As more devices become equipped with internet of things capabilities, business and technology research groups are divided on whether a standardized industry or regulatory framework needs to be developed to keep up with the maturation of the technology.
At a July 26 panel at the Washington, D.C.-based public policy think tank New America, tech policy researchers called for the creation of a collaborative standard for internet of things security and privacy, saying such a standard is necessary for consumer protection. But a U.S. Chamber of Commerce policy executive said businesses would likely reject the idea as any standard would have to be too broad to be useful.
Maurice Turner, a senior technologist at the Center for Democracy and Technology, said consumers are assuming too much of a burden to be educated about the cyberrisks associated with connected devices. Noting that there are currently safety standards around devices not connected to the internet, he said, "I don't think that if you're an average consumer and you walk down to the store that you'd be able to buy a dangerous coffee maker."
He continued, "We have an entire supply chain built around the fact that you know that if you plug it in it's probably not going to burn your house down — that's not the case when you're talking about connected devices."
Turner says that while companies currently have the freedom to experiment in the market with self-regulation concerning cybersecurity, he believes at some point standards need to be codified at the government level.
Currently, there is a litany of different proposals at the federal level to address the range of challenges posed by connected devices.
One of the most recent proposals is the State of Modern Application, Research and Trends of IoT, or SMART IoT Act, which directs the U.S. Department of Commerce to conduct a study on the internet-connected devices industry. The proposed legislation aims to answer the question of which regulatory agency should assume responsibility for regulating IoT applications.
On June 13, the bill passed out of the House Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection to the full committee.
According to the National Conference of State Legislatures, at least 36 states have introduced cybersecurity legislation so far in 2018. Among the top concerns addressed in these proposals were restricting public disclosure of sensitive security information and providing funding for cybersecurity initiatives.
Matthew Eggers, vice president of cybersecurity policy at the U.S. Chamber of Commerce, told the panel he believes new regulations are not the right approach. He said many businesses may not agree on a blanket standard to reform cybersecurity and privacy standards in internet-connected devices.
"The folks that actually work in this space, whether it's maybe some kind of consumer device or maybe something in the industrial space, would say 'It's not clear we can do it like that, because each device fills its own niche.'"
Democratic Federal Trade Commissioner Rebecca Slaughter, who also spoke at New America prior to the panel discussion, called for the establishment of a formal bureau of technology at the FTC to help address some of the challenges posed by connected devices. Moreover, she noted that businesses and regulators can and should work with each other.
She highlighted an initiative called the Digital Standard, a collaborative effort between Consumer Reports and other technology research organization that seeks to create an open source framework for testing and evaluating the privacy and security of consumer internet-connected devices.
"Our work is substantially complemented by the development of robust, meaningful assessment tools by the public and industry," she said. "The Digital Standard…presents an opportunity for multiple stakeholders to create and continually refine a testing system."
In a 2017 study performed by Gartner Inc., an information technology research firm, an estimated 11.2 billion internet of things units will be in use by the end of 2018.