The FTC Calls for Lockdown Security on the Internet of Things

The Internet of Things (IoT) was big news at January's Consumer Electronics Show in Las Vegas, and many large tech companies had related announcements. Apple wan't demonstrating, but partners had the first set of devices that are HomeKit certified, which is Apple’s protocol for allowing smart home devices to work with the iOS platform. And, Google announced 15 new partners in “Work With Nest,” its developer program for adding third-party devices to Nest devices and networks. Meanwhile, The Linux Foundation oversees one of the biggest Internet of Things initiatives: The AllSeen Aliance, which is rapidly gaining members.

In a recent post, though, I noted that as the Internet of Things marches forward, there are also some serious concerns being voiced about security. Now, the U.S. Federal Trade Commission (FTC) has picked up that thread. The FTC released a detailed report warning businesses to take steps to protect the privacy and security of American consumers. And, the report calls out the security quagmire surrounding the Internet of Things.

The FTC notes that 25 billion objects are now online globally, with sensors and other devices automating how the collect information and share it. The Internet of Things aims to make everything from cars to potted plants Internet aware.

According to a study from HP Security Research, 70 percent of the most widely used Internet of Things devices have notable security vulnerabilities.

“The only way for the Internet of Things to reach its full potential for innovation is with the trust of American consumers,” said FTC Chairwoman Edith Ramirez, in a statement. “We believe that by adopting the best practices we’ve laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized.”

You can find the FTC's best practices in its detailed report, available here.  

The report is partly based on input from leading technologists and academics, industry representatives, consumer advocates and others who participated in the FTC’s Internet of Things workshop held in Washington D.C. on Nov. 19, 2013, as well as those who submitted public comments to the Commission. 

Commission staff recommends that companies consider data minimization – that is, limiting the collection of consumer data, and retaining that information only for a set period of time, and not indefinitely. The report notes that data minimization addresses two key privacy risks: first, the risk that a company with a large store of consumer data will become a more enticing target for data thieves or hackers, and second, that consumer data will be used in ways contrary to consumers’ expectations.

The FTC is not alone in issuing the security concerns. According to a recent survey from Zebra Technology, more than 95 percent of retailers are about to embrace the Internet of Things, and as devices and tools in their stores relay information about you to the cloud and beyond, how secure might your personal information be? In the Zebra Technology survey, 56 percent of respondents listed integration challenges as the top barrier to IoT implementations, while 47 percent mentioned security and privacy as a chief concern.