Ian Lopez, Legaltech News
The FTC and Big Law weighed in on the ups and downs of IoT for security, privacy and consumers at New York Law School.
FTC
Commissioner Terrell McSweeny. Photo via Wikimedia Commons
Imagine life without your smartphone. While some may say they can live
without it, consider this: In the U.S. alone, Americans collectively look at
their smartphones around 8 billion times a day, found a 2015 study by Deloitte. When
accounting for all age groups, that checks out to 46 times per day, per person.
These
smartphones are just one of many devices encompassing the " Internet of Things " (IoT). These devices are web-enabled and can
"communicate" with one another—from the tablet where you check your
email to the Amazon Echo that plays any song you might want to hear at any
given moment, the devices making consumers' lives easier, faster and more
connected are already leaving massive fires to be put out by legal.
But why, when
it comes to law, is there chaos around IoT ? As FTC Commissioner Terrell McSweeny noted in a Feb.
3 event at New York Law School, there are "no shortage of questions"
around IoT devices. Titled "Exploring the Things in the Internet of
Things: Implications on Business, Consumers, and the Law," McSweeny used
the event to elaborate on "what it's like for a 100-year-old consumer
protection agency to protect consumers in a digital world," in which
everything "from lightbulbs to toothbrushes" can be interconnected.
That
interconnectivity is multiplying, McSweeny noted—a 2015 study by Juniper
Research estimated that the number of IoT devices to be in existence by 2020
will be about 38 billion. At present, she said there are "twice as many
connected devices as people on the planet."
"We have
really, literally never seen such a rapid change in such a short period of
time, on so many fronts, as we're experiencing today," she added.
And while
users continue to adopt these devices, consumers and regulators have many
concerns over privacy and cybersecurity that remain unanswered. One FTC concern
from a report on IoT devices was that many consumers might not have been
provided with "adequate security notices" regarding personal information
gathering and consumer tracking, McSweeny said. An example of this recently
played out in a settlement between the FTC and New Jersey Division of Consumer
Affairs with the smart TV manufacturer and retailer Vizio. The FTC had alleged
Vizio's smart televisions were illegally tracking the watching habits of
viewers.
Cybersecurity
is also concerning, especially as more devices are connected to the internet.
As Hogan Lovells partner Trey Habury previously told LTN , "As we move into a world where IoT has
manifested itself in the world of auto vehicles and drones, hacking starts to
have real-world consequences."
While the
idea of a hacker overtaking a drone or vehicle and wreaking havoc on roadways
might seem sensational, consider the ubiquity of hacks—a 2015 survey by Duke University and CFO Magazine found that, among
companies with fewer than 1,000 employees, 85 percent were hacked. Meanwhile,
60 percent of "larger" companies reported hacks. In August 2016, it
was revealed that the credentials of more than 500 million Yahoo users were leaked .
On the
consumer level, McSweeny said 1 in 5 households have experienced identity
theft, a figure that might explain why security confidence is "relatively
low" in the U.S. Further, citing data accrued for an FTC report, McSweeny
explained that over half of consumers said they were less likely to use online
services because of privacy concerns, which might hinder the adoption of IoT
devices.
"This
will be a growing consumer protection problem in the future," she added.
The FTC has
taken enforcement protection against companies for not adequately securing
their devices, and McSweeny recommended that companies start building their
tools with security in mind. Among these recommendations were questioning
whether data actually needs to be stored; ensuring sensitive information is
stored securely; training employees and watching for vulnerabilities as they
rise; and requiring password authentication.
"These
are basic steps," she said, "but time and again I see cases where
these basic steps haven't even been followed."
No comments:
Post a Comment