Skip to Content

Press Releases

Nadler Pushes For Security and Privacy Protections at Hearing on the Internet of Things

Washington, DC, July 29, 2015

 Today, Congressman Jerrold Nadler (NY-10), Ranking Member of the Subcommittee on Courts, Intellectual Property and the Internet, delivered the following statement at a hearing on the network of physical objects connected to the Internet known as "The Internet of Things":

“Mr. Chairman, the Internet of Things is the next revolution in our increasingly wired world.  Everything from household appliances to transportation systems can harness the power of the Internet to increase productivity, efficiency, and consumer choice.  This technology holds great promise for consumers, businesses, and governments alike.  But, we must also consider the potential threats to security and privacy that are inherent in any system relying on wireless connection and massive data collection as its lifeblood.  Today’s hearing is an opportunity to examine both the benefits and the risks that the Internet of Things presents.

“The Internet of Things has experienced explosive growth in recent years.  By some estimates, there are 25 billion connected devices today, and by 2020, there may be as many as 50 billion.  We are already seeing many innovative uses of the Internet of Things, across various industries, as well as the potential risks this technology may hold.

“For example, according to one study, by 2020, up to 90% of consumer cars may have an Internet connection, up from less than 10% in 2013.  With this technology, drivers can monitor whether their car needs maintenance, the safety of their driving, and even the fuel efficiency of various routes.  But, these features also leave their cars vulnerable to a cyber-attack.  As the New York Times described last week, researchers were able to track Internet-enabled cars’ location, determine their speed, turn on and off their blinkers, lights, windshield wipers, and radios, interfere with navigation devices, and, in some cases, control their brakes and steering.  As more and more vehicles use Internet technology, it is vital that automakers install strict security features to ward off potential attacks.

“Similarly, so-called ‘Smart Cities’ are incorporating the Internet of Things into their transportation, energy, and even waste management systems to increase efficiency.  For example, traffic lights can be timed to maximize traffic flow and ease congestion in real time, street lamps can conserve energy by dimming when sensors tell them that no one is around, and garbage cans can signal when trash ought to be collected.  Such technology has the potential to revolutionize municipal infrastructure.  But, unless cities integrate strong security measures when deploying this technology, their infrastructure could be vulnerable to attack by hackers looking to do mischief, or terrorists seeking to bring a whole city to a standstill.

“In addition to security concerns, the Internet of Things also raises a host of privacy implications, particularly with respect to consumer devices.  There is no doubt that Internet-enabled technology can improve a consumer’s experience in ways large and small.  To maximize energy efficiency, your Nest thermostat can be controlled remotely, and even adjusts temperatures on its own once it learns your patterns.  Amazon has introduced the Dash button, which will allow customers to press a button and automatically reorder certain household supplies.

“But, what do these companies do with the massive amounts of data they collect about their customers?  What sort of notice do they provide to consumers about their privacy policies and what choice do consumers have about how their information is used?  And, how will companies protect this sensitive information from being compromised in a cyber-attack?  These are all questions that must be considered as this technology continues to expand its reach.

“For example, millions of Americans wear devices that track their physical activity and other health indicators.  At least one insurance company is offering its customers a discount if they wear such a device and demonstrate a healthy lifestyle.  But, beyond encouraging healthier behavior by their customers, it is not clear how else insurance companies may seek to use this personal information in the future.  Will it be sold for marketing purposes?  Will it be used in a discriminatory manner to determine a user’s suitability for credit or employment?

“In its examination of these important questions, the Federal Trade Commission made a number of important recommendations that we should consider.  It suggested that companies build security into their devices at the outset, rather than as an afterthought.  It also recommended that they monitor connected devices throughout their expected life cycle to provide security patches where possible to cover known risks.  In addition, the FTC urged companies to protect consumers’ privacy by engaging in data minimization, as well as providing notice and choices to consumers as to how their data may be used.

“Although the FTC did not make any specific legislative recommendations, we should consider whether congressional action is appropriate at this time to address security and privacy concerns.  If so, should we seek solutions to these concerns that are specific to the Internet of Things or should they be addressed through broader legislation on these topics?

“The Internet of Things has already led to important technological breakthroughs, and as it expands its reach, it has the potential to spur tremendous innovation.  Our challenge is to find the proper balance between promoting this innovation and ensuring that our security and our privacy are protected as this valuable technology continues to grow.  I look forward to hearing from our witnesses about how to address this challenge, and I yield back the balance of my time.”

###
Back to top