FTC Seeks Internet Of Things Rules - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Devices
News
1/27/2015
04:28 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

FTC Seeks Internet Of Things Rules

More responsible business practices and new laws are needed to make the Internet of Things viable, the FTC says.

10 Cloud Analytics & BI Platforms For Business
10 Cloud Analytics & BI Platforms For Business
(Click image for larger view and slideshow.)

The Federal Trade Commission wants companies to limit data collection and improve security practices as they develop the Internet of Things. The Internet of Things (IoT) refers to the estimated 25 billion devices that can connect to networks to send and receive data. It includes not only desktop and mobile computing devices, but also Internet-ready appliances and accessories such as the Nest Thermostat and the Fitbit activity tracker, as well as networked automobiles.

The Internet of Things is growing and is expected to reach 50 billion devices by 2020. With more and more companies adding sensors, processors, and networking capabilities to their products, the FTC has become concerned about how the networking of all these things will affect consumer privacy and security.

In a report issued on Tuesday, the FTC advised businesses to adhere to best practices for security and privacy, based on findings from a workshop it held in November of 2013. The agency's recommendations hew to accepted wisdom in the security and privacy communities. The report advises companies: to build security into devices at the outset, rather than after the fact; to train employees about security; to ensure outside contractors also follow security rules; to practice defense-in-depth, rather than to rely on a single perimeter defense; to employ some means of data protection (encryption); and to update devices over their lifespans to patch security vulnerabilities.

(Image: Cisco)

(Image: Cisco)

Beyond this non-binding best-practices boilerplate, the FTC also wants legislation "to strengthen its existing data security enforcement tools and to provide notification to consumers when there is a security breach." It also wants "broad-based (as opposed to IoT-specific) privacy legislation."

While it awaits such legislation -- unlikely given present political gridlock and the inevitable pushback from the tech industry -- the agency says it will enforce the FTC Act, the FCRA, the health-breach notification provisions of the HI-TECH Act, the Children’s Online Privacy Protection Act, and other laws that might apply to the IoT.

Businesses may not find that too troublesome, given that several recent FTC settlements -- PaymentsMD, LLC, MPHJ Technology, and Google – have been generally seen as a slap on the wrist.

But one of the agency's recommendations in particular has alarmed anti-regulation advocates. The FTC wants companies to pursue data minimization, "limiting the collection of consumer data, and retaining that information only for a set period of time, and not indefinitely."

[Want to learn more about imposing security in the cloud? See IBM Launches Cross-Cloud Security Protection.]

Daniel Castro, Director of the Center for Data Innovation at the Information Technology and Innovation Foundation, said in a statement that the FTC has failed to propose a regulatory approach that narrowly targets harms without hampering potential innovation. "In particular, in calling for companies to reduce their use of data, the FTC misses the point that data is the driving force behind innovation in today’s information economy," he said.

It's as if the FTC had advised the miners flocking to California in the 1849 gold rush to collect only as much gold as they could reasonably protect. That's essentially what the FTC is asking of today's data miners, who prefer to operate without such pressure in a largely informal regulatory structure that recalls California's past.

FTC Commissioner Joshua D. Wright, in a dissenting statement, argues that the FTC fails to provide adequate evidence to justify the potential economic impact of its recommendations. The agency's advocacy of data minimization, he argues, comes "[w]ithout providing any sense of the magnitude of the costs to consumers of foregoing this innovation or of the benefits to consumers of data minimization, and without providing any evidence demonstrating that the benefits of data minimization will outweigh its costs to consumers."

Assessing privacy in economic terms, however, considers only one possible dimension of the issue. Privacy also is a component of human dignity, which doesn't have an easily measured value. It is protected under the Universal Declaration of Human Rights and by US law. It should be the default case rather than an exception when affordable. As we develop the Internet of Things, the burden should be on would-be innovators to demonstrate responsible stewardship of data.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
1/27/2015 | 7:40:35 PM
Where is the privacy Minuteman?
There does not seem to be a federal agency any more at which privacy protection lies at the center of the things that they're doing. On the contrary, it is constantly subordinated to other purposes. It's as if there's a Homeland Security advisory or secret clause in the Patriot Act that declares privacy is an outmoded concept.
asksqn
50%
50%
asksqn,
User Rank: Ninja
1/27/2015 | 4:44:13 PM
Privacy, much?
excerpt >> the FTC misses the point that data is the driving force behind innovation in today's information economy,<<

 

Castro misses the point.  Not everyone wants her data spread tither & yon to be bought/sold/traded by bottom feeders like Castro to make $$$$$ for someone else's bank account. 
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll