We interviewed Yael Grauer, Program Manager, Cybersecurity Research, of Consumer Reports about securing the digital marketplace, its Security Planner tool to help consumers safeguard their information, growing concern over digital privacy, funding challenges, and how efforts like Common Good Cyber can help make the Internet more secure for everyone.
Please introduce Consumer Reports and explain how your work as an independent nonprofit contributes to a safer, fairer, and more transparent marketplace, especially the digital marketplace.
Consumer Reports’ mission is to create a fair and just marketplace for all. We are perhaps best known for our ratings and reviews. We test thousands of products and services in 63 labs at our National Headquarters and Testing Center in Yonkers, New York, and our 327-acre Auto Test Center in Colchester, Connecticut. In addition to our testing, we also have a team of investigative journalists who report extensively on marketplace issues and shed light on consumer harms. We also have a survey research team that fields more than 50 surveys a year, reaching hundreds of thousands of consumers to better understand the issues they face. Additionally, we advocate for consumer rights and protections around safety, digital rights, financial fairness, and sustainability in several ways. Consumer Reports also has a mobilization team that engages with industry and manufacturers to improve products and services through public pressure. I’m on the advocacy team, and my colleagues and I push policymakers for change on issues such as data privacy, IoT and security updates, and reasonable AI regulation. I also work on Security Planner along with our security education consultant Jeff Landale. Together we work to give people easy-to-use, customized, up-to-date digital security recommendations to help them protect their data and devices, reduce online tracking, and stay safer online.
Security Planner is one of Consumer Reports’ most accessible tools, helping everyday people make smarter decisions about their digital safety. What role does it play in your broader mission, and how are you evolving it to meet the needs of a rapidly changing threat landscape?
Some of our most sensitive data flows through our devices, and people have a lot of questions about how to safeguard their information. This can be confusing and overwhelming. At the same time, there are big questions about whether the devices and services we use respect our privacy, and whether they adequately safeguard our information.
Security Planner provides the same type of recommendations and expert advice that Consumer Reports is known for, and it’s designed in a way that is personalized to the individual, addressing their concerns and how those apply to their specific devices and what they can do to improve upon it. So much of Consumer Reports is solutions-based, from our webinars to our magazine content and everything in between. Like the rest of Consumer Reports, Security Planner doesn’t run third-party ads, and no company exercises influence over our recommendations of products or services.
Technology is always changing, so Security Planner has to change with it. We regularly update our content to keep it current and relevant. Just this month we updated four of our 53 pages. This is actually a bit of an anomaly in the digital security space, where guides tend to go out of date fairly quickly.
We also recognize that we cannot provide real-time help for urgent security issues, but we do share emergency resources for those who need immediate support.
You’ve done a lot of work on digital rights, consumer privacy, and data security. Have you seen significant shifts in the industry in response to growing consumer demand for data control and transparency?
We definitely see more consumer awareness around privacy and security these days. Companies often market features around these concepts, with some even making privacy a centerpiece of their marketing. We’ve seen some positive changes in our testing as well. A number of manufacturers made changes to their privacy and security practices in response to our testing by fixing bugs or making policy changes. And we’re seeing a little bit of improvement in practices around IoT security, with more companies committed to safeguarding IoT products for a set period of time. While there’s been some progress, there also hasn’t been enough–and a lot of products still have terrible security. Platforms like Amazon are not doing enough to protect consumers from bad products.
Can you share a success story where Consumer Reports’ work led to a significant improvement in consumer protections?
There are a lot of improvements the public never sees, because we work with industry and manufacturers to improve their products and services—sometimes before a product or service even goes to market. When we don’t get results, we share data with regulators to take action against companies with poor practices.
We have a long history of victories from consumers, going back to warning about the public health threat of cigarettes and advocating for safety belts in cars back in the 1950s and 1960s. More recently, we worked to pass the nation’s first digital Right to Repair law in New York in 2023, followed by laws in several other states, giving nearly 80 million Americans the right to fix the products they own. Just last year, the Federal Communications Commission proposed a fine against the maker of video doorbells widely available on Amazon, Walmart, and Temu, citing a Consumer Reports investigation which revealed significant security vulnerabilities in Ekin doorbells. A 2020 Consumer Reports investigation on the telemedicine company GoodRx was cited in an 2023 FTC complaint which led to a $1.5 million fine for sharing consumers’ sensitive health information with companies like Facebook and Google. Under the FTC’s order, GoodRX was prohibited from sharing user health data with third parties for advertising purposes. And in 2020 the State of California announced a $250,000 settlement with Glow, a technology company that operates a mobile fertility application. In 2016, Consumer Reports found that the Glow app exposed women to privacy threats. The $250,000 settlement also required Glow to consider how privacy or security lapses might “uniquely impact women.”
What are the biggest funding and sustainability challenges facing Consumer Reports, and how do you address them?
There is a lot of money being poured into tech products, especially AI. Companies are rushing to get market share and attention, and sometimes security is an afterthought. At CR we buy all the products and services we test at retail, just like a consumer would, so that what we test is identical to the products consumers take home and we maintain our independence. But we have limited time and money and can’t test all of the products and systems out there, so we have to pick and choose.
Beyond not being able to evaluate everything, we’re also competing for people’s attention. People are busy and have a lot of things to worry about, so it can be difficult to get them to think about cybersecurity, fraud, or scams until they’ve already been impacted. We do our best to get their attention, but that takes resources, too.
If your work were interrupted or defunded, what critical consumer protections or public interest efforts would be at risk and what would it take to refill the gaps?
Americans’ confidence that their personal data is private has dropped in the past few years, and consumers are increasing their use of some security tools and software to protect themselves online. While things are improving, they’re not improving fast enough, and people often need guidance on steps they need to take to protect their data and devices as well as what devices are secure by design. Sometimes there isn’t much individuals can do: you can’t always buy something or do something to protect yourself because there are systemic issues across the entire ecosystem. We are also a leading advocate for consumers before policymakers at the national, state, and local levels. Without a trusted voice like CR educating and working with lawmakers on matters such as consumer privacy and security, consumer rights could take a major hit. Consumer Reports helps push companies to be better, either through public pressure or through regulation.
