How can lawmakers regulate the Internet of Things without stifling innovation?
The Senate on Wednesday attempted to tackle the increasingly tangled network of connected appliances, devices and other devices known as the “Internet of Things” in its first-ever hearing on the topic.
The discussion wandered from the privacy implications of a hi-tech refrigerator that could both monitor its own contents and relay that data to grocery stories for marketing purposes, to the benefits and risks of cars gathering information about drivers’ locations and habits.
But throughout the hearing, senators and witnesses often returned to a central question: How can lawmakers regulate the Internet of Things without stifling innovation, and what exactly falls under their purview?
The Senate Commerce, Science and Transportation Committee hearing is an early sign of growing congressional interest in the Internet of Things. Committee Chairman Sen. John Thune, R-S.D., announced the hearing in January in response to a request from a bipartisan group of senators.
Last weekend, Sen. Ed Markey, D-Mass., published a report about “connected cars,” asserting that while automobile manufacturers collect large amounts of information on driving history and vehicle performance, few can describe how they can diagnose or respond to an infiltration in real-time.
And last month, the Federal Trade Commission issued a report on the broader implications of Internet of Things, recommending Congress “enact strong, flexible, and technology-neutral federal legislation to strengthen its existing data security enforcement tools and to provide notification to consumers when there is a security breach.”
Lawmakers are still divided on the extent of regulation needed to govern the Internet of Things.
"We should let consumers and entrepreneurs decide where [the Internet of Things] goes, rather than setting it on a Washington, D.C.-directed path,” Thune said in his opening statement. He added, “Let’s not stifle the Internet of Things before we and consumers have a chance to understand its real promise and implications.”
Witnesses representing private sector technology companies asked Congress to avoid overregulating a rapidly developing technology.
“[T]he first order of business is for policymakers to send a clear green light to entrepreneurs letting them know that our nation’s default policy position remains ‘innovation allowed,’” testified Adam Thierer, a research fellow at George Mason University’s Mercatus Center. “Second, we should avoid basing policy interventions on hypothetical worst-case scenarios, or else best-case scenarios will never come about.”
Other witnesses urged the importance of privacy to the emerging discuss around IoT.
Justin Brookman, director of the Consumer Privacy Project at the Center for Democracy and Technology, called on Congress to draft a comprehensive law about the collection of personal information. He cited recent news reports indicating Samsung’s SmartTV may be gathering potentially sensitive spoken material from users.
“Companies should be required to offer consumers reasonable transparency and control over how their data is collected,” he said.
Senators were also curious about the technology infrastructure required to carry the streams of data generated by the Internet of Things. Thune, for instance, asked the panel how Congress could ensure sufficient wireless capacity to power the Internet of Things.
“Generally speaking, we need to get a better process in place at the Federal Communications Commission,” Thierer answered.
There’s widespread agreement on freeing up more spectrum, he said. “It’s a question of where we get it,” he added. “Creating more and better incentives to do that is going to be essential because these devices are going to be eating up a lot of it in short time.”
Senators also noted the potential threat of larger-scale privacy and security breaches, as devices become increasingly connected.
Sen. Kelly Ayotte, R-N.H., expressed concerns about the impact of data breaches.
“As we see more homogeneity in the consolidation of data, I think this becomes a bigger issue,” she said, citing the recent breach of health insurer Anthem. “Twenty-two percent of my state got hit by that. Eighty million people in the country got hit . . . I certainly want to make sure we don’t do things that hurt innovation and thwart new technology, but this seems to be a repetitive issue that we need to address.”