WASHINGTON — The Trump administration has signaled protecting the security of the Internet of Things is a high priority, but regulation isn’t the route to meet that priority.
That’s the message from David Redl, the head of the National Telecommunications & Information Administration, who is President Donald Trump’s chief telecommunications adviser.
Cable internet-service providers looking to share connected-car spectrum so they can expand their WiFi hotspots have long argued against overprotecting that spectrum band, so Redl’s signal of a light touch is right in their wheelhouse.
The IoT is high on the radar because it will proliferate with the rollout of next-generation 5G wireless broadband, another of the administration’s priorities.
In March 2015, the NTIA sought comment on identifying cybersecurity issues related to IoT and the rise of an interconnected economy. Separately, it sought comment on potential roles for government in fostering IoT. Last year, it employed a multistakeholder working group to draft guidelines for upgrading and improving security for IoT devices, which range from smart TVs, lightbulbs and refrigerators to fitness trackers, wine cellars and self-driving cars.
But the administration is now looking to head off a potential regulatory push in the face of likely “bugs” in the move to connected cars, homes and businesses.
“Right now, a bug can cause a computer to crash,” Redl said at the 6th Annual Internet of Things Global Summit. “But what about when it causes a car to crash? It’s likely that we’re going to hear calls for government to step in and impose significant regulations.”
That’s almost a sure thing, given the pushback on the current internet of fake news, Russian election meddling and hidden algorithms that have legislators on both sides of the aisle calling for new laws or regulation.
Hacking phones and computers is bad enough, but power grids and traffic flows have potentially life-threatening consequences. Even so, Redl said, a regulatory rush hour isn’t justified.
“By applying stakeholder-driven policymaking processes as an alternative, we can achieve actionable controls and practices across the ecosystem and at the operational level that account for both the complexity of today’s digital ecosystem, as well as the speed at which bad actors attack and evolve.”
But Redl suggested he needed more buy-in on that strategy. He said owner-operator boots on the ground are the best safeguard, but that the administration needed more volunteers, though he did not say just who was reluctant to step up.
The multistakeholder model meant to produce self-regulatory safeguards isn’t Republican or Democratic. That was the approach used by the Obama administration to come up with proposed regimes for various privacy and security flashpoints.
That is just fine with NetCompetition, the broadband advocacy group backed by ISPs.
“By definition a ‘thing’ is not defined,” Netcompetition chairman Scott Cleland said. “The NTIA is wise in recognizing it should be inventors, entrepreneurs, investors, consumer-demand, markets and experience that should define what the Internet of Things will and will not become, not the U.S. government.”
But privacy advocacy groups have argued those multistakeholder processes are too business-friendly, and no one more than Jeff Chester, executive director of the Center for Digital Democracy. “By relying on such a process, Mr. Redl is handing over the personal data of Americans to Silicon Valley on a silver platter,” he said.
So, what is the answer? “What’s needed to protect U.S. consumers is a strong federal privacy law regulating IoT business practices,” Chester said.
Fast action from Congress these days is already a long shot, but given the administration’s approach to the IoT, the odds on legislation or new regulation are both lengthening.