FTC Highlights Privacy Risks of ‘Internet of Things’

Connected devices like health and fitness monitors need security built in at the outset, says the Federal Trade Commission.
Matthew HellerJanuary 28, 2015
FTC Highlights Privacy Risks of ‘Internet of Things’

While Internet-connected devices provide many benefits, they raise numerous privacy and security concerns that companies who develop them need to address, the Federal Trade Commission warns in a new report.

According to the FTC, there are now more than 25 billion connected devices in use worldwide, and that number is expected to double by 2020 as consumer goods companies, auto manufacturers, healthcare providers, and other businesses continue to invest in the “Internet of Things.”

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

internet of things“The Internet of Things is already impacting the daily lives of millions of Americans through the adoption of health and fitness monitors, home security devices, connected cars and household appliances, among other applications,” the commission noted. “Such devices offer the potential for improved health-monitoring, safer highways, and more efficient home energy use, among other potential benefits.”

But the report also warns of potential privacy and security risks that could undermine consumer confidence. Connected devices, it says, could enable unauthorized access and misuse of personal information; facilitate attacks on other systems; and create risks to personal safety.

“The only way for the Internet of Things to reach its full potential for innovation is with the trust of American consumers,” FTC Chairwoman Edith Ramirez said in a news release.

The report recommends a number of steps that device developers can take to protect consumers’ privacy, the first of which is to build security into devices at the outset, rather than as an afterthought. As part of that “security by design” process, companies should consider conducting a privacy or security risk assessment, minimizing the data they collect and retain, and testing security measures before they launch products.

The FTC also suggested that companies consider measures to keep unauthorized users from accessing a consumer’s device, data, or personal information stored on the network, and that they monitor connected devices throughout their expected life cycle, and where feasible, provide security patches to cover known risks.

In a dissenting statement, Commissioner Joshua D. Wright said the report did not provide “analytical support to establish the likelihood that [its] practices and recommendations, if adopted, would improve consumer welfare.” Without such evidence, he warned, the recommendations “are more likely to foster competition and innovation than to stifle it.”

Image: Thinkstock