Technologists Want Global Policy Approach to IoT, Panelists Say
Policymakers should collaborate internationally to develop universal IoT standards to address privacy and cybersecurity concerns, panelists said Friday at an event hosted by American University’s Internet Governance Lab. Open Internet of Things Certification Mark Coordinator Alexandra Deschamps-Sonsino’s organization is pushing for a global, consumer-facing certification program for internet-connected products. Sen. Ed Markey, D-Mass., and Rep. Ted Lieu, D-Calif., made a similar effort with the Cyber Shield Act (S-2020/HR-4163), which would establish a voluntary certification program to ensure internet-connected devices meet “industry-leading” standards on cyber and data security (see 1802150034).
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Speaking remotely from London, Deschamps-Sonsino said the key will be developing a “cost-effective” certification process that companies can subscribe to, which has been lacking in some of the competing proposals. The Open Internet of Things Certification Mark calls for the ethical development of connected products based on 33 key principles, including privacy, transparency, security of data governance and consent. Deschamps-Sonsino, who's writing a book on smart homes, said there's a lot of fear, uncertainty and doubt about the IoT.
American University professor Gwanhoo Lee argued universal adoption of a cybersecurity framework would allow multiple jurisdictions to understand requirements across multiple borders. There's currently some common ground between the EU general data protection regulation, to take effect in May, and China’s recently introduced Cybersecurity Law. However, as the eve of the IoT unfolds, Lee urged a market-driven approach rather than top-down directives from government that could do more harm than good.
American University professor Laura Denardis said the stakes of stability and security are very high, calling cybersecurity the modern era’s “great human rights issue.” The next wave of internet innovation will be through the IoT, she said.
George Mason University technologist Adam Thierer and Internet of Things Privacy Forum founder Gilad Rosner debated free-market and soft law regulatory approaches to the emergence of connected devices. Thierer backed a landscape of “permission-less innovation,” saying market self-regulation is better than government intervention. Legislative processes can't keep up with the pace of innovation, so soft law, led by the FTC, with multistakeholder input, is the best option, he said. Rosner warned that innovation isn't universally good and some business models should be killed before they're deployed. He cautioned against “odious forms” of manipulation and discrimination, citing the recent Facebook-Cambridge Analytica controversy. Thierer said the sheer number of IoT devices shouldn't trigger regulation in itself; tighter regulation should only be considered if user harm is expected. Rosner argued for a “precautionary principle,” in which manufacturers should have to show there won't be harm that outweighs consumer benefit. Electronic Frontier Foundation author and activist Cory Doctorow said there's one minimum policy approach that has universal agreement: When devices fail, users should be informed quickly, so manufacturers can fix the issue.