What's Government's Role in the Internet of Things?

You can hardly read an analyst’s report these days without coming across a reference to the Internet of Things (IoT) and what effect it’s going to have on the industry. In no time at all, we’re told, an army of sensors will monitor our every move and take all sorts of actions based on them.

People who aren’t thrilled with this prospect hope the government will implement wise public policy to protect people’s security and privacy. But lobbyists for large companies in the industry argue regulation that is too restrictive will limit IoT implementation.

While the Federal Trade Commission has emerged as the government’s de facto agency related to the IoT, particularly in the context of dubious business practices, it doesn’t really have a mandate to control them altogether, writes Darren Samuelsohn in Politico. Moreover, numerous other agencies also see the IoT as part of their purview, such as the NHTSA and the Federal Aviation Administration working on driverless cars and drones , without their work being coordinated, he adds.

“The government doesn’t have any single mechanism to address the Internet of Things or the challenges it’s presenting,” says Samuelsohn. “Instead, the new networked-object technologies are covered by at least two dozen separate federal agencies—from the Food and Drug Administration to the National Highway Traffic Safety Administration [NHTSA], from aviation to agriculture—and more than 30 different congressional committees. Congress has written no laws or any kind of overarching national strategy specifically for the Internet of Things.”

The problem is that the number of Internet-connected things ( Gartner predicts a quarter billion of them by 2020) isn’t waiting around for legislation to be passed. It’s growing rapidly, and as we’ve learned with other innovative technologies, it can be hard to put the genie back in the bottle and control things retroactively, Samuelsohn writes. On the other hand, too much cumbersome regulation on the front end can kill a nascent industry, as Amazon and agriculture organizations wrestling with drone limits are learning.

Companies are spending millions on lobbying in an effort to keep regulations from being too onerous. And because members of Congress aren’t necessarily technology experts, they’re largely succeeding , writes James Taylor in Politico. “At a time when much of Washington—and definitely much of Congress—still isn’t quite familiar with what the ‘Internet of Things’ is, the manufacturers and tech firms hoping to dominate the market have made a concerted push, hiring lobbyists and trying to get legislators to think more about encouragement than regulation,” he writes.

Security is one of the major issues. Who owns the data that the various IoT sensors collect? What sort of security measures are in place to prevent IoT sensors from being controlled by hackers? “If you think you’ve got a cybersecurity problem now, wait for the cold winter day when a hacker halfway around the world turns down the thermostat on 100,000 homes in Washington D.C.,” Marc Rotenberg, the head of the Electronic Privacy Information Center, told Politico.

And that could extend to other systems as well, warns the President’s National Security Telecommunications Advisory Committee in a November 2014 report . “Critical infrastructure IoT devices are increasingly automated and adaptive, collecting data from the systems they control and then acting on that data; failure of some of these systems would have profound national impact,” the report notes. “These impacts could be economic (e.g., lost productivity and damage to the national economy) or in the public safety realm (e.g., kinetic damage or in extreme cases potentially catastrophic failure of machinery or infrastructure).”

To make matters worse, the industry doesn’t have a great track record in that area, writes Patrick Oliver Graf inInformationWeek. “Unfortunately, the technology industry has a long history of ignoring security in the rush to open new markets, and we may see it happen again with IoT,” he writes.

“The underlying challenge is that there are no clear and agreed upon architectures for building such systems,” explains Sanjay Sarma, an engineer who pioneered work into what we now call the IoT. “Your light switch might have one level of encryption and your remote another. One may use Zigbee, another Bluetooth, and yet another WiFi. Bridges to connect across them will abound. Even if independent systems are secure, we will cobble together systems, and the chain will only be as strong as the weakest link.”

What the IoT needs, Sarma goes on to say, is something similar to what the Internet itself had from early on: an organization, like the Advanced Research Projects Agency, that helps agree on protocols, like TCP/IP, that all IoT products use to make it easier for them to share information securely. Industry trade organizations such as the Telecommunications Industry Association agree. “IoT policy discussions should begin with a common horizontal framework whenever possible, followed by tailoring for specific vertical applications only as necessary,” it recommends in a recent report .

Ultimately, the issue is that the IoT transcends the silos in which government usually works, Samuelsohn writes. “All the agencies, departments and commissions that make up the federal executive branch maintain separate fiefdoms for everything from agriculture, to defense, to transportation and energy,” he writes. “The IOT is precisely the opposite. It is a freewheeling system of integrated objects and networks, growing horizontally, destroying barriers so that people and systems that never previously communicated now can. Already, apps on a smartphone can log health information, control your energy use and communicate with your car—a set of functions that crosses jurisdictions of at least four different government agencies.”

Meanwhile, the IoT is waiting.