At a House Energy and Commerce hearing on January 18th, 2018, VMware COO Sanjay Poonen said that “we need to, as a country, be at the forefront of [innovation], and if we don’t do it, some of the other countries of the world are.” The topic that Poonen was referring to, and the topic that both the private and public sectors are currently grappling with, is the Internet of Things. Like Poonen, several members of Congress mentioned during the hearing that technological advances are inevitable; the question is how to maximize their potential gains.
The Internet of Things (IoT) is a term for the wireless connection of everyday objects to the Internet and to other devices. Such devices could include vehicles, buildings, traffic systems, remote monitoring devices, and satellites. The Internet of Things could provide immeasurable good for both governments and private citizens alike. Cities like Barcelona, Chicago, and Las Vegas have already begun using IoT to improve traffic flow and reduce energy and water waste. Los Angeles is using sensors and algorithms to monitor air quality and the health of trees. The U.S. Army uses smart helmets to record data on head injuries and improve care for troops. In sum: the Internet of Things could revolutionize every aspect of daily life, and both the public and private sectors are beginning to explore the benefits of this level of connectivity. According to many analysts, IoT will be ubiquitous, and its progress is rapid. For instance, BI Intelligence predicts that 22.5 billion devices will be connected to IoT in 2021, compared to 6.6 billion in 2016.
However, privacy emerges as a major concern: IoT sensors collect large amounts of data, which governments, corporations, and individuals could analyze. The influx of data presents the question of who owns and has access to the data. For example, should manufacturers and retailers be able to use data from “smart” devices to more effectively target advertising? Alternatively, will law enforcement and government agents have the ability to access information without Fourth Amendment protections?
Additionally, the massive hike in the quantity of IoT devices gives rise to a host of opportunities for cyber hackers. Demonstrating the risks of connecting everyday objects to the Internet, two cybersecurity researchers wirelessly hacked into a Jeep Cherokee in 2015. Furthermore, the quantity and scope of cyber attacks in 2017, including Mirai and WannaCry, could raise alarm. Adopting cyber hygiene best practices, such as complex passwords, patches, and multi-factor authorization reduces risk. However, cyber hygiene alone may not be enough; governments might feel compelled to explore legislation to address security and privacy concerns, while also acknowledging the economic and productivity benefits of IoT.
Internet-connected devices have not yet encountered major regulations in the United States, but legislators are starting to discuss privacy and security protections. In April 2017, California became the first governmental body to introduce a bill requiring privacy and security by design in IoT devices. Shortly afterwards, Senator Mark Warner introduced the Internet of Things Cybersecurity Improvement Act to mandate security standards for federal procurement of IoT devices. Although both of these bills are currently pending in their respective legislatures, it is probable that additional legislation will emerge in the future.
The onset of the Internet of Things will transform the digital economy, especially as the upcoming 5G network is projected to improve interconnection. While data scientists and engineers tackle the technical and infrastructural aspects of Internet of Things, policymakers face a different challenge: deciding how to best encourage IoT growth while upholding fundamental rights. The government acts as both a regulator and a consumer of IoT applications, and lawmakers continue to work with technology leaders to chart ongoing public policy. The nation is on the verge of a technological transition, and the policies set today will have implications for the joint futures of innovation, privacy, and security.
Photo by Wesley Fryer on Flickr.
Caitlin Chin was a senior online editor for the Georgetown Public Policy Review and a M.P.P. candidate at the McCourt School. She holds a bachelor's degree in government and Spanish from the University of Maryland.