In-brief: The FTC issued a report on Tuesday that provides guidance to U.S. businesses on protecting consumers’ privacy and security in the design and deployment of “Internet of Things” devices.
The U.S. Federal Trade Commission (FTC) issued a report on Tuesday urging U.S. businesses to take steps to protect consumers’ privacy and security as Internet-connected devices that are part of the “Internet of Things” gain mainstream adoption.
The Internet of Things is “already impacting the daily lives of millions of Americans,” the FTC said. IoT technology like health and fitness monitors or home security cameras “offer the potential for improved health-monitoring, safer highways, and more efficient home energy use.” But they also raise privacy and security concerns that could undermine consumer confidence, the FTC said.
In a report, the Commission is recommending a list of best practices to ensure security and privacy and reassure consumers. Among other things, the FTC is calling on companies to “build security into devices” early in the design and development process. That includes educating employees about the importance of security and making it a priority for management within the company.
Companies that use Internet of Things technologies are advised to use a “defense-in-depth” approach: layering security controls on top of a device to mitigate risks. They are also advised to pay attention to user access and take steps to keep unauthorized users from accessing devices or the data stored on them.
[Read more Security Ledger coverage of the FTC here.]
Importantly: companies that make Internet of Things products are urged to manage devices actively throughout the device lifespan: providing patches and other support for them. Companies are also urged to “consider data minimization” – collecting and retaining as little consumer data as possible and retaining it for as short a period as possible.
The FTC has taken the point for the U.S. Government in matters relating to the Internet of Things, privacy and security. In at least one case, it has issued a fine to a maker of a home surveillance camera that was found to have lax security features.
In January, FTC Chairwoman Edith Ramirez addressed the Consumer Electronics Show. Her address echoed many of the main points of the new FTC report.
Pingback: Could Moore's Law Solve The IoT Security Problem? | The Security Ledger
Pingback: IoT Hackers: The FTC Wants You! | The Security Ledger
Pingback: Research: IoT Hubs Expose Connected Homes to Hackers | The Security Ledger
Pingback: A Good Housekeeping Seal for the Connected Home? | The Security Ledger