The government needs to update laws and regulations to accommodate the explosive growth of Internet-connected smart devices or risk falling behind the global technology curve.
That's the view of a few tech-minded lawmakers who have turned their focus to the expanding web of objects and sensors that make up the so-called Internet of Things.
“We're destined to lose to the Chinese or others if the Internet of Things is governed in the United States by rules that predate our VCRs,” said Sen. Deb Fischer, R-Neb., a member of the Commerce, Science and Transportation Committee, speaking at a Washington, D.C., event last week hosted by the Center for Data Innovation.
Some 27 million fitness trackers and other forms of “wearable” technology will be sold globally by the end of the year, according to recent research.
And that’s just one fragment of the so-called Internet of Things, or IoT.
This tangled network of Internet-connected sensors and other devices has also become firmly embedded in industrial-control systems that help run power plants and water systems. Smart devices are also making inroads in telecommunications and the health care system.
Will Too Much Regulation ‘Snuff Out’ Innovation?
But Fischer and her Senate colleagues appear anxious about the government writing too many of those rules in stone.
"I think we need to have a firm enough hand to have some rules of the road, to ensure security and privacy but not to snuff any of this great innovation out,” said Brian Schatz, D-Hawaii, a fellow member of the Senate commerce panel who also spoke at the event.
Sen. Kelly Ayotte, R-N.H., who also spoke at the event, said, "I think there's an exciting opportunity as we look at the new Congress to take up some of these issues where we're living in the Dark Ages in the way that some of the regulations have been framed.”
But she called for “humility” in the way the government oversees the adoption and spread of IoT, echoing comments made by Federal Trade Commissioner Maureen Ohlhausen last year when FTC first studied IoT.
NIST Offers IoT Playgrounds to Test Devices
Traditionally, the government has operated in only carrot-or-stick mode when it comes to the regulation of new technologies, said Sokwoo Rhee, associate director of IoT and cyber-physical systems at the National Institute of Standards and Technology.
In the first, the government offers research and development funding to help companies securely adopt new technologies. The latter amounts to strict regulation.
But there's also a third way, Rhee said: providing a “playground,” or testing space for companies to test what works.
That could be perfect for IoT, in which there are almost as many security standards as there are devices.
"The problem is, there are too many standards out there ... Everybody claims they have their own standard,” Rhee said. “Every company's creating their own thing.”
A NIST-backed program, the Global Cities Challenge, leverages that, allowing IoT manufacturers to work directly with local governments to test out various devices in the real world.
“The market's going to figure it out,” Rhee said. “The question is, how fast the market can get there and what is the role of government to accelerate that process.”
Security of Devices and Data a Focus
One of the areas in which there’s agreement the government needs new rules is in securing the growing number of devices connected to the Internet -- and the data stored on those devices.
University of Michigan researchers this summer, for example, showed that networked traffic lights are vulnerable to cyberattacks. Meanwhile, hackers breached Internet-enabled baby monitors and harassed parents and young children.
A recent study showed 70 percent of widely used IoT devices had security vulnerabilities, Schatz said.
For the government and private companies that operate critical infrastructure, such as power grids and water systems, the challenges may be even more acute.
The President’s National Security Telecommunications Advisory Committee last month issued a report last month warning of the pressing need for the government to take steps to ensure IoT devices in critical infrastructure are adopted securely.
“So policymakers actually have no choice in this space,” Schatz said. “We must take on this topic, both because of its scope and its potential benefits and dangers."