As more and more devices in homes and cities become connected, a draft bill from the House Subcommittee on Digital Commerce and Consumer Protection could be the first step toward legislating the internet of things. Though the proposal is already winning support from various industry groups, there are concerns over how to balance protecting consumers with promoting innovation.
During a May 22 hearing, the House Subcommittee on Digital Commerce and Consumer Protection reviewed the State of Modern Application, Research and Trends of IoT, or SMART IoT Act. The bill, which is still in the preliminary "discussion draft" phase, would require the secretary of commerce to collect information about what kind of "internet-connected devices" and standards are being developed today across all industries, and how those different devices are regulated across different agencies.
Specifically, the Commerce Department would develop a comprehensive list of federal agencies with jurisdiction over entities in the IoT space, as well as a list of what actions those agencies are taking with regards to IoT regulation. "The SMART IoT Act will create the first compendium of essentially who is doing what in the IoT space," House Energy and Commerce Committee Chairman Greg Walden, R-Ore., said during the hearing, noting that the Commerce Department will include research on both public and private efforts.
Walden said the bill aims to "set the stage by making sure stakeholders are aware of the playing field and are not creating conflicting or duplicative obligations or requirements."
Tim Day, a senior vice president at the U.S. Chamber of Commerce's Chamber Technology Engagement Center, said such a compendium would be valuable for large and small business leaders as it would bring to light overlapping, sometimes conflicting regulatory regimes.
He noted that in the current regulatory environment, a company developing connected devices for cars could face "overlapping or inconsistent federal oversight" from the Federal Trade Commission, the National Highway Traffic Safety Administration and the Federal Communications Commission. Similarly, a company making medical IoT devices might be subject to oversight from the Food and Drug Administration, the FTC and the FCC.
"In this environment, interagency coordination is a must to avoid stifling innovation," Day said in prepared remarks, calling the SMART IoT Act "a step in the right direction toward unraveling the web of duplicative regulatory frameworks."
One concern about the bill, however, is that it does not specifically address questions about privacy or security.
"I know some stakeholders have asked that cybersecurity be specifically called out in this study. I would support such a change," Energy and Commerce Ranking Member Frank Pallone Jr., D-N.J., said during the hearing, noting that throughout the subcommittee's early talks with IoT stakeholders, cybersecurity was the issue that came up most often.
But Pallone indicated he would be open to having Congress address cybersecurity in a separate bill, calling the SMART IoT Act "a jumping off point for more work."
Other Democrats, though, said security and privacy issues were too important to separate from any legislative action on IoT.
"I think we're not paying enough attention to security and privacy," Debbie Dingell, D-Mich., said, adding that the recent Facebook Inc. data sharing scandal showed that consumers "had no idea" about how much data companies are already collecting and sharing about them.
Michelle Richardson, deputy director for the Freedom, Security and Technology Project at the nonprofit Center for Democracy and Technology, agreed that Congress needs to take action to better protect users' privacy and security, but she noted that this action should not be limited to IoT regulation.
Instead, she advocated for "a baseline comprehensive privacy law in the United States" that would apply across all sectors and agencies.
In terms of the next steps for the bill, a final version would need to be introduced and voted on in the House as well as the Senate before it could win approval from the White House and become law. The Senate, meanwhile, has its own IoT legislation: the Developing Innovation and Growing the Internet of Things, or DIGIT Act. That bipartisan bill, which has already passed the Senate but is still being reviewed in the House, would direct the FCC to report on the spectrum required to support the internet of things. It would also propose creating a public-private working group to advise Congress on planning for and encouraging the growth of IoT.
