June 30, 2015

How Not to Strangle the Internet of Things

Adam Thierer

Senior Research Fellow
Summary

The Internet of Things is the hot new fixation in the world of technology, and it’s already raising concerns about safety, security, and privacy – many of which are persuasively documented in the special package just published here. We all face a host of new vulnerabilities in a world in which we’re always plugged into the Internet, and the objects around us are constantly sharing data about our personal and professional lives.

Contact us
To speak with a scholar or learn more on this topic, visit our contact page.

The Internet of Things is the hot new fixation in the world of technology, and it’s already raising concerns about safety, security, and privacy – many of which are persuasively documented in the special package just published here. We all face a host of new vulnerabilities in a world in which we’re always plugged into the Internet, and the objects around us are constantly sharing data about our personal and professional lives.

These fears have led some policymakers and activists to call for preemptive regulations. Specifically, they’re calling for limits on certain types of data collection, or restrictions on where and how these technologies can be used.

This is an appealing approach. It’s also shortsighted.

There’s good reason to be excited about the Internet of Things; experts estimate that the total global impact of networked technologies could generate anywhere from $2.7 trillion to $14.4 trillion in value by 2025. And it’s likely to increase all kinds of human goods. But we’re not going to tap its full potential if these technologies are smothered in layers of red tape while they’re still in the cradle.

The problem with imposing precautionary rules is that by trying to prevent hypothetical worst-case scenarios – hackers setting your house on fire; blackmail based on your medical data – it’s likely we would unwittingly discourage many best-case scenarios as a result. We don’t know if any of those frightening things will ever really happen. We do know that the Internet of Things is going to require creativity, agility, and lots of experimentation to reach its full potential. And that won’t happen if its players are constrained a thicket of new precautionary laws, or by fear of crossing lines drawn out of excessive caution.

That doesn’t mean law shouldn’t play a role. But it’s important to realize that there are already many potential legal remedies and other solutions already available. Common law can handle many of the issues that the IOT raises. Existing privacy torts and existing targeted rules (such as “Peeping Tom” laws) can address privacy and security harms as they develop. If safety is the issue, volumes of pertinent federal health and safety rules already exist to enable the class actions lawsuits that are bound to take flight at the first sign of any product defects.

Policymakers also have a role. They can encourage privacy and security “by design” for IOT developers, although those are best implemented as guidelines for an industry still developing, rather than as top-down controls that force it one direction or the other. More privacy-enhancing tools—especially robust encryption technologies—can also help, and government officials would be wise to promote these tools instead of restricting them.

The Federal Trade Commission and state attorneys general will also play an important backstop role by policing “unfair and deceptive” practices. The FTC has already been very active in overseeing the digital economy by encouraging companies to live up to the privacy and security promises they make to their consumers. Governments can also help play the role of educator by explaining the potential dangers of new IOT technologies as well as potentially inappropriate uses.

Beyond that, going further with more heavy-handed rules at this early stage would be a mistake. We don’t actually know which risks are going to turn out to be serious, and which are just bogeymen. For now, we can wait and see how our existing legal systems handle IOT issues and then fill gaps from there.

The model to follow is the nonpartisan vision that Congress and the Clinton administration crafted in the mid-1990s for the Internet itself: they embraced light-touch regulation and relied on existing legal remedies instead of imposing overarching, top-down regulatory frameworks for a new and fast-moving technology.

The result of that approach speaks for itself. The Internet and the Web became models of “permissionless innovation,” and allowed America to take a commanding lead in the global information economy. By protecting and extending that approach now, policymakers can foster the growth of the Internet of Things and get this next technological revolution off to a fast start.