TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | With the Internet of Things in Full Force, Will Congress Act? Related reading: Can We Adapt to the Internet of Things?



Several witnesses appeared before the House Energy and Commerce subcommittee on Tuesday to testify about the rapidly growing Internet-of-Things (IoT) ecosystem. With approximately 25 billion connected devices in existence, and counting, the economic benefits and job opportunities in IoT appears to be eclipsing any significant Congressional motivation to regulate this landscape.

In fact, the hearing followed an IoT showcase hosted by the subcommittee to demonstrate many of the technological innovations currently being developed by businesses. “We saw first-hand some of the innovative ways that companies are using the Internet and network sensors to create, enhance and customize products to better meet consumer preferences,” said Subcommittee Chairman Michael Burgess (R-TX).


There was agreement across the panel that Congress should have a “light-touch” approach to regulating the IoT and that the U.S. needs to have a national strategy in order to compete globally.

Rep. Marsha Blackburn (R-TN), who is chairwoman of the full committee, said, “It’s important we look at the size and scope when we look at the IoT.” She cited a recent Cisco report noting that by 2020, there will be as many as 50 billion devices connected to the Internet with a global economic output in the trillions of dollars.

“It behooves us to say, 'How do we get our hands around this?'” she said. “People like these services because it does add convenience, but it accelerates the probability of privacy and security” vulnerabilities. Harkening back to the Internet’s origins, Blackburn noted that it started with four people who were vetted and secure, and now, “we want to allow 50 billion devices to connect but with an infrastructure that provides protections” like it did decades ago.

So what role should Congress play, if any, in the IoT ecosystem?

“Congress should really look at how consumers are hurt or not hurt by uses of data,” said Information Technology and Innovation Foundation Vice President Daniel Castro, and it should not regulate the collection of data but rather harmful use. “We want data to be shared,” he said.

Castro went further, calling for federal data breach notification legislation—one sturdy enough to preempt state laws—as well as passage of a cyber-information sharing law. Belkin International Chief Technology Officer Brian van Harlingen agreed, saying that rules around data breach management should be clear and consistent.

Intel’s Rose Schooler, who serves as vice president of the IoT Group and GM of the IoT Strategy and Technology Office, said that in addition to a light-touch regulatory approach, there should be an open dialogue among industry, consumer groups and lawmakers. She encouraged a focus on security and interoperability and strong public-private partnerships. “There should be a national IoT strategy, with open standards, open-sourced and interoperable,” she added.

ITIF Vice President Daniel Castro testifying to a House subcommittee on Tuesday.

ITIF Vice President Daniel Castro testifying to a House subcommittee on Tuesday.

“Whenever there’s new technology,” said Castro, “there are fears. But many issues are resolved by the market. That’s why we want this light-touch approach. If you can’t have businesses using this data, you’re not going to see this magnitude of benefits.”

Castro also pointed to other sector-specific approaches that have worked in privacy regulation, noting there are industry-specific areas that could give rise to data use concerns, including in the education and healthcare fields. But for Castro, it depends on the consumer harm. “If we restrict regulation to data use, then it doesn’t matter how you got that information, the point is we regulate the use. That provides consumers the confidence that no matter where the data goes,” if it causes harm, then a company would be liable.

Tuesday’s hearing comes just months after the U.S. Federal Trade Commission (FTC) published a detailed report on the IoT and a day after it announced the formation of the Office of Technology Research and Investigation (OTRI) as the new successor to the agency’s Mobile Technology Unit. According to an FTC blog post, “The OTRI will provide expert research, investigative techniques and further insights to the agency on technology issues involving all facets of the FTC’s consumer protection mission, including privacy, data security, connected cars, smart homes, algorithmic transparency, emerging payment methods, big data and the Internet of Things.”

In its report on the IoT, the FTC included a series of recommended steps businesses can take to protect consumer privacy and security. In the January release of the report, FTC Chairwoman Edith Ramirez had said, “We believe that by adopting the best practices we’ve laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized.”

Significantly, the FTC said any legislated regulation of the IoT “would be premature at this point in time given the rapidly growing nature of the technology.” Clearly, Tuesday’s House subcommittee and its witnesses agree on that last point.


If you want to comment on this post, you need to login.