As a primary provider of residential Internet service, cable is well positioned to define the Internet of Things (IoT), especially in the home. But the initiative has a watchdog now: the FTC. In a report released Tues, agency staff recommended best practices around privacy and data security for IoT.
Security recommendations include things like building security into devices at the outset, rather than as an afterthought in the design process, training employees about the importance of security, and ensuring that security is managed at an appropriate level in the organization. Service providers should also monitor connected devices throughout their expected life cycle, and where feasible, provide security patches to cover known risks. Commission staff also recommended that companies limit the collection of consumer data, and retain that information only for a set period of time, and not indefinitely.
House Republican leaders weren’t thrilled. “We must exercise great caution to avoid the slippery slope of the Internet of Things evolving into the Internet of Regulation. Let’s stay on this path of remarkable breakthroughs and advancement,” said commerce chmn Fred Upton (MI) and trade subcmte head Michael Burgess (TX) in a joint statement. While IoT is still in its early stages, “now is the time to understand its future prospects and ensure that companies are protecting personal information when they introduce connected devices and services into the marketplace,” the pair said. Nonprofit TechFreedom blasted the report. Before recommending anything, the FTC needs to consider not only the enormous benefits of the Internet of Things, but, more importantly, whether the consumer benefits of any ‘recommendation’ outweigh its costs on the margin. That’s regulatory economics 101,” said the group’s pres Berin Szoka. With more than 900 vendors showing IoT devices at this year’s CES, the FTC staff report is timely, CEA pres/CEO Gary Shapiro said. That said, it’s too early to “rush out laws that may choke off innovation.”