The “Internet of Things”: New Technologies and the Promise of Ubiquitous Computing

Refrigerators that can order fresh gallons of milk. Electricity meters that provide detailed usage analytics. Medical devices that can collect detailed biometric data. Until recently, such consumer products have been confined to the dreams of futurists and Jetsons devotees. But with the rise of smart grid technology and Internet-enabled consumer goods, the so-called “Internet of Things” has become less of a fantasy and more of a foreseeable future in consumers’ lives. However, the rise of such technologies will create new challenges for companies, policymakers, and regulators seeking to determine adequate privacy and security models.

Last week, CDT filed comments with the Federal Trade Commission discussing the issues raised by the Internet of Things. The FTC will be holding a public workshop later this year on these issues, and CDT anticipates an important discussion of the complex questions of privacy and security raised by this new area of consumer products. In our comments, we emphasized several key points that we urge policymakers and regulators to keep in mind. These initial comments are focused narrowly on how the FTC should frame the relevant issues for its November workshop; we anticipate filing more substantive comments in the fall.

As an initial inquiry, the FTC should examine the underlying concept of the “Internet of Things.” In some instances, people will directly interact with devices; in others, devices may communicate with each other without direct human input. As a result, context – as the White House noted in its February 2012 privacy framework – matters a great deal in determining what protections consumers expect. Indeed, it is possible that without notice, feedback, and technical configurability from a privacy and security perspective, consumers may not feel comfortable with environments saturated by such devices. Manufacturers that supply Internet-enabled devices should therefore create envision the different contexts that those devices may be used in when considering privacy and security.

From a privacy standpoint, the FTC should examine to what extent the Internet of Things raises familiar privacy issues, such as tracking and behavioral advertising. As in the case of Do Not Track and web browsing, CDT feels that the proper balance between the public interest in privacy and in innovation lies in effective mechanisms for consumer control and notice of collection and use of data. If consumers believe this model of collection and use is privacy invasive, they may avoid participating in these kinds of systems or may do so only grudgingly. Consumers have fundamental privacy rights that cannot be overridden, even with the proliferation of sensors and databases, and manufacturers should consider those rights when creating Internet-enabled devices. Security issues – especially as those that may arise when devices designed in isolation by various companies interact with each other – will also be of paramount importance for consumers and manufactures. CDT urges the FTC to remain cognizant of these areas as it explores these policy questions. While the technologies involved here may seem futuristic, the issues raised by the Internet of Things are closely tied to long-standing privacy and security debates. CDT therefore hopes that the FTC will keep proven solutions in mind as it examines that appropriate level of scrutiny and regulation in this promising new realm.