FTC: Too soon for internet of things laws

Internet of Things_man with globe and dollars

Internet-connected devices, sensors and appliances are opening up benefits in health care, energy efficiency, transportation and more. But the data generated by these tools, known under the catchall category of internet of things presents potential security and privacy risks that the Federal Trade Commission believes could open up opportunities for theft or fraud.

At the same time, the FTC believes that general authorities used to protect data privacy can cover the internet of things without specific new laws, according to comments filed with the Commerce Department's National Telecommunications and Information Administration. NTIA was seeking comment on how the government can help foster IOT development.

For every promising application, the FTC told NTIA, there is the possibility for abuse. Security vulnerabilities in connected devices have the potential to support not only data theft, but to pose an actual threat to a person's physical safety.

As IOT chips become more inexpensive and disposable, devices are quickly replaceable with newer versions, it said. That could mean that businesses may not have much of an incentive to upgrade their software for a device's lifetime – also posing potential security risks.

Additionally, inaccurate or biased analysis of data generated from such applications and devices, it said, could put off potential employers of people from low-income and underserved population, or lead to denial of education or credit.

In its comments, the FTC stressed the importance of frequent software updates to reduce hacking opportunities and data minimization to reduce the risk of privacy violations. The comments also back some form of consumer opt-in for data collection, but note that given the nature of connected devices, that a one-size-fits-all model for consent is unlikely to develop.

The comments conclude that the connected device space could benefit from privacy and data breach legislation of the type FTC has been backing for some time.

FTC staffers observed that the push for such rules "stems from concerns about the lack of transparency regarding companies' data practices and the lack of meaningful consumer control over their data." According to the FTC, these "concerns permeate the IoT space, given the ubiquity of information collection, the broad range of uses that the IoT makes possible, the multitude of companies involved in collecting and using information, and the sensitivity of some of the data at issue."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.