Congress split as it holds first hearing on the Internet of Things

Posted at 11:04 AM, Feb 11, 2015
and last updated 2015-02-12 09:43:43-05

What do home security systems that you control from an app, fitness trackers that measure your sleep and self-driving cars have in common? They are all in the category of Internet of Things and are potentially hackable.

The growing number of Internet-linked devices is opening up the world to exponential innovation as well as security threats--and it’s that tension that is catching the attention of Congress.

A Senate Commerce subcommittee is holding a hearing Wednesday that will be the first to examine whether there is a need for regulations in the growing IoT industry. It’s estimated that Internet-connected devices will generate nearly $9 trillion in business worldwide by 2020.

The committee will hear from consumer privacy advocates as well as IoT innovators to gauge whether the government should pass regulations on companies that collect user data.

The hearing follows a Federal Trade Commission report in January that detailed recommended best practices for Internet-connected devices. The report called on companies to self-police their security measures and data retention decisions and advised against congressional intervention, saying that it would be “premature” considering the fast-paced developments in the industry. There are currently about 25 billion Internet connected devices worldwide, the FTC report found.

Potential avenues for FTC regulation would focus on how companies can secure and collect data and then what they could do with that data once it’s been collected. That’s because these new devices that connect to the Internet are not only security threats because of their online connectivity but also in the scope of personal data they can potentially gather.

Consider the company Jawbone. It makes workout bracelets that many users keep on 24/7 to track their heart rate, number of steps taken, and sleep patterns. But what else can the company determine with the information users upload? How about earthquake patterns.

During an earthquake that struck northern California last August, Jawbone used sleep data to see how many people in the area woke up immediately after the Napa Valley quake hit. Similar data has been analyzed to determine the heart rate of Fitbit wearers during the most recent Super Bowl game.

All of this available personal information can pose some pretty big security concerns especially when a company owns the data, can sell it and doesn’t protect it well enough from hackers.

But that’s not how Sen. John Thune, R-S.D., sees it. The chairman of Wednesday’s committee hearing is clearly skeptical of any potential regulations, which he says could cause drastic scale backs in innovation.

“Standing on the cusp of technological innovations that will improve both the safety and convenience of everyday items, we shouldn’t let government needlessly slow the pace of new development,” Thune said in a statement. “By engaging early in this debate, Congress can ensure that any government efforts to protect consumers are tailored for actual problems and avoid regulatory overreach.”

Thune’s sentiments echo those of the technology industry which, following the FTC’s recommendations in January, issued a collective sigh of relief. The Software & Information Industry Association, released a statement saying, “We strongly agree that legislation or a broad regulatory framework to govern the IoT is premature, and could threaten its tremendous societal and economic potential.”

Both sides of the debate will have their say at the hearing Wednesday but whether regulations will come out of the meeting remains to be seen.