FTC Report on Internet of Things Highlights Security Risks

The staff of the Federal Trade Commission issued a report yesterday (Jan. 27) on the Internet of Things, naming security as its top priority.

As the report details, the Internet of Things (IoT) is already impacting the daily lives of millions of Americans through the adoption of health and fitness monitors, home security devices, connected cars, and household appliances, among other applications. Such devices offer the potential for improved health monitoring, safer highways, and more efficient home energy use, among other potential benefits. But this wonderful world of connected devices, the FTC warns, raises numerous privacy and security concerns that could undermine consumer confidence.

“The only way for the Internet of Things to reach its full potential for innovation is with the trust of American consumers,” FTC Chairwoman Edith Ramirez said. “We believe that by adopting the best practices we’ve laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized.”

According to data cited in the report, there are at present more than 25 billion connected devices in use worldwide, with that number set to rise significantly as consumer goods companies, auto manufacturers, health care providers, and other businesses continue to invest in connected devices.

Key suggestions for companies developing IoT devices include building in security at the outset (rather than as an afterthought), training employees about the importance of security, fully vetting the capabilities of outside service providers, advocating for multilayered security strategies (“defense-in-depth”), and monitoring connected devices throughout their expected life cycles.

FTC staff also recommend that companies consider data minimization: limiting the collection of consumer data and retaining that information only for a set period of time. The report notes that data minimization addresses two key privacy risks: first, the risk that a company with a large store of consumer data will become a more enticing target for data thieves or hackers, and second, that consumer data will be used in ways contrary to consumers’ expectations.