US Watchdog Urges Safeguards for ‘Internet of Things’
Washington – A US government consumer watchdog agency called Tuesday for better privacy and security to be built into the myriad of connected devices, for fitness, smart homes or other uses.
The “Internet of Things” guidelines released by the US Federal Trade Commission stop short of a new regulatory effort but nonetheless provoked critics who said the agency is overstepping its authority.
FTC Chairwoman Edith Ramirez, who announced the guidelines at a Washington conference, said the move is aimed at promoting “best practices” for these new devices but also noted that her agency has authority to crack down on violations of privacy or deceptive consumer practices.
“Not only is deeply personal information at stake but as you have more and more devices it means there is more potential for exposure,” Ramirez told the “State of the Net” conference.
“If you want these new technologies to flourish, you want to make sure consumers understand what is happening, understand what is being collected, with whom that information is being shared, how this information is being used.”
The FTC last year studied 12 mobile fitness apps and found they shared data with 76 separate entities.
Ramirez underscored the privacy concerns, saying that “if I’m wearing a fitness band that tracks how many calories I consume I wouldn’t want to share that data with an insurance company.”
The FTC report made no specific legislative recommendation for the Internet of Things but noted that in its workshops on the subject “there appeared to be widespread agreement that companies developing IoT products should implement reasonable security.”
The guidelines would apply to the billions of devices which connect to the Internet including automobiles, refrigerators, toothbrushes, fitness trackers and other gadgets.
The agency urged companies to “build security into their devices at the outset, rather than as an afterthought” and to conduct a privacy or security risk assessment.
But the technology think tank TechFreedom said the guidelines appeared to be an attempt to regulate the nascent sector.
“At best, this is just another exercise in workshop theater; at worst, the FTC is trying to regulate the Internet of Things by stealth,” said TechFreedom president Berin Szoka.
Within the agency, FTC Commissioner Joshua Wright issued a dissenting statement saying that the agency appeared to move away from its traditional role “not to make broad policy recommendations.”
“An economically sound and evidence-based approach to consumer protection, privacy, and regulation of the Internet of Things would require the commission to possess and present evidence that its policy recommendations are more likely to foster competition and innovation than to stifle it,” Wright said.
Gary Shapiro, president of the Consumer Electronics Association, welcomes the FTC report, saying the agency is taking the right track in promoting best practices without imposing new rules.
“We commend the FTC for recognizing the enormous personal, economic and societal benefits that IoT enables, and the agency’s efforts to engage and educate businesses on how to secure the IoT ecosystem,” Shapiro said. “However, it’s too early to rush out laws that may choke off innovation.”