As we’ve been told, 2015 will be the year of the “Internet of Things.” (Or was it 2013? Or 2014?) For those not yet in the know, the Internet of Things (“IoT”) is a web of personal, household, and office devices that collect, share, and store data via an Internet connection. After registering the device and connecting it to the Internet, users can access the device from their tablet or smartphone.
Currently, there are more than 1.9 billion devices connected through the IoT—a number that some estimate will grow to 9 billion by 2018. Other projections estimate that by 2020, the global market for IoT devices and services will exceed $7 trillion. This trend is not going unnoticed by the FTC.
For example, in 2013, the Federal Trade Commission (“FTC”) took action against TRENDnet, a company that builds home security cameras which can be accessed via the Internet. According to the FTC complaint, TRENDnet marketed its video cameras as “secure,” when in reality, the cameras used faulty software that allowed them to be accessed by anyone who obtained the camera’s IP address.
As a result, many of the camera feeds were hacked, and the private lives of users were exposed. TRENDnet eventually settled with the FTC. As part of the settlement, the company agreed to no longer advertise the product as “secure” and to implement extensive new security measures.
Recently, the FTC has taken steps to help IoT companies safeguard the information they collect from consumers. On January 26, 2015, the FTC issued a report on the IoT, which includes recommendations on ways companies can enhance privacy and data security.
One of the measures the FTC report suggests is “defense-in-depth,” which encourages companies to implement multiple layers of security against a single risk. The FTC also recommends that companies minimize the amount of data they collect from users in order to mitigate the damage caused by a security breach.
Critics of the FTC report claim that it is vague and leaves many of the central issues surrounding the IoT unresolved. For example, the report states that the FTC will continue to take enforcement actions against IoT companies, but does not provide any indication of the types of things that may trigger an FTC investigation. Notwithstanding this lack of clarity, the report represents a first step towards providing IoT companies with an accessible regulatory framework.
FTC regulation is just one of the legal concerns that IoT companies should address early in the stages of product development. Some of the other issues implicated by the IoT include: data privacy, data ownership, traditional product liability, regulation from other government agencies, consumer class actions, and intellectual property issues.