The Internet Law Resource Center™ is the complete information solution for practitioners in cyberlaw. Follow the latest developments on ICANN’s gTLD program, keyword advertising, online privacy,...
July 29 — Reforming federal electronic privacy law would help the nascent Internet of Things industry by providing greater certainty that it could pass on to its customers, industry representatives told a Congressional panel July 29.
“The problem comes when I have to tell a customer ‘I don't know' about the answer to the question of when I have to hand over information,” Morgan Reed, executive director of ACT - The App Association, said.
Reed said that the current Electronic Communications Privacy Act, 18 U.S.C. § 2510, et seq., provisions allowing the government broad access to older data stored in the cloud also affect U.S. companies' ability to protect consumers' data from foreign governments.
“If the United States government says we have access to any cloud data at any time on any person in any way we darn well please, regardless of where the data is stored or who it's on, we have to expect that Russia will want the same privileges from our companies, that China will want the same privileges from our companies,” Reed said. What is needed, he said, is stronger legal protection for such data so that it cannot simply be handed over.
Reed and others testified at a House Judiciary Committee panel hearing on the Internet of Things.
Reed and other witnesses said that end-to-end encryption provides the best guarantee for the security of IoT devices in order to avoid incidents such as the recent controlled experiment hacking of a Jeep on a Missouri highway. In response to questioning from Rep. Suzan DelBene (D-Wash.), the witnesses all agreed that mandating law enforcement “backdoors” to that encryption was the wrong approach.
Calling backdoors a “Pandora's box,” Dean C. Garfield, president and chief executive office of the Information Technology Industry Council, said providing a backdoor for law enforcement necessarily gives bad actors another entryway into consumers' data as well.
“ I think the impact would be quite negative, both here and internationally, for a host of reasons,” Garfield said. “Security is a part of advancing privacy, and if you create any kind of door, it won't only be used by those you intend it to be used by.” Garfield suggested based on his own experience that law enforcement agencies should deploy technology to solve its problems rather than fighting technology.
Reed said such an approach would be “anathema” to telling customers that their data is secure. “We know the answer, and that is that end-to-end encryption with as few openings as possible is the best solution we can provide to all citizens in every country,” he said.
Gary Shapiro, president and CEO of the Consumer Electronics Association, said that although he sympathized with the difficult job of law enforcement, companies will “step up and help government” when crises such as the 2013 Boston Marathon bombing happens and law enforcement needs data from companies in order to act quickly.
Federal Bureau of Investigations Director James Comey has been an outspoken advocate of building backdoors for law enforcement into encrypted devices.
Garfield echoed other witnesses in requesting a light touch to regulation that allows for the development of industry best practices as the pace of innovation outstrips that of regulation and allows markets to punish bad actors. To the extent the IoT industry requires regulation and enforcement, he said, a sector-by-sector approach is appropriate.
“We're talking about the Internet of Things as if it's a single thing, but it's not,” Garfield said. He said that sensors transmitting data about windshield wiper usage, which could tell others about rainfall, could require much less privacy protection than, for example, smart watches providing biometric health monitoring of an individual.
Reed said that the medical wearables industry is currently being held back by outdated privacy rules, as only 15 percent of doctors are recommending wearable monitoring devices for patients even though 50 percent of doctors think such devices would be helpful, citing a recent study. The gap was explained by privacy concerns, both from patients and from the doctors who would be charged with keeping patient data private.
The health technology industry is working on a series of best practices to address those concerns. “We believe the FTC will be a good enforcement mechanism for such best practices,” Reed said.
Rep. Jerrold Nadler (D-N.Y.) asked whether Congress should be setting clear rules, at least regarding notice to consumers regarding potentially giving up aspects of privacy. Shapiro agreed that clear and conspicuous notice makes sense but is already within the ambit of the Federal Trade Commission and can also be addressed through private civil lawsuits. The FTC's case-by-case approach, he said, “is a good approach, because this is a quickly evolving area.”
If Congress does choose to regulate, Nadler asked whether IoT services should be treated differently from other data collectors and companies connected to the Internet. Shapiro said that IoT provides a wide variety of capabilities in many different areas and should not be regulated in a generic way. “If you're going to legislate, it should be very specific, narrow and address a real problem,” Shapiro said.
To contact the reporter on this story: Joseph Wright in Washington at email@example.com
To contact the editor responsible for this story: Thomas O'Toole at firstname.lastname@example.org
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)