FTC: Too soon for internet of things laws

Internet of Things_man with globe and dollars

Internet-connected devices, sensors and appliances are opening up benefits in health care, energy efficiency, transportation and more. But the data generated by these tools, known under the catchall category of internet of things presents potential security and privacy risks that the Federal Trade Commission believes could open up opportunities for theft or fraud.

At the same time, the FTC believes that general authorities used to protect data privacy can cover the internet of things without specific new laws, according to comments filed with the Commerce Department's National Telecommunications and Information Administration. NTIA was seeking comment on how the government can help foster IOT development.

For every promising application, the FTC told NTIA, there is the possibility for abuse. Security vulnerabilities in connected devices have the potential to support not only data theft, but to pose an actual threat to a person's physical safety.

As IOT chips become more inexpensive and disposable, devices are quickly replaceable with newer versions, it said. That could mean that businesses may not have much of an incentive to upgrade their software for a device's lifetime – also posing potential security risks.

Additionally, inaccurate or biased analysis of data generated from such applications and devices, it said, could put off potential employers of people from low-income and underserved population, or lead to denial of education or credit.

In its comments, the FTC stressed the importance of frequent software updates to reduce hacking opportunities and data minimization to reduce the risk of privacy violations. The comments also back some form of consumer opt-in for data collection, but note that given the nature of connected devices, that a one-size-fits-all model for consent is unlikely to develop.

The comments conclude that the connected device space could benefit from privacy and data breach legislation of the type FTC has been backing for some time.

FTC staffers observed that the push for such rules "stems from concerns about the lack of transparency regarding companies' data practices and the lack of meaningful consumer control over their data." According to the FTC, these "concerns permeate the IoT space, given the ubiquity of information collection, the broad range of uses that the IoT makes possible, the multitude of companies involved in collecting and using information, and the sensitivity of some of the data at issue."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.