Trade groups tell Congress to keep its hands off IoT

U.S. Representative Judy Chu, a California Democrat, talks about potential privacy and security problems with the Internet of Things during a House subcommittee hearing Wednesday, July 29, 2015.

The U.S. Congress should take a hands-off approach toward the burgeoning Internet of Things industry and let vendors figure out how to deal with privacy and security issues, representatives of four trade groups said.

The IoT industry offers great potential for growth and for innovative new products, but that growth "requires government restraint," Gary Shapiro, president and CEO of the Consumer Electronics Association, told lawmakers Wednesday.

Government has a role in an ongoing debate about issues such as who owns the data moving over the IoT, but decisions about security and privacy should be driven by vendors, Shapiro told the Internet subcommittee of the House of Representatives Judiciary Committee. "It's up to manufacturers and service providers to make good decisions about privacy and security, or they will fail in the marketplace," he added. "Industry-driven solutions are best to promote innovation while protecting consumers."

The IoT industry, largely left to deal with security and privacy issues on its own, promises great benefits, the trade groups told lawmakers. The IoT, paired with wearable monitors, will help doctors remotely track the health of patients in a rapidly aging U.S. population, and connected cars will greatly reduce the number of traffic accidents, they said.

Congress could play a "large, and potentially destructive role, if we're not careful," said Representative Darrell Issa, California Republican.

While the trade groups called on Congress to refrain from regulating the IoT, they also asked lawmakers to take several steps to promote the industry. Shapiro asked for new immigration rules that would allow U.S. companies to hire more skilled foreign workers. He and other trade group representatives also asked Congress to push government agencies to give up their wireless spectrum for commercial use.

Others asked Congress to revamp the 29-year-old Electronic Communications Privacy Act, which now allows law enforcement agencies to obtain data stored in the cloud for more than six months without a court-ordered warrant. The trade groups want warrant protections for that stored data.

Dean Garfield, president and CEO of the Information Technology Industry Council [ITI], called on Congress to push for a national strategy on IoT, similar to the national broadband plan published by the Federal Communications Commission in 2010.

Still, several subcommittee members seemed unconvinced about the IoT industry's ability to police itself. Security researchers have shown they can hack into some cars and disable the accelerators, said Representative Judy Chu, a California Democrat.

"Connectiveness flows both directions, and hackers could manipulate these devices for evil, if they so chose," she said.

Auto makers are working hard to address the risk of hacking, and sharing potential risks and solutions with each other, said Mitch Bainwol, president and CEO of the Alliance of Automobile Manufacturers.

"The pace of innovation far outstrips the pace of regulation," Bainwol added.

In addition to auto safety, Congress may have a role to play in refereeing who owns the consumer data that flows over IoT, Chu said. "How do we rely on the industry to self govern and avoid the problems implicit in the fox guarding the hen house?" she said. "Isn't the industry incentivized to claim ownership over the data?"

Consumer privacy is "paramount," added Representative Ted Poe, a Texas Republican. Congressional action may be needed to ensure that IoT vendors don't share too much information with government agencies, he said.

In some cases, consumers should have some control over the data they share on IoT systems, Shapiro said. But in other cases, when the data being used isn't particularly personal, companies may not need to give consumers control, he added. For example, IoT-connected windshield wipers that can tell other drivers where it's raining may not be providing information consumers need to keep control over, he said.

"If industry goes in the wrong direction, we are fully confident government will be there saying, 'This is wrong,'" he said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.