Rep. Suzan DelBene Says Stronger Privacy Policies Are Needed to Deal With Internet of Things

WASHINGTON, July 9, 2019 – Privacy is a good place to start with public policy concerning the internet of things, said Rep. Suzan DelBene, D-Wash., in a keynote address at the AT&T Forum for Technology, Entertainment and Policy Tuesday.

With more than 3.8 billion people around the world using the internet every day, technology has become a “must-have” for all. One of the biggest downsides of technology, DelBene argues, is that individual data can be unprotected and sold without the person’s knowledge.

She said that IoT has also been known for its use in Distributed Denial-of-Service attacks.

The more network connectivity that exists, the more points of vulnerability there are, she said.

DelBene called to attention a couple pieces of legislation that she is trying to push. First is the Information Transparency and Personal Data Control Act, H.R. 2013.

The bill would require companies to state their privacy policies in “plain English,” so that consumers can make informed decisions. Companies must also disclose with whom they share user information.

The second bill is the Smart Cities and Communities Act of 2019, H.R. 2636. The measure would authorize $220 million for cities and rural communities to try deploying smart technologies and relaying information back to policymakers, in accordance with a “best practices” approach.

Addressing security issues requires a reasonable approach to risk management, said Eric Wenger, director of cybersecurity and privacy policy at Cisco Systems. There needs to be a shift from a prescribed list of solutions to more process-oriented approaches.

Moreover, he said, there is currently a presumption that humans onboard IoT devices. In the future, devices may be built with enough security that they don’t need human involvement. That is why policymakers should determine the reasonable baseline of protection for these devices.

Another challenge is laying down the “ground rules” for what exactly is IoT, said Michael Fagan from the National Institute of Standards and Technology. IoT devices are always changing and any part of their infrastructure can become obsolete. Their “secure-ability” must be increased to ensure that they cannot leak user data.

Baseline guidelines for IoT devices should be both industry-driven and have a commonality with what regular people are doing, said Chris Boyer, assistant vice president of global public policy at AT&T. The number of connected devices, he said, will exponentially increase as we shift towards fiber and 5G.

The question then becomes how to incentivize consumer awareness of how their devices impact the devices of others, said Fagan. The cost will ultimately be paid by manufacturers and providers experiencing cybersecurity attacks.

(Photo of Rep. Suzan DelBene by Masha Abarinova.)