In a July 29, 2015 hearing, lawmakers asked a panel of witnesses—all industry representatives—about the current and future challenges facing the Internet of Things, and what role, if any, Congress should play in addressing these concerns. The Internet of Things refers to network-connected items able to exchange data with each other across existing network infrastructure. Data security and privacy concerns were some of the issues that dominated policymakers’ attention during the hearing.
Lawmakers and the witnesses discussed the steps that the private sector is taking to secure the Internet of Things. Mitch Bainwol, president and CEO of the Alliance of Automobile Manufacturers, and Dean Garfield, president of the Information Technology Industry Council, both discussed how open standards support security and suggested that Congress let industry develop these standards. Witnesses were unanimous in their opposition to the idea of legally mandated “backdoors”—allowing government access to encrypted information—in the encryption used by the Internet of Things. Such mechanisms, they argued, would actually expose consumers to greater security risks and thus discourage consumer adoption of these technologies. Morgan Reed, executive director of ACT – The App Association, stated that this type of requirement, which he referred to as “overzealous” government action, would hurt U.S. technology companies conducting business in other countries and weaken U.S. competitiveness.
Witnesses emphasized the importance of allowing different industries to develop their own rules regarding data privacy and security. Bainwol argued that consumers’ concerns about security in cars is unique, and Garfield echoed this sentiment, saying that the Internet of Things is massive, and regulators should address security concerns on a sector-by-sector basis. Reed suggested that a preferred approach may be for the Federal Trade Commission to handle privacy and security challenges on a case-by-case basis as they arise, rather than having an overbroad set of universal rules that may clash with industry best practices. Gary Shapiro, CEO and President of the Consumer Electronics Association, offered the same view, cautioning that if government action becomes necessary, it should be narrowly-tailored and focused on a specific harm.
The witnesses also grappled with the issue of data ownership and its implications for consumer privacy concerns. Shapiro advocated for transparency in how data would be used, which he contends will allow consumers to make informed decisions about whether to use a particular product.