Congress probes Internet of Things privacy, security

With billions of new sensor-enabled devices coming online each year, lawmakers and regulators have been considering a host of security and privacy questions arising from the so-called Internet of Things (IoT).

But at a House hearing this week, leading industry representatives urged restraint, cautioning members of Congress against imposing heavy-handed mandates that could stifle innovation in the fast-growing IoT space.

[ Related: CIOs put the Internet of Things in perspective ]

"The industry is spending billions to invest and innovate around privacy and security, in part because it's the right thing to do, but also because consumers are demanding it," Dean Garfield, president and CEO of the Information Technology Industry Council, told members of the House Judiciary Committee.

"There is much action happening in this space," Garfield says. "It is in our business interest to be aligned both with you and with consumer interest on these issues."

Lawmakers on both sides of the aisle acknowledged that the explosion of smart, networked devices linked up via the Internet has generally been a good-news story, allowing for smarter energy consumption, remote home monitoring and expanded access to healthcare, among many other applications.

[ Related: The Internet of Things is a necessary choice for the enterprise ]

Still, concerns linger about protecting users' personal information and keeping IoT devices safe, particularly after the recent hacking demonstration through which security experts were able to seize control of a Jeep from its driver, prompting a major recall from Chrysler.

The goal and challenge of IoT -- promote innovation and protect privacy

"Our challenge is to find the proper balance between promoting this innovation and ensuring that our security and our privacy are protected as this valuable technology continues to grow," says Jerrold Nadler (D-N.Y.).

Mitch Bainwol, the president and CEO of the Alliance of Automobile Manufacturers, a group representing U.S. and foreign automakers, responded to the hacking demonstration detailed in Wired magazine with an appeal for circumspection, urging lawmakers not to overreact to the potential security threat.

"The Jeep hack of a week or two ago obviously received enormous national attention," Bainwol says. "I'm struck here about the need to both take the threat very seriously -- and we do -- but also not to get caught up in the sensationalism that sometimes accompanies a story like this."

On the privacy side, Gary Shapiro, the head of the Consumer Electronics Association, offered lawmakers a blunt reminder of the value proposition that arises when companies can tap into users' personal information to hone their marketing efforts. That balancing act between privacy and free content, services and applications has been a bedrock feature of the online economy, and is not fundamentally different when it comes to IoT, Shapiro argues.

"Everyone wants privacy," he says. "There's a tradeoff that goes on. If you put too much of a line around privacy, you're trading off opportunities for new services that consumers will desire. I think what companies have an obligation to provide is transparency in what they're offering, and then consumers can be able to make a reasoned decision about what they're willing to give up in return for sharing some of their privacy."

To be sure, no one among the witnesses was appealing for lawmakers and regulators to turn a blind eye to the burgeoning IoT market.

But their calls for action tended to run along the lines of what the government could do to spur on IoT growth, including policies to free up more wireless spectrum to boost the capacity of the mobile networks that are carrying much of the traffic, and "take some of the pressure off a very crowded field," as Shapiro puts it.

"The Internet of Things, you should know, exists because of smartphones," he says.

Shaprio observed that the Federal Trade Commission has been evaluating the IoT sector for potential privacy and security issues, among other concerns, but instead of pushing for prescriptive rules, has been content to leave enforcement to a case-by-case basis.

Shapiro also put in a plug for a scaling back federal surveillance programs, noting that many of the same vendors looking to promote IoT technologies have been tarred in foreign markets by the perception that data stored in U.S. facilities is subject to unfettered government snooping.

"On the government side, we've been burned pretty seriously as an industry to the tune of billions of dollars of sales in Europe," Shapiro says. "Other countries are using the fact that our government took information. It's a total competitive disadvantage now to say that cloud service and things like that should not be based in the United States -- you know, they're not secure, the government can take the information. It's been very harmful to the U.S. technology industry and it's been used against us."