FTC Says Internet of Things Needs Security Safeguards
Unless you’ve been living in a yurt in the wilderness with no access to what’s happening in the world for the past several years, you’ve heard the hype about the Internet of Things (IoT). Everyday objects, like a toaster or your baby’s onesie, send and receive data over the Internet. While the ways the technology can benefit our lives is extraordinary, it’s no surprise that the IoT is also rife with potential for serious privacy and security abuse.
Based on input from technology, academic, and industry leaders, as well as comments from consumer advocates and the general public, the Federal Trade Commission released a report on the Internet of Things with privacy and security steps that businesses should take.
The FTC’s official definition of the Internet of Things covers “devices or sensors – other than computers, smartphones, or tablets.” It’s estimated that by this year there will be more than 25 billion connected devices worldwide, and the number is expected to double by 2020.
The scope of the report is limited to IoT devices that are sold to or used by consumers. From the FTC release, here’s a summary of steps that businesses should take:
- Build security into devices at the outset.
- Train employees about the importance of security, and ensure that security is adequately managed.
- Ensure any outside service providers maintain reasonable security, and oversee the providers.
- When a security risk is identified, implement a “defense-in-depth” strategy whereby multiple layers of security are deployed.
- Consider measures to keep unauthorized users from accessing a consumer’s device, data, or personal information stored on the network.
- Monitor connected devices throughout their expected life cycle, and where feasible, provide security patches.
FTC staff also recommends that companies limit the amount of consumer data collected and only retain that information for a set period of time—not indefinitely. Companies should also notify consumers and give them choices about how their information will be used.
“The only way for the Internet of Things to reach its full potential for innovation is with the trust of American consumers,” said FTC Chairwoman Edith Ramirez. “We believe that by adopting the best practices we’ve laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized.”
Although the FTC notes that IoT-specific legislation would be “premature at this point,” it is not ruled out for the future.