By a 4-1vote, the Federal Trade Commission (FTC) adopted a report on Tuesday that recommends six  best practices that companies should undertake in protecting the privacy and security of personal consumer data used in  support of the Internet of Things (IoT). The 71-page report is said to be based on material derived from a  November 2013 FTC workshopon IoT, as well as on public comments submitted to the FTC on the subject.  Statistics cited in the  report show that there are 25 billion IoT devices in use today that include automobiles, thermostats, home appliances,  health monitors, and watches. Experts anticipate the number of IoT devices will double by 2020.

The report focuses exclusively on IoT devices “that are sold to or used by consumers” and does not  address “devices sold in a business-to-business context” or machine-to-machine communications “that enable businesses to  track inventory, functionality or efficiency.” Industry best-practices recommended by the FTC  include: (1) incorporation of security features in IoT devices “at the outset, rather than as an  afterthought in the design process,” (2) training employees on the importance of security, (3)  ensuring that outside providers “are capable of maintaining reasonable security,” (4) consideration  of “defense-in-depth” strategies whereby “multiple  layers of security may be  used to defend  against” identified security risks, (5)  measures to prevent unauthorized users from accessing   consumer  devices and related network data, and (6) monitoring IoT devices “throughout their  expected life” and providing security patches when needed “to cover known risks.”

Declaring, “the only way for the [IoT] to reach its full potential for innovation is with the trust  of American consumers,” FTC Chairwoman Edith Ramirez predicted that, “by adopting the best  practices we’ve laid out, businesses will be better able to provide consumers the protections they  want.” Charging, however, that the report lacks “analytical support,” FTC Commissioner Joshua  Wright maintained in a dissenting statement that “an economically sound and evidence-based approach  to consumer protection . . . would require the Commission to possess and present evidence that its  policy recommendations are more likely to foster competition and innovation than to stifle it.” In  remarks on the report’s release, House Energy and Commerce Committee Chairman Fred Upton (R-MI)  stressed, “we must exercise great caution to avoid the slippery slope of the Internet of Things evolving into the Internet of Regulation.”