Privacy Not Top Concern at House Hearing on IoT
Protecting consumers' privacy as the Internet of Things expands from 25 billion devices to an estimated 50 billion connected products by 2020 wasn't expressed as a big concern for many members of the House Commerce, Manufacturing and Trade Subcommittee during a hearing Tuesday on the IoT. Most members expressed more concern about IOT's potential impact on the economy and innovation, as expected (see 1503230046">1503230046). Chairman Michael Burgess, R-Texas, said in his opening statement, that as privacy and security issues are examined, “it is important that we balance these concerns with the creativity and innovation driving this market forward.” Some members from both parties asked witnesses to address privacy, and urged privacy and strong security protections be built into products from the get-go, saying innovative technologies won’t be needed if there's no consumer trust.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
People like IoT devices because they “add convenience to our lives,” said Rep. Marsha Blackburn, R-Tenn. Blackburn backed a light-touch regulatory approach to the IoT to “inspire innovation,” but said matters such as how data would be mined and extrapolated need to be addressed. “Along with these innovations come new vulnerabilities -- vulnerabilities that we in Congress have a responsibility to protect consumers against,” said Rep. Frank Pallone, D-N.J. Pallone hypothesized that if he wore a bracelet that monitors different aspects of his health and physical activity such as steps taken, how he slept, heart rate and where he has gone, he wouldn't want the data divulged to a potential employer or sold to an insurance company, or for a hacker to access the information or to monitor his location.
“Without strong security and privacy protections, consumers can be at real risk,” Pallone said. “These risks can have devastating consequences,” such as inducing a lethal overdose after remotely accessing an insulin pump or hijacking the operations of a car and “suddenly turning the wheel or cutting off the brakes,” Pallone said. If privacy and security protections are built into devices, “manufacturers can more effectively prevent hackers from accessing a device or the data it produces or collects,” he said.
The role of Congress should be data breach management, said Information Technology and Innovation Foundation Vice President Daniel Castro and Belkin International Chief Technology Officer Brian Van Harlingen. The U.S. has been more successful than Europe on data issues because the U.S. doesn’t have “stringent privacy law,” Castro said. LiveWatch Security CEO Brad Morehead urged Congress to invest in battery power for IoT devices, especially those that help first responders. Intel Vice President-IoT Group Rose Schooler said Congress needs to create an open dialogue among industry, the government and consumer groups, and encouraged Congress to focus on security, interoperability and a national IoT strategy. While the witnesses varied in what Congress' focus should be, all agreed IoT should be lightly regulated.
There's often uncertainty when new technologies emerge on the market, Castro said. But issues are often resolved by the market, he said. The U.S. has to “embrace technology in a more aggressive capacity,” Schooler said. Europe has been quicker in adopting new IoT technologies, she said.
Information security has evolved, Castro said. Previously, coders didn’t think about security issues when designing a device, but now coders try to fix security issues at the outset, Castro said. Home security was part of the IoT before there was an IoT, Morehead said. The system is “formed on a foundation of security,” he said. The information collected is shared only with those the homeowner or business owner approves of, Morehead said. The challenge is, it’s more helpful in an emergency situation to share information with many people because there's power in numbers, he said.
Assuming there continues to be an “explosion of data,” Blackburn asked witnesses what Congress should do to protect the data. Castro defined harm as information being collected without the consumer's knowledge and data being shared in ways the consumer wasn’t aware of, and said Congress should look at whether there's consumer harm before getting involved. Van Harlingen agreed with an FTC recommendation that consumers should be notified and given a choice about data collection. There shouldn’t be a broad blanket policy, Schooler said, but security should be built in at the onset for the device, network and cloud. Morehead said he believed different markets would emerge for data. “Apple” markets will cost more and the data will remain private, he said. “Google” markets will offer free, public services, but the cost will be that the data is also made publicly available, he said.
Pallone referenced comments by FTC Consumer Protection Bureau Director Jessica Rich at a hearing last week on data security (see 1503180053), in which she said the agency recommends device security be added to data security and breach notification legislation to protect consumers. If privacy is built in, “consumers can have confidence in these products,” Pallone said, because consumers “need to know that their intensely personal information will not be shared with the world without their consent.”