Not too long ago, we wrote a piece describing how the Internet of Things could be used by law enforcement and other entities as a source of evidence. Since billions of devices are constantly tracking an individual's every move, it would be foolish not to consider this wealth of personal data.
Now there is a professional and cultural trend of federal and state regulators pressuring data companies to regulate big data and the IoT. With no particular federal act specifically vesting power in any one agency, it's a bit of a bumpy road.
Enter the Federal Trade Commission
The FTC is as good a federal agency as any, and given the FTC's broad strokes in recent years, it almost seemed inevitable that it would take the reins. In 2013, it surreptitiously held an informational workshop discussing how the Fair Information Privacy Principles regarding security, notice, and accuracy could be expanded to apply to today's IoT and big data.
Almost a year ago, the FTC authored and released a report that reflected findings of the workshop. The report made a broad recommendation: companies that make IoT devices should build privacy and security right into their designs. The launch of the Office of Technology Research by the FTC has suddenly led credence and believability of "Skynet" fears that were once thought to be fringe.
The FTC has so far used its authority to bring a variety of enforcement actions against big tech companies such as Google and Facebook. In the Facebook suit, controversy erupted over data that users had repeatedly sought to keep private, but which became accessible to the public. The FTC interpreted this to be a direction violation of Section 5(a) of the FTC Act. Since then, other data companies have tasted the bitter lash of the FTC.
New Laws? Why Bother?
Lately, it appears that the federal government has been using broad applications of already existing laws to regulate IoT and big data in a wide variety of situations. HIPAA has already been used as a framework for clamping down on medical providers on how personal medical data is stored on the cloud. It is a stop gap measure retrofitted for an area of law that is growing too fast to handle. Although it is not a perfect fit, it will have to do the job while we wait meekly for the FTC and other regulators to catch up.