The Federal Trade Commission announced that it will conduct a workshop on November 21, 2013, on the privacy and security implications of the “Internet of Things,” which is a computerized network of physical objects. In IoT, sensors and data storage devices embedded in objects interact with Web services. (For more on privacy and the IoT, see a Center for Democracy and Technology report that I consulted on and contributed to, “Building the Digital Out-Of-Home Privacy Infrastructure.”) The FTC is seeking public comments. It said:
The staff of the Federal Trade Commission is interested in the consumer privacy and security issues posed by the growing connectivity of consumer devices, such as cars, appliances, and medical devices, and invites comments on these issues in advance of a public workshop to be held on November 21, 2013 in Washington, D.C.
The ability of everyday devices to communicate with each other and with people is becoming more prevalent and often is referred to as “The Internet of Things.” […]
Connected devices can communicate with consumers, transmit data back to companies, and compile data for third parties such as researchers, health care providers, or even other consumers, who can measure how their product usage compares with that of their neighbors. The devices can provide important benefits to consumers: they can handle tasks on a consumer’s behalf, improve efficiency, and enable consumers to control elements of their home or work environment from a distance. At the same time, the data collection and sharing that smart devices and greater connectivity enable pose privacy and security risks.
FTC staff seeks input on the privacy and security implications of these developments. For example:
- What are the significant developments in services and products that make use of this connectivity (including prevalence and predictions)?
- What are the various technologies that enable this connectivity (e.g., RFID, barcodes, wired and wireless connections)?
- What types of companies make up the smart ecosystem?
- What are the current and future uses of smart technology?
- How can consumers benefit from the technology?
- What are the unique privacy and security concerns associated with smart technology and its data? For example, how can companies implement security patching for smart devices? What steps can be taken to prevent smart devices from becoming targets of or vectors for malware or adware?
- How should privacy risks be weighed against potential societal benefits, such as the ability to generate better data to improve health-care decisionmaking or to promote energy efficiency? Can and should de-identified data from smart devices be used for these purposes, and if so, under what circumstances?
FTC staff will accept submissions through June 1, 2013, electronically through firstname.lastname@example.org or in written form. Paper submissions should be mailed or delivered to: 600 Pennsylvania Avenue N.W., Room H-113 (Annex B), Washington, DC 20580. The FTC requests that any paper submissions be sent by courier or overnight service, if possible, because postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.