U.S. lawmakers are continuing to cast a wary eye at the rapidly growing Internet of things, understanding the benefits that can be derived while at the same time trying to determine the government’s role in protecting the security and privacy of consumers and their data.
Last month, House representatives announced the creation of a Congressional Caucus on the Internet of Things (IoT). Two weeks later, the Federal Trade Commission (FTC) in a report stressed that technology vendors and businesses must ensure that privacy and security remain a focus as they develop their connected devices and services.
On Feb. 11, the Senate Committee on Commerce, Science and Transportation will conduct a hearing about the issue as Congress looks to navigate a path that encourages the innovation necessary for the IoT to flourish while addressing inherent security risks that come when tens of billions of devices become connected to the Internet and each other.
The hearing was the result of a bipartisan request from Democratic Sens. Cory Booker of New Jersey and Brian Schatz of Hawaii and Republicans Kelly Ayotte of New Hampshire and Deb Fischer of Nebraska.
“Standing on the cusp of technological innovations that will improve both the safety and convenience of everyday items, we shouldn’t let government needlessly slow the pace of new development,” Sen. John Thune, R-S.D., the committee’s chairman, said in a statement. “By engaging early in this debate, Congress can ensure that any government efforts to protect consumers are tailored for actual problems and avoid regulatory overreach.”
The interest from government agencies and lawmakers comes as the Internet of things begins to take hold. Cisco Systems officials have said the number of connected devices—from tablets and smartphones to industrial systems, cars, home appliances, and residential and commercial security systems—will grow from 25 billion last year to more than 50 billion by 2020. Various analyst reports have put the IoT market between $7 trillion and $9 trillion by the end of the decade.
Tech vendors and businesses have been vocal about the benefits from the IoT, from improvements in consumers’ lives to greater efficiencies and expanded opportunities for businesses. Cisco officials have said that the global impact of what they call the Internet of everything—which includes not only devices but people and applications—to businesses worldwide could be as much as $19 trillion.
However, security professionals have been just as vocal about the need to deal with the risks that connecting tens of billions of devices means, not the least of which is a rapidly expanding potential attack surface for cyber-criminals. IT professionals are having a difficult enough time securing the systems that are online now. As the number of connected systems and devices grows, so do the dangers. In addition, a key part of the IoT is not only the devices’ connection to the Internet, but also to each other, and the data they pass back and forth.
It was a key message in the FTC’s Jan. 27 report, which laid out a list of steps that vendors and businesses need to take to ensure that as the IoT grows, consumers and business users can feel confident in the security of the devices and systems and the protection of their data.
“The only way for the Internet of things to reach its full potential for innovation is with the trust of American consumers,” FTC Chairwoman Edith Ramirez said in a statement at the time. “We believe that by adopting the best practices we’ve laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of things to be fully realized.”
Congress, Government Agencies Putting Focus on IoT
In its report, the FTC agreed with others that it’s too early in the development of the IoT for specific legislation, given how quickly the technology is evolving. However, commissioners are recommending laws regarding data security and breach notifications.
Given the broad impact the IoT will have on consumers and businesses, U.S. lawmakers say it’s time Congress started to take a look at the issues. On Jan. 13, Reps. Suzan DelBene, D-Wash., a former Microsoft executive, and Darrell Issa, R-Calif., chairman of the Subcommittee on Intellectual Property, Courts and the Internet, announced the creation of the Congressional Caucus on the Internet of Things. The goal of the caucus is to educate House members about the technology and public policy around the IoT, according to DelBene and Issa.
“Policymakers will need to be engaged and educated on how we can best protect consumers while also enabling these new technologies to thrive,” DelBene said in a statement. “It’s important that our laws keep up with technology and I look forward to co-chairing the IoT caucus.”
Congress on Feb. 9 got another look at the potential benefits and dangers of an increasingly connected world. Rep. Ed Markey, D-Mass., released a report indicating that while the automotive industry is rapidly adopting such wireless Internet access and Bluetooth, not enough attention has gone into securing the connected cars, putting safety and privacy at risk.
“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyber-attacks or privacy invasions,” Markey said in a statement. “Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected.”