The US Federal Trade Commission has released a report on the Internet of Things, and finds itself somewhat at a loss with respect to security regulations, writes T.C. Sottek in an article for The Verge. The report’s release coincided with this week’s State of the Net conference in Washington.
At that conference, FTC Commissioner Edith Ramirez noted that technological advances has brought us to “a world where data is being collected all the time,” and asserted that it is “fundamental that consumers continue to be in the driver’s seat, that they have a say in their own information and how it’s being used.” But with respect to legislated regulation with respect to privacy and security, there’s little consensus to be found at the moment; in an op-ed for Recode, fellow FTC Commissioner Terrell McSweeney pointed out that “some companies have already adopted relatively mature security frameworks, while others have not.”
Part of the issue seems to be that the myriad applications and devices integrating into the Internet of Things have such a range of variety that it is simply bewildering to create a specific regulatory framework. But it is possible for companies to come together and agree on broad standards, as we have seen in the FIDO Alliance’s security specifications. These sorts of concerns are sure to be topics of major concern as companies dabbling in IoT continue their discourse over the field.
For now, the FTC is relying on that spirit of self-regulation; the commission’s report concluded that it wasn’t yet necessary to draft legislation specifically dealing with the IoT. But it did set some general guidelines focusing on the onus on companies to secure their devices from the outset, collect as little data as necessary, and inform users of the data being collected. The FTC has also been urging Congress to come up with legislation that would demand immediate notification from companies to their users whenever there’s a security breach.
The takeaway: Everybody’s watching as the IoT begins to take shape, and very few know how to control it. But it will become an increasingly important part of our connected lives, and it’s in everyone’s interest – the politicians and regulators, and the industry’s too – to make sure users’ data is secure.