Will Washington Move to Quickly to Regulate the Internet of Things?

At least one regulator, sounds a note of caution

Walk the halls of the International CES and listen to tech titans like Cisco’s John Chambers and it’s easy to believe that the Internet of things is the next big thing and that it’s all but here. But while the tech industry may be embracing it, Washington policymakers, fretting over data security and privacy issues, still aren’t sure what to do about it.

At least one government regulator cautioned that Washington should relax rather than jump to regulate technology advances as they are still evolving.

“We should adopt a regulatory regime that allows technology, even disruptive technology, to thrive,” said commissioner Maureen Ohlhausen of the Federal Trade Commission during a heavily attended Internet of things CES session. “Success of the Internet has been driven by the freedom to experiment even in the face of unease. It’s vital that government approach the Internet of things with regulatory humility.”

That doesn’t mean companies can run roughshod over consumer’s privacy or take a cavalier attitude about data security. Under its authority to police unfair and deceptive trade practices, the FTC has already brought a couple of cases against companies for failing to provide adequate data security. 

“Because interconnected devices collect and share large amounts of information, the tech industry must be sensitive. It’s crucial that companies act to safeguard the privacy of users in order not to give it a bad name,” Ohlhausen warned.

This being a CES panel packed with pro-tech panelists, no one disagreed with Ohlhausen’s message.

“You have to bake in privacy and security from the beginning,” said Robert Pepper, Cisco’s vp of global technology policy. “When you have big data it requires big judgment. We have to think about building it in to give consumer the choice, control, and transparency.”

What’s tough is figuring out how certain technologies, that lack a prominent consumer-facing screen like computers and smart phones do, can let consumers know about their particular privacy and data options. For example: FitBit has only a basic user interface, and light bulbs may have no user interface it all.

“[That] will present challenges to businesses and questions from regulators,” Ohlhausen said.

While businesses would like to figure it out as the market develops, policymakers may not be able to help themselves, leading to an escalating debate in Washington. 

“The Internet of things sits at the perfect storm of policy concerns,” said Adam Thierer, a senior research fellow with the Mercatus Institute at George Mason University. “Are we going to continue to embrace what made the first generation of the digital revolution so great? You didn’t need to seek blessing or permission [from government]. Or are we going to embrace the precautionary principle?”

Marc Rogers, the principal security researcher for Lookout, a mobile security firm, said the problems privacy and data security issues facing the Internet of things aren’t new, though it may seem daunting.

“It’s going to be one of the biggest challenges we face in security in a long time,” Rogers said. “But the most important thing to do is look what is already out there, what is well-designed and use that to build security into the Internet of things from the ground up. This is a problem we’ve dealt with before. Let’s look at those examples first and talk about regulation second.”

A good example to look at might be the payment card industry which developed its own security standards, suggested Jeff Hagins, co-founder and chief technology for SmartThings, an Internet-based home automation integrator. “Let’s put some industry standards in place. Let us take a run at that before we talk about regulation.

But standards can only go so far, said Thierer. Society also has to catch up like it did when cameras were first introduced and caused a stir until everyone had their own. “There also has to be some societal adaptation to new technologies like Google Glass or wearables,” Thierer said.

“The etiquette for using all these devices is evolving,” said Pepper. “Etiquette isn’t developed by regulation; it’s developed bottom up and that’s the way it’s always been.”