Privacy and Security Implications of the Internet of Things (Note date change)

Privacy and Security Implications of the Internet of Things

Federal Trade Commission
November 19, 2013
(was November 21)
http://ftc.gov/opa/2013/04/internetthings.shtm
Notice of date change: http://www.ftc.gov/opa/2013/06/internetthings.shtm
Vinton G. Cerf, co-creator of the Internet’s key networking technology, will give the keynote address http://www.ftc.gov/opa/2013/10/iot.shtm

The staff of the Federal Trade Commission is interested in the consumer privacy and security issues posed by the growing connectivity of consumer devices, such as cars, appliances, and medical devices, and invites comments on these issues in advance of a public workshop to be held on November 21, 2013 in Washington, D.C.

The ability of everyday devices to communicate with each other and with people is becoming more prevalent and often is referred to as “The Internet of Things.” Consumers already are able to use their mobile phones to open their car doors, turn off their home lights, adjust their thermostats, and have their vital signs, such as blood pressure, EKG, and blood sugar levels, remotely monitored by their physicians. In the not too distant future, consumers approaching a grocery store might receive messages from their refrigerator reminding them that they are running out of milk.

Connected devices can communicate with consumers, transmit data back to companies, and compile data for third parties such as researchers, health care providers, or even other consumers, who can measure how their product usage compares with that of their neighbors. The devices can provide important benefits to consumers: they can handle tasks on a consumer’s behalf, improve efficiency, and enable consumers to control elements of their home or work environment from a distance. At the same time, the data collection and sharing that smart devices and greater connectivity enable pose privacy and security risks.

FTC staff seeks input on the privacy and security implications of these developments. For example:

  • What are the significant developments in services and products that make use of this connectivity (including prevalence and predictions)?
  • What are the various technologies that enable this connectivity (e.g., RFID, barcodes, wired and wireless connections)?
  • What types of companies make up the smart ecosystem?
  • What are the current and future uses of smart technology?
  • How can consumers benefit from the technology?
  • What are the unique privacy and security concerns associated with smart technology and its data? For example, how can companies implement security patching for smart devices? What steps can be taken to prevent smart devices from becoming targets of or vectors for malware or adware?
  • How should privacy risks be weighed against potential societal benefits, such as the ability to generate better data to improve health-care decisionmaking or to promote energy efficiency? Can and should de-identified data from smart devices be used for these purposes, and if so, under what circumstances?