‘Tread carefully’ before regulating Internet of Things

This post first appeared in the San Jose Mercury News

This post first appeared in the San Jose Mercury News

I was not surprised to learn that the Senate is looking into the Internet of Things. Senators are concerned about safety, privacy and security issues now that the tech industry is focusing on ways to connect devices to the Internet and to each other.

There are just over seven billion people on the planet and, so far, about three billion are connected to the Internet. But that’s nothing compared to the number of devices in the world. Eventually, the Internet of Things, or IoT, could connect trillions of them. Some will be industrial devices but many will be in our homes, in our cars and even on our bodies.

So, IoT security isn’t just about keeping machines safe and secure, it’s also about protecting the privacy, security and even health and safety of the people who use them.

I wear a smartwatch that tracks my sleep, my footsteps, my heart rate and my estimated calorie consumption. The watch is connected by Bluetooth to my phone and my phone is connected to the Internet, which means that all of that very personal data about me is being stored in the cloud.

While I’m willing to admit publicly that I only got six hours sleep last night, I can easily see why a lot of people wouldn’t want to share their average pulse rate or other health and fitness data with the public or the insurance industry. And it’s only a matter of time before these devices start recording our blood pressure, our blood sugar and even more vital data.

There are already lots of homes in my neighborhood with Web-connected door locks, thermostats and garage door openers. I even have a coffee pot that connects to Wi-Fi.

Senate hearing

Screen Shot 2015-02-13 at 10.15.15 AM

Sen. John Thune, R-SD

As he opened a hearing on the matter Wednesday, John Thune, R-SD, chairman of the Senate Committee on Commerce, Science and Transportation, offered several more examples: a bed with smart fabric and sensors that track your sleep habits, an automated sprinkler system that saves water by using real-time weather data and a Web-enabled toothbrush that tracks the user’s brushing habits to improve oral hygiene.

Like his colleagues, Sen. Thune expressed concern about how these connected “things” can collect sensitive personal and business data that could impact privacy. But he encouraged policy makers to “tread carefully and thoughtfully before we consider stepping in with a ‘government knows best’ mentality that could halt innovation and growth.”

Disabling the breaks

Sen Bill Nelson D-FL

Sen Bill Nelson ,D-FL

Sen. Bill Nelson, D-Fla., reminded the committee of a recent 60 Minutes segment where correspondent Leslie Stahl drove a car through a parking lot only to have a remote hacker (in this case a government security expert) turn on her windshield wipers, honk her horn and then disable her breaks as she attempted to stop the car. Nelson also warned about the danger of hacking into insulin pumps to cause an overdose or take over a pacemaker to cause a heart attack.

“It’s not the stuff of TV drama, it’s the real threats to our nation’s cybersecurity, but also to our physical safety,” he said.

Industry responds

Screen Shot 2015-02-13 at 10.49.07 AM

Intel IoT chief Doug Davis

One of the witnesses, Doug Davis, senior vice president and general manager of Intel’s Internet of Things Group, told me in an interview that Intel is “integrating more and more security technologies into the solutions we’re proving to our customers, the companies building these devices.”

He said that security is a “foundational capability” with many many layers, “so we build it into our hardware, into the software we provide,” adding that Intel also has technologies that device makers can use to encrypt and protect data that is transmitted by connected devices.

But Justin Brookman, Director of the Center for Democracy and Technology’s Consumer Privacy Project, raised several concerns, including “poor data security practices, unexpected or unwanted data collection, a loss of control over our own devices and potential government abuse of these technologies.”

“Even at this early stage we’ve seen all sorts of IoT devices be vulnerable to attack,” including home alarm systems, baby monitors, smart refrigerators, medical devices, routers and thermostats, he said.

Dangers of overregulation

Screen Shot 2015-01-10 at 11.58.43 PM

Adam Thierer

But the risks of the IoT shouldn’t prompt the government to over-regulate, said Adam Thierer, a senior research fellow at the Mercatus Center at George Mason University “We should avoid basing our policy interventions on hypothetical worst case scenarios or else best case scenarios will never come about.”

Personally, I’m excited about the Internet of Things as long as those things can serve our needs without spying on us or making us vulnerable to potential life-threatening hack attacks.