Will the Law be Ready for the Internet of Things?
By Max Burke
My housemates and I were both happy and perplexed when our landlord installed a new washing machine in our basement. We were pleased to see the rattling, coin-operated dinosaur gone, but we were puzzled by the sleek machine of the future that took its place. “That thing can connect to the Internet?” Yes, it can. Our washing machine, along with an ever-growing number of consumer products, is a part of the Internet of Things.
The Internet of Things (IT)—which was the subject of discussion at a recent Federal Trade Commission (FTC) public workshop—generally refers to a worldwide network of real world objects that can collect, share, and control each other’s data. Nearly anything, from egg cartons to people to soil, can theoretically be a part of IT. Though it is still in its infancy, IT is expected to grow to a network of 30 to 50 billion devices by 2020. Such vast interconnectedness has many potential benefits, but, like other watershed technologies, IT will have enormous implications for issues of privacy, data security and physical safety. The problems will only be magnified when IT meets Augmented Reality—which is the combining of a surrounding physical environment with computer-generated imagery.
This past Tuesday, the FTC held a public workshop to examine some of the potential issues associated with IT. Advocates, researchers and industry leaders gave presentations that discussed both the promises and challenges ahead. Although participants expressed concerns for privacy and security, they offered little in terms of what regulation of IT might actually look like. For now, it is safe to assume that “traditional” Internet regulations will govern data communication over the Internet of Things. The United States currently protects data on a piecemeal basis—some information is safeguarded, while other data is completely up for grabs. In contrast, the FTC’s European regulatory counterparts provide broad protections of sensitive information. Indeed, Europe has indicated that it will take a similar approach to regulation of IT.
Some commentators believe that the FTC may start defining sensitive information more broadly, particularly as related to IT. In its first action “against a marketer of an everyday product with interconnectivity to the Internet,” the agency claimed the manufacturer of Internet-accessible surveillance cameras did not “provide reasonable security to prevent unauthorized access” to those cameras’ live feeds. Interestingly, the FTC implied that those feeds could be considered “sensitive” even if they did not actually reveal sensitive information.
Could this be an indication that the FTC will take a more European approach to privacy protection on IT? It may too early to say anything definitive, particularly in light of Tuesday’s commentary. But the FTC is expected to make inroads soon. IT has a lot of promise, but it also presents many challenges. For now, my housemates and I are holding off on connecting our washing machine to the Internet, but that may be due to laziness more than any concern for privacy.