FTC Recommends Tweaks to IOT Transparency Guidelines

Agency wants to guard against overwhelming consumers with info

The Federal Trade Commission has some suggested changes for a draft proposal on making the Internet of Things more secure and informing consumers about that level of security.

The suggestions came in comments Monday (June 19) on the National Telecommunications & Information Administration's effort, through a multistakeholder working group, to draft guidelines for upgrading and improving security for the devices, which include everything from smart TVs, lightbulbs and refrigerators to fitness trackers, wine cellars and self-driving cars.

The FTC said that, as a consumer protection agency, it wants to make sure the best practices resulting from the working group are sufficiently robust and useful. The commission said its suggestions are not necessarily a clue to FTC enforcement actions, but an effort to make sure the guidelines reflect the FTC's experience with consumer perceptions and expectations for disclosures.

Among the FTC's recommendations: (1) Stick with an "inclusive, voluntary, multistakeholder process that produced the draft of best practices; (2) stakeholders can reduce the need for disclosures, which are tough to do, by building in automatic security updates; and (3) omit the recommendation of informing consumers of the security of the security update process itself so as not to "overwhelm" consumers with info.

In March 2015, NTIA sought comment on identifying cybersecurity issues related to IoT and the rise of an interconnected economy. Separately, NTIA sought comment on potential roles for government in fostering IoT.

The upshot of those were that NTIA decided last August that its next multistakeholder process should focus on IoT cybersecurity, including patches and upgrades that, unaddressed, could leave systems and users vulnerable to attack.

NTIA has already overseen multistakeholder processes for voluntary drone privacy, mobile app privacy and facial recognition privacy as part of Obama Administration's efforts to enforce its Privacy Bill of Rights via voluntary best practices.