 3rd party certification scheme which tests that age check systems work for providers of age-restricted goods, content and services. They instil confidence in both the providers of these goods and the wider community, ensuring that systems are secure and minors are protected from material and services that could harm them. ACCS is part funded by the Northern Powerhouse Investment Fund.
Internet of Things
From talking fridges to coffee makers that brew your morning latte before you’ve left your bed, our homes are increasingly being filled with ‘smart’ devices. But what connects these appliances? The simple answer: the internet. If the device has the capacity to gather and share electronic information, chances are it is part of The Internet of Things, an enormous network encompassing all of these connected ‘Things’.
Internet of Toys
The Internet of Toys is a subset of the Internet of Things and refers to toys designed for use in play by children under the age of 14 and young people between the ages of 14 and 18. Toys in this category are connected to online platforms through Wi-Fi and Bluetooth, and boast new, embodied ways of being online from a young age. Connected toys can record sounds, images, movement and location as well as the ‘play data’, thus allowing future interactions with the child to be personalized. Take Mattel’s Hello Barbie, a doll able to record and respond to a child’s speech via a built-in microphone. Through a Wi-Fi connection, the speech is sent out to Toy-Talk, (Mattel’s voice-processing partner) for processing and the doll then responds in natural language. The robotic toy ‘Furby Connect’ is another example, which can be controlled via a mobile app. When the app is used the toy reacts physically, talking in ‘furbish’ for instance.
Government Call for Views
The government is processing legislation to bring into law minimum security requirements for smart devices. Plans drawn up by DCMS in the form of a new law will ensure all consumer smart devices sold in the UK adhere to 3 rigorous security requirements for the Internet of Things (IoT) based on aspects of the standard ETSI EN 303 645. These are:
All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting.
Manufacturers of IoT devices must provide a public point of contact so anyone can report a vulnerability that will be acted on in a timely manner.
Manufacturers must explicitly state the minimum length of time for which the device will receive security updates at the point of sale.
ETIS EN 303 645
In February 2019 ETSI, a European Standards organization published the first globally-applicable industry standard on consumer IoT security, informed by the UK Government’s Code of Practice. The government continues to work in partnership with other governments and global standards bodies, such as ETSI, to drive a consistent, global approach to the cybersecurity of smart devices.
About the grant
The government made available a £400,000 funding pot to support the market of industry-led assurance schemes for the rapidly growing Internet of Things sector. This funding comes at a time of huge growth in the sale of connected devices, with research suggesting there will be 75 billion internet connected devices in homes worldwide by the end of 2025. The assurance schemes will demonstrate that devices have undergone rigorous testing and are vital in enabling consumers to make security-conscious purchasing decisions.