By the end of this year, we’ll see billions smart devices enter our homes and lives, according to the Federal Trade Commission chairwoman Edith Ramirez. If you’re hesitant about strapping on a Fitbit or mounting a connected security camera in your living room, you’re not alone. In addition to fears about hacking are concerns over how companies getting into the Internet of Things space are using all the collected data. Today, the FTC released a report stating companies making connected devices, from thermostats to health monitors to technology in cars, should limit the data they collect and the length of time they keep that information.
“We’re now in a world where data is being collected all the time,” said Ramirez at the State of the Net conference. “We’re bringing these devices into our homes, into what used to be private spheres.” She added that consumers should have more control over how companies use their data, especially because it’s becoming increasingly sensitive.
One suggestion is giving users choices before their data is utilized for “unexpected” uses, that is when it goes beyond the “reasonable expectations” of what the device does. You’d probably expect your step tracker data be looked at for health-related purposes but perhaps not for something like city planning in regards to foot traffic, for example. That’s a fairly innocuous example, but in a scarier scenario, fitness monitor data “could be used in the future to price health or life insurance or to infer the user’s suitability for credit or employment,” per the report. Users willingly submitting their fitness-tracker data to health insurance companies in the hopes of getting lower rates might supersede the limits set by the Fair Credit Reporting Act.
The report also states that whatever the data is, companies shouldn’t keep troves of it lying around and should discard it when they’re done with it. That would discourage data thieves from both inside and outside the organization, the FTC believes.
The risks inherent in the IoT include the access and misuse of personal information, attacks on the network or systems, and creating risks to personal safety (if, say, someone were to hack an insulin pump). To minimize such security risks, “companies should build security into their devices at the outset, rather than as an afterthought,” according to the report. Yet not all companies making these new devices have the experience needed to make these devices safe.
The FTC notes that everyone is entering new territory with these connected devices. Thus, “IoT-specific legislation at this stage would be premature.” For now, standards of privacy, security, and transparency are in the hands of companies making the technology.
