Mr. Chairman and members of the Committee, thank you for inviting me here today to comment on the policy implications of the Internet of Things. My name is Adam Thierer, and I am a senior research fellow at the Mercatus Center at George Mason University, where I study technology policy.
My message today is condensed from a recent book1 and a forthcoming law review article2 on the Internet of Things, which refers to a world full of “smart” devices equipped with sensing and networking capabilities.
My research focuses primarily on the privacy and security implications of the Internet of Things and wearable technology. The three general conclusions of my work are as follows:
- First, the Internet of Things offers compelling benefits to consumers, companies, and our country’s national competitiveness that will only be achieved by adopting a flexible policy regime for this fast-moving space.
- Second, while there are formidable privacy and security challenges associated with the Internet of Things, top-down or one-size-fits-all regulation will limit innovative opportunities.
- Third, with those first two points in mind, we should seek alternative and less costly approaches to protecting privacy and security that rely on education, empowerment, and targeted enforcement of existing legal mechanisms. Long-term privacy and security protection requires a multifaceted approach incorporating many flexible solutions.
I will discuss each point briefly.
BENEFITS OF IOT
First, the Internet of Things will benefit the “3-Cs” of consumers, companies, and our country:
- Consumers will benefit from more of their devices being networked, sensing, and communicating. The Internet of Things offers us more choices and convenience, especially for personal health and productivity.
- Companies will benefit from increased efficiencies and the ability to offer a staggering array of new product and service options to their customers.3
- And our country will benefit by maintaining our global competitive advantage in the digital economy.
The magnitude of this opportunity is breathtaking.4 Technology analysts and economic consultancies have predicted economic benefits in the trillions of dollars.5
The positive effects of the Internet of Things will reverberate throughout every sector of the economy, and as Progressive Policy Institute economist Michael Mandel notes, it “has the potential to help revive the high-growth economy.”6 It we let it, it could revolutionize manufacturing, health care, energy, transportation, retailing, and various government services.
GETTING POLICY RIGHT
If America hopes to be a global leader in the Internet of Things, as it has been for the Internet more generally over the past two decades, then we first have to get public policy right.
America took a commanding lead in the digital economy because, in the mid-1990s, Congress and the Clinton administration crafted a nonpartisan vision for the Internet that protected “permissionless innovation”—the idea that experimentation with new technologies and business models should generally be permitted without prior approval.7
Congress embraced permissionless innovation by passing the Telecommunications Act of 1996 and rejecting archaic Analog Era command-and-control regulations for this exciting new medium.8
The Clinton administration embraced permissionless innovation with its 1997 “Framework for Global Electronic Commerce,” which outlined a clear vision for Internet governance that relied on civil society, voluntary agreements, and ongoing marketplace experimentation.9
This nonpartisan blueprint sketched out almost two decades ago for the Internet is every bit as sensible today as we begin crafting a policy paradigm for the Internet of Things.10
Again, the first order of business is for policymakers to send a clear green light to entrepreneurs letting them know that our nation’s default policy position remains “innovation allowed.” Second, we should avoid basing policy interventions on hypothetical worst-case scenarios, or else best-case scenarios will never come about.11 Our policy regime, therefore, should be responsive, not anticipatory.
Of course, privacy- and security-related challenges exist that deserve attention. Data is going to be moving fluidly across so many platforms and devices that it will be difficult to apply traditional Fair Information Practice Principles12 in a rigid regulatory fashion for every conceivable use of these technologies.13
Specifically, it will be challenging to achieve perfect “notice and choice” in a world where so many devices are capturing volumes of data in real time. Moreover, while “data minimization” remains a worthy goal, if it is mandated in a one-size-fits-all fashion, it could limit many life-enriching innovations.
Law will still play a role, but we’re going to need new approaches.
Policymakers can encourage privacy and security “by design” for Internet of Things developers, but those best practices should not be mandated as top-down controls. Flexibility is essential.14
More privacy-enhancing tools—especially robust encryption technologies—will also help, and government officials would be wise to promote these tools instead of restricting them.
Increased education is also essential, and governments can help get the word out about inappropriate uses of these technologies.
Existing privacy torts and existing targeted rules (such as “Peeping Tom” laws) will also likely evolve to address serious harms as they develop.
Finally, the Federal Trade Commission will continue to play an important backstop role, using its Section 5 authority to police “unfair and deceptive” practices. The commission has already been remarkably active in encouraging companies to live up to the privacy and security promises they make to their consumers, and that will continue.
CONCLUSION: WE CAN ADAPT
In closing, we should also never forget that, no matter how disruptive these new technologies may be in the short term, we humans have an extraordinary ability to adapt to technological change and bounce back from adversity.15 That same resilience will be true for the Internet of Things.
We should remain patient and continue to embrace permissionless innovation to ensure that the Internet of Things thrives and American consumers and companies continue to be global leaders in the digital economy.