This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
The “Internet of Things” (IoT) promises many benefits to improve efficiency and quality of life for consumers and society as a whole. As IoT devices develop and proliferate, new vulnerabilities open up to bad actors, and the wide range of devices present heightened risk that some will interfere with others, risking potentially catastrophic failures. The Silicon Flatirons Center for Law, Technology, and Entrepreneurship held a roundtable in Washington, D.C. on June 22, 2016 to discuss the promise of IoT technology and what role, if any, the government can play in the oversight of security and spectrum interference concerns. This report captures the insights from that discussion and supplements them with relevant research.
For those developing IoT technology, addressing security concerns is a core challenge. For innovators and regulators, security is also a timing challenge, as they must determine how secure these devices must be before going to market. Where a product is already in the market, another challenge is to address security vulnerabilities to prevent or limit harm once a vulnerability is discovered.
Many IoT devices use wireless spectrum to send and receive data, so manufacturers also need to ensure that their devices operate reliably, even when potential jammers and spoofers seek to do harm. Moreover, because the spectrum used is frequently unlicensed, it is important to ask whether and how mission-critical IoT should operate without interference protection. In short, a key part of the challenge comes down to ensuring that manufacturers understand the risks of interference and share this information with end users so that they can prevent, mitigate, or manage potential harms.
As IoT devices become more popular, policymakers are considering the role, if any, the federal government should play in this area. Because IoT technology is at a nascent stage, federal agencies need to be working closely with industry to ensure that regulations are flexible and do not limit innovation, thereby preventing deployment of these technologies. Two basic questions for policymakers emerge: how can they help consumers understand the relevant risks and encourage information sharing to identify and resolve issues as they arise.