Julie Brill, Hogan Lovells Partner and former Commissioner of the U.S. Federal Trade Commission (FTC), delivered opening afternoon remarks at the Fifth Annual Winnik International Telecoms and Internet Forum: The Internet of Things: Legal Challenges and Opportunities. Brill highlighted the “unquestionable” benefits of the Internet of Things (IoT) while also stressing the considerable data security and privacy concerns that come along with the emerging IoT ecosystem.
Brill noted that one of the biggest challenges surrounding IoT is security. Device security is a paramount concern because connected devices are linked to the physical world. Security vulnerabilities may not become apparent until a device is connected to an environment for which it wasn’t designed, or until consumers use a device or service in an unexpected way. Brill stated that it is important that companies monitor vulnerabilities in devices and applications especially considering how quickly vulnerabilities in one device can spread to other devices.
Brill also analyzed the FTC’s recent enforcement action against ASUSTeK Computer, Inc. In its complaint against the Taiwanese router manufacturer, the FTC alleged that ASUS failed to take reasonable steps to secure the software on its routers, despite making promises to consumers about the routers’ security. As part of a consent decree ASUS entered with the FTC, ASUS agreed to implement a comprehensive security program. According to Brill, the ASUS case shows that the FTC staff wants companies to adopt standardized security practices.
IoT device manufacturers and service providers, as well as the businesses that use IoT devices, face unique challenges in providing end users with adequate transparency into how IoT devices collect and use data. Brill questioned how devices without a user interface could provide consumers with information on how data is collected and used. Brill also questioned when companies and even homeowners must provide notice to their customers and guests as IoT becomes more prevalent within homes and businesses. Brill emphasized that consumer trust will prove essential to IoT development and recommended that companies consider transparency and control mechanisms to avoid legal exposure as developers plan for the future of IoT.