February 7, 2018
The American Enterprise Institute for Public Policy Research (AEI) will host an event in Washington next week to discuss legislation on consumer safety in IoT. Cybersecurity remains at the forefront of both the national security and consumer safety agendas. Technological innovation almost always outpaces legislative and regulatory response. IoT devices are no different. As we increase our touchpoints with the internet, we in turn subject ourselves to cyber vulnerabilities. How should the government play a role in protecting consumers who use IoT devices?
Drafted Legislation for Cybersecurity
Senator Edward Markey (D-MA) and Representative Ted Lieu (D-CA) drafted a bill that would create a proverbial cyber shield that would help consumers identify IoT products that meet specific industry safety standards. The key for this bill is that it’s voluntary. It would allow for increased transparency and inform consumers on the safety level of the product they may want to purchase.
The bill opens with the statement of purpose, “To establish a voluntary program to identify and promote Internet-connected products that meet industry-leading cybersecurity and data security standards, guidelines, best practices, methodologies, procedures, and processes.”
Most consumers aren’t privy to how their electronic devices actually work. Our day-to-day IoT devices such as smart speakers, phones or fitness monitors are plug and play. You simply take them out of the box, follow a set of simple instructions and typically load them up with personal information from credit card numbers to your home address.
Risk of Interconnected Devices
One of the many benefits of IoT is connectivity across devices. You can sync applications and accounts so that information can be shared between them. For example, you can use your smartphone to view the results tracked by your fitness wearable or ask your smart speaker to turn on the dryer. AEI also highlights that with access to a consumer’s IoT device, a hacker can gain access to a consumer’s entire networked system since devices are inherently connected.
While IoT manufacturers do take measures to improve the safety of their devices, should there be a transparent legal standard for them? Companies will certainly differ on their risk tolerance and consumers will likely not know the difference.