The House Energy & Commerce Committee's Digital Subcommittee held a hearing Tuesday (May 22) on a bipartisan bill, the State of Modern Application, Research and Trends (SMART) IoT Act, which charges the Commerce Department with studying IoT from various angles with an eye toward what the government needs to do to promote adoption while protecting the security of the nation's networks.
On hand to talk about the kind of information the government needs were Tim Day, VP of the U.S. Chamber of Commerce; Dipti Vachani, VP of the IoT Group at Intel; and Michelle Richardson, deputy director at the Center for Democracy and Technology.
One of the takeaways was that the Chamber of Commerce is working on privacy and data protection principles that it will be releasing sooner than later and will work with Congress on.
Rep. Debbie Dingell (D-Mich.) said the Facebook hearings showed the government needs to pay more attention to privacy and security. Vachani said security and privacy are an imperative for Intel and a fundamental premise for how to store data or integrate IoT solutions. Dingell said she had been hacked at least 15 times and that the data genie can't be put back in the bottle.
Dingell asked if Day supported clear rules for the road now. Day said yes, and suggested the Chamber of Commerce would work with them and will work with Congress on those privacy principles. "I firmly believe that consumers deserve to have their data respected," he said.
The hearing background memo pointed out that IoT has the potential to have an economic impact of up to $11.1 trillion dollars by 20205. By 2020, the committee said, annual revenues for IoT vendors of hardware and software, could exceed $470 billion by 2020. It also pointed out that IoT cuts across sectors and government agencies trying to figure out policy and regulation and/or industry self-regulation.
Rep. Greg Walden (R-Ore.), chairman of the parent House Energy & Commerce Committee said the bill was meant to "make sure stakeholders are aware of the playing field and are not creating conflicting or duplicative obligations or requirements." He called it a compendium of who is doing what in the IoT space, and in the process helping remove barriers to innovation.
Rep. Frank Pallone (D-N.J.), ranking member of the Energy & Commerce Committee said that while the report would only be a snapshot, it was a picture the government needs to see.
"Given the integration of IoT into all parts of our lives and the global economy, the report will provide a jumping off point for more work," Pallone said, suggesting that the additional work should include more focus on securing data.
"I would certainly like to see cybersecurity issues given more emphasis when we look at IoT," Pallone said.
"Throughout our review, cybersecurity was the issue that came up most often. Cybersecurity is imperative to keeping ourselves and our country safe from malicious actors."
Vachani put in a pitch for comprehensive privacy legislation so some IoT info collection did not fall through the cracks, but also for not overregulating a nascent market that is already coming up with industry standards for integrating IoT products. She said, instead, the government should leverage those standards.
Commerce will have a year to report back to Congress with facts and recommendations for the "growth of the United States economy through the secure advancement of internet-connected devices."
Vachani said Intel supports the bill, but had some suggested improvements. She said the subcommittee should include a definition of IoT that is nonproprietary and neutral; should seek recommendations on how the feds can avoid new regs that duplicate industry standards, and should promote investment in public-private partnerships.
Day said he agreed that the government should compile list of federal policies that affect IoT, as the bill would require. He said the space is changing by the day, and that while there needs to be a structure, it should not be too restrictive." He said business leaders want ability to invest, but not regulate them to the point that they can't be productive. Day said to look for more out of the Chamber of Commerce on privacy principles.
Vachani said that IoT "solutions" are multi-industry, with predictive maintenance going on at the same time as inventory management, so solutions could include Dell as well as Intel as well as others. She said Intel will have a proof of concept inside the building, but when it goes out into the market it has to work with other systems and older tech. She said that was where the struggle was in gaining scale for IoT solutions.
Given that multi-stakeholder regime, Vachani put in a plug for interoperability of network devices on spectrum being freed up for next-gen.
Rep. Bob Latta (R-Ohio), chairman of the subcommittee, said it was good to hear — from Vachani — that the U.S. was an leader in IoT.
Rep. Jan Schakowsky (D-Ill.) ranking member, was concerned about how much data was being collected and used, citing the issues with Facebook and Cambridge Analytica.
Vachani said she was also concerned about privacy and that there were some information collection gaps where some IoT information might fall, which is why there needed to be comprehensive privacy protections. Schakowsky said she would be glad to work on that, saying such legislation was absolutely necessary, and in a non-siloed way (applying to all actors). Vachani said legislation should not be IoT-specific.
Day was concerned about too much regulation, but Schakwosky suggested rules of the road were needed. Vachani agreed. She said a light touch was often needed, but things like cars and pacemakers and the consumer market likely needed a a heavier hand.
Richardson, of CDT, said that they supported tech-neutral cybersecurity controls from manufacturers and operators, like the capacity to update software. Other baselines should be passwords and other authenticators. Day signaled the bill was a good first step, but only a first step.
Rep. Tony Cardenas (D-Calif.) said public policy needs to be mindful of the fast-moving IoT and how it affects privacy, jobs, the economy, and how workers can be prepared for that IoT future. Vachani said she did not think IoT would replace people altogether, and that there would still be decisions that need to be made by humans.
Rep. Doris Matsui (D-Calif.) asked whether the bill could explore the use of blockchain to help secure IoT systems. Day said he thought the legislation already allowed blockchain to progress without more specifically exploring blockchain.
Vachani said that today it may be blockchain, but that tomorrow it might be something else, so it was better not to make the bill too tech-specific.
Day said having broadband in every home was key to IoT. Vachani said getting broadband to rural America was important, but that current cellular technology could already help, with remote monitoring of the elderly, for example. "There are things we can do today for rural America with the connectivity that we have and we don't have to limit ourselves to that deployment.
Asked by Rep. Peter Welch (D-Vt.) whether the Congress has a role in insuring data protection — Welch clearly believes it does — Day reiterated that consumers need data protected, but talked again about the privacy and security standards the Chamber of Commerce was working on. Richardson said legislation was a must. Vachani agreed with Welch that Congress could not be a "passive observer."