Lawmakers on both sides of the aisle are pushing the government to review the state of play regarding internet-of-things devices and their uses.
As the number of internet-connected devices continues to boom -- and is projected to exceed 20 billion by 2020 -- regulations and guidelines have lagged behind, and agencies' overlapping missions have led to confusion about the present and future of internet-of-things devices.
To get a clearer picture of just what's out there, lawmakers on both sides of the aisle are pushing the government to review the current state of play regarding IoT devices and their uses.
The draft State of Modern Application, Research and Trends of IoT Act would direct Commerce Secretary Wilbur Ross to conduct a survey of the industries using IoT devices, how these devices are being used and the current regulations in place.
The bill also directs Ross to identify which federal agencies have jurisdiction over such devices in each sector, all IoT-related activities taking place among agencies, as well as which agencies consumers and small businesses can consult with to evaluate IoT devices.
"This legislation kicks off a process to give all stakeholders a base set of information to frame the other challenges without speculating or hypothesizing about what already exists," said Rep. Bob Latta (R-Ohio) at a May 22 hearing of the Digital Commerce and Consumer Protection Subcommittee of the House Energy and Commerce Committee.
Conducting a survey of the landscape "will enable companies to understand the regulatory environment" and result in more consistent federal action, Senior Vice President of the U.S. Chamber of Commerce's Chamber Technology Engagement Center Tim Day said.
While privacy advocates and industry representatives agreed this kind of survey was needed, there's less comity on what lawmakers should do next.
Pointing to the Mirai botnet and other internet-based attacks, subcommittee ranking member Rep. Jan Schakowsky (D-Ill.) stressed the need for privacy, cybersecurity and infrastructure protections to be focuses of what comes out of the report.
"My hope is the report generated [by the bill] provides the foundation for further legislative efforts," she said. "Standing on the sidelines is simply not an option."
Michelle Richardson, deputy director of the Center for Democracy and Technology's Freedom, Security and Technology Project, testified that if Congress does write legislation, it should be tech-neural rather than IoT-specific.
As an alternative to prescribing mandates for companies to adopt, she suggested "the government should explore its own purchasing power," especially given the Trump administration's IT modernization push.
Last August, Sens. Cory Gardner (R-Colo.) and Mark Warner (D-Va.) introduced a bill that would restrict government purchases of connected devices to those with certain cybersecurity protections. The Internet of Things Cybersecurity Improvement Act of 2017 has yet to receive a committee hearing or vote.