The Internet of Things (IoT) was front-and-center on Wednesday during a Senate Committee on Commerce, Science and Transportation hearing that featured testimony from a wide spectrum of witnesses across industry sectors. At issue in the now Republican-controlled Senate committee hearing was whether the IoT and its many benefits can flourish unfettered in a free marketplace or if regulations are needed to mandate strong security, ensure privacy protections and manage other more technical issues around spectrum availability.

CDT's Justin Brookman

As became clear during the testimony, the IoT realm goes beyond consumer protection and privacy. It has also become a major factor in industrial and agricultural operations. On the whole, however, panelists agreed that a single national IoT regulatory plan would not be the answer, but strong security in all devices will be paramount.

“We have to design security in at the beginning and throughout a connected device’s lifecycle,” said Intel IoT Group Vice President and General Manager Doug Davis.

Overall, there appeared to be some bipartisan support for not regulating the IoT industry just yet. Sen. Cory Booker (D-NJ) said, “This is a phenomenal opportunity for a bipartisan approach. My concerns are what my Republican colleagues’ are. We should encourage this growth, not restrict it.”

Booker, in fact, called for the hearing alongside Sens. Kelly Ayotte (R-NH), Deb Fischer (R-NE) and Brian Schatz (D-HI).

The regulatory approach of the 1990s was also used as an example for how to proceed with the IoT now. “We got policy right with the Internet in the 1990s,” said George Mason’s Mercatus Center Senior Research Fellow Adam Thierer, “now we need to get it right for the IoT. We need a light-touch, market-driven approach without trying to anticipate problems.”

The Congressional inquiry comes less than two weeks after the Federal Trade Commission (FTC) released its much-anticipated report on the IoT, which didn't go so far as to call for immediate regulations, and a day after FTC Chief Technologist Ashkan Soltani released a blog post on IoT security concerns, particularly regarding the shelf life of a product. “If a critical vulnerability is discovered,” Soltani wrote in his FTC post, “will an update be provided? … Should modern refrigerators have a shelf life, much like the food contained within?”

George Mason's Adam Thierer

At times, some senators did take swipes at the FTC’s role in regulating the IoT environment. Ayotte asked whether there’s enough data security certainty for businesses under Section 5 of the FTC Act. Thierer said the case law coming out of FTC settlements is an evolving set of references for business to use.

According to the panelists, big IoT winners will be retail and the industrial and agricultural sectors, as well as wearable health-tracking devices and connected cars.

Sen. Gary Peters (D-MI) pointed out that vehicle-to-vehicle (V2V) communication has the potential to curb 80 percent of automobile accidents and noted the automobile industry has been proactive in creating privacy-protecting guidelines for smart cars.

Center for Democracy & Technology’s Justin Brookman said it’s great to see the industry active on the issue but also discussed the personal nature of cars. “I’d like to see more consumer control over whether a company knows your location,” he said, for example, citing controversial comments made last year by Ford’s CEO on knowing “where you are.”

Brookman supported the safety potential for connected cars but warned against including personal information in V2V communications. “My car needs to know a car is swerving toward me,” he explained, “but it doesn’t need to know that it’s Adam’s car swerving at me.”

Sen. Ed Markey (D-MA)

Just days after releasing a damning report on connected car security and privacy protections, Sen. Ed Markey (D-MA) took an opportunity to once again warn that the auto industry needs to do more to ensure smart cars are safe for consumers. “If you can figure out an algorithm that can send information around the world,” he said, “then you can figure out an algorithm to protect consumers’ information.”

Data ownership was also a theme that ran through the morning’s hearing. Sen. Joe Manchin (D-WV) said clearly big money is made off of consumers’ personal data. “For those who want privacy,” he asked, “where is that money going?”

Some of the panelists agreed that, often, consumer value resides in the inherent improvement of services through such personal data.

Brookman noted that activity trackers can serve as a good example of how best to give consumers control over their data. Let the consumer decide whether she wants to share her personal data. Businesses can add a value proposition, though. If you share your data, we’ll give you five dollars off your next purchase, he suggested.

Though no regulation appears to be in the IoT's near future, it's clear that it's on just about everyone's radar. How well organizations, both big and small, ensure their products and services are reasonably secured may well determine whether regulation eventually will be needed.