Scope and Field of Application
|
The use of IoT devices by users to abuse and coerce vulnerable users is a matter that ETSI cannot ignore. The number, and format, of devices, their penetration, and their core functionality, all make them attractive to both the vulnerable user and their abuser. The intent of this work item is to identify design practices that guide the development of measures that allow some degree of mitigation in both the devices themselves and in the services that the devices support.
Thread #1: Coercive control resistant design
The role of coercive control resistant design is addressed in device and service design. It is expected that this will examine and guide the designer on the roles of user identification, location and access control, in order to limit, where possible, the ability of the abusive or coercive party to use the device whilst not limiting the access to the device functionality by the intended user.
Thread #2: Trauma informed design
Trauma informed design requires acceptance that devices are actively targeted as threat-agents of coercion. This element of the work is expected to address feature extensions in IoT devices and services to allow the at risk user to seek help without interference from the coercive party. The work should also identify where future standards are required to further strengthen the protection of the vulnerable user.
|