Skip to main content

Are you a legal professional? Visit our professional site

Search for legal issues
For help near (city, ZIP code or county)
Please enter a legal issue and/or a location

FTC's 'Internet of Things' Report States the Obvious

Article Placeholder Image
By Mark Wilson, Esq. on January 28, 2015 8:53 AM

The Internet of Things -- all those gizmos that connect to the Internet, like your refrigerator, your thermostat, and that device that tells you how many eggs you have in the fridge -- is what our future looks like. It's also, as we've chronicled before, a huge security risk.

Thankfully, the FTC is, as ever, on the case! It took only a year and two months after a privacy and security conference held in November 2013 for it to issue a report this week entitled "Internet of Things: Privacy and Security in a Connected World."

Let's go to the highlights.

News from the Department of the Blindingly Obvious

Will this post involve making fun of the FTC? You bet, especially when the FTC recommends things like this: "[C]ompanies should build security into their devices at the outset, rather than as an afterthought."

What a concept! I'm glad we flew the world's best and brightest minds to Washington so we could have the FTC tell us that Internet-connected devices need to be secure. They also need to collect as little data as possible and provide privacy choices. They may have had to plug in Einstein's brain to get this level of insight.

OK, jokes are over. If there's one nugget of interesting information in this report, it's this: Many of the Things that connect to the Internet -- like those "smart" light bulbs -- have no user interfaces; therefore, it's hard for consumers to know what information they're storing or how secure they are. Even so, the FTC recommended that manufacturers come up with alternative ways of letting consumers know what their smart stuff is storing.

You Can Dissent From Anything

Wait, there's a dissent to a report? (If you can dissent from a denial of en banc rehearing, I guess you can dissent from anything.) One FTC commissioner, Joshua Wright, said the FTC shouldn't have authorized the report on the workshop because it "includes a lengthy discussion of industry best practices and recommendations for broad-based privacy legislation without analytical support to establish the likelihood that those practices and recommendations, if adopted, would improve consumer welfare."

Basically, Wright didn't think the FTC had enough empirical information from a "one-day workshop" to develop meaningful policy strategies. This carried over into his other objection, that the FTC didn't establish that data minimization is either good for consumers or that it's feasible for business to do so. (Even without data, though, the answers are "yes" and "yes." Will it eat into a business' bottom line that it can't collect absolutely everything? Of course; but most devices and apps don't need to -- or, at least, they shouldn't.)

Related Resources:

Find a Lawyer

More Options