The Federal Trade Commission (FTC) is aware we live in a connected world. Americans wear Fitbits, have Nest thermostats, use automated light systems from companies like Belkin and Philips, even have televisions that predict what they want to watch. But in a new report, the FTC has a warning: Existing privacy regulations don’t really cover the Internet of Things, and the Commission doesn’t really trust device manufacturers to do the right thing–or even be aware of the risks of collecting all that data.
In a staff report issued this week, the FTC warned that makers of connected health, home, and transportation devices could potentially leave their users vulnerable to data hacks. Most of all, the FTC is concerned that private information will be used to jack up users’ insurance rates or deny them access to loans.
At issue is that the capabilities of fitness trackers and home automation devices are growing faster than the law can keep up. Case in point: The report is based on a workshop held in November of 2013. Since then, hundreds of new startups have entered the space, and IoT devices have become increasingly mainstream. Our most relevant piece of legislation dealing with data from connected devices–the Fair Credit Reporting Act–hasn’t been updated since the advent of Fitbit and Nest, and does nothing to prevent in-house analysts from going to town on the data gleaned from these devices.
The FTC also chided device manufacturers for poor security, and specifically expressed worries that companies won’t pay attention to security for the entire life cycle of a product. They noted that manufacturers have a propensity to “orphan” connected devices as newer, shinier models come along.