House Talks 'Internet of Things,' Data Privacy

Rep. Jerrold Nadler, D-N.Y.

Rep. Jerrold Nadler, D-N.Y. Lauren Victoria Burke/AP

Representatives discussed how data could be both useful to consumers -- and also a potentially risky asset.

The Internet of Things could be more dangerous than consumers think when they install Nest thermostats or other convenient digital devices, some members of Congress argued during a recent hearing. 

"The time of the 'Dick Tracy' watch is here," said Rep. Ted Poe, R-Texas, referring to the American comic strip character's radio-enabled wristwatch. 

During a Wednesday House judiciary committee hearing on the Internet of Things organized by the Subcommittee on Courts, Intellectual Property, and the Internet, representatives and witnesses discussed how the proliferation of data-driven devices could be both useful to consumers -- and also a potentially risky asset. 

With cars, public transportation systems and consumer devices constantly collecting information about users, "unless cities integrate strong security . . . [they are] vulnerable to attack," Rep. Jerrold Nadler, D-N.Y., said. He mused later, "What do these companies do with the massive amount of data?"

During a question-and-answer session, Gary Shapiro, president of the Consumer Electronics Association, noted that some consumers choose to give up their own data in exchange for improved services.  

"In the automobile [industry], hundreds of thousands, if not millions, of consumers are already choosing to give up their data to insurance companies in return for a lower insurance rate," he said. 

Shapiro argued the government should not necessarily stifle tech companies' data collection. "There's so much happening from an innovation point of view," he added.

But it's Congress that "needs to set the expectation of privacy for individuals that have shared their information with different entities," Poe said during the hearing. He added he was concerned providers might share that information both with nongovernment entities and also with the government. 

"We should update the [Electronic Communications Privacy Act of 1986] law," which outlines that information stored in the cloud is private for six months, "but six months and one day, the government can have it and there's no expectation of privacy," Poe said.

During the hearing, Rep. Suzan DelBene, D-Wash., asked witnesses to discuss their approach to sharing consumers' geolocation data with outside groups, such as law enforcement agencies.

"This an issue that Congress has to step in on," said Morgan Reed, executive director of trade group ACT, the App Association. "The problem comes when I have to tell a customer, 'I don't know'" when they ask which of their data could be passed along to the government."

The United States' data-sharing policies could affect privacy policies abroad, he added. 

"If the U.S. government says, 'we have access to any cloud data at any time . . . regardless of where the data is stored and who [owns it],' we have to expect that Russia will want to same privileges from our companies . . . that China will want the same privileges," Reed said. 

Shapiro emphasized "history has shown that giving a government a backdoor is not the best approach as technologies evolve quickly," but that "when a super crisis evolves, I think you'll see companies step up and try to help government."

The judiciary committee hearing is just the most recent of several congressional motions on the topic in the past several months.

In June, a bipartisan group of senators urged the Government Accountability Office to examine the Internet of Things, focusing on questions such as "What is the federal government's experience using the Internet of Things?" and "Are federal agencies coordinating on the Internet of Things oversight?"

In March, the Senate passed a resolution pledging to use the Internet of Things to improve services to consumers and to bolster the domestic economy.