FTC Resists Legislating the Internet of Things despite Growing Security Concerns

by Matt Klassen on February 10, 2015

The forthcoming proliferation of tertiary connected devices, sensors, and consumer products part of the so-called Internet of Things (IoT) will likely stand as the next major security challenge, analysts warn, as consumer ignorance coupled with corporate greed will create an ideal environment for cyber-criminals to exploit insufficient security protocols that could compromise security across public and private networks.

With market research firm IDC predicting that connected devices part of the IoT will hit almost 30 billion by 2020, the security community has become increasingly vocal about the latent security risk such unprotected IoT devices pose to overall network security and user privacy, warning that without proper security protocols in place these connected devices will serve as veritable holes in the security dam, one’s that will threaten the entire security structure and, should things get bad enough, be responsible for its failure entirely.

So with predictions of the exponential proliferation of IoT devices over the last five years and with dire warnings about security one might thing this is the perfect opportunity for lawmakers to partner with the industry to create a security framework that protects consumers, but of course you’d be wrong. Instead the Federal Trade Commission has opted against legislating baseline security protocols for the burgeoning IoT technology market, choosing instead to recommend a series of “best practices” for IoT developers to hopefully follow.

There’s no question consumers are intrigued by the possibilities of having a connected everything existence promised by the burgeoning Internet of Things; interested in controlling a variety of aspects of their lives from their smartphones and having a constant stream of updates and information about everything in their connected web at their fingertips. This interest, in turn, motivates hardware developers to rush products to market, trying to capitalize in consumer interest while giving little thought to the impact its product will have on security, privacy, or even human existence. The results, I’ll say, almost never truly favours the consumer.

The security concerns are made worse by the fact that neither consumer nor corporations really see IoT devices for what they are, Internet-connected machines. “There’s a tendency for people to think of them as toys and not network-connected computers. If they’re compromised, they can be used to attack other things on a network,” explained Eset senior researcher Cameron Camp.

In a recent report regarding the security of the Internet of Things, the FTC did acknowledge that such connected devices do already have an impact of the lives of millions of Americans though the “adoption of health and fitness monitors, home security devices, connected cars, household appliances and other applications.” Further, the FTC acknowledged that the IoT will only ever truly grow if it has consumer trust. “The only way for the Internet of Things to reach its full potential for innovation is with the trust of American consumers,” FTC Chairwoman Edith Ramirez said in a statement.

But ultimately the findings of the FTC report were that despite the security concerns now is not the time for IoT specific legislation, recommending instead a list of best practices for the industry to follow. The time for legislation, as we’ve seen before, will be years down the road, after consumers have had their private information compromised, stolen, and sold and after the y have been gouged by developers and service providers for far too long. Then, and only then, will the government act and once again it will be far too late.

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Matt Klassen. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

Previous post:

Next post: