On 27 January, Ofcom (The Office of Communications, UK’s communications regulator) released their statement on the Internet of Things. The statement is understandably much discussed in this week’s press but it fails to overshadow an equally important event for the topic: on the same day, the FTC (the Federal Trade Commission, US’s trade regulator) published their report on the issue. Given that the Internet of Things is expected to greatly impact industry and population life-style at a global level, the two documents merit a much closer reading and comparison than I can accomplish here.
Ofcom’s statement reads very much as an expression of intention. It sets to convince that IoT is potentially a great source of economic and social benefit and much action and research is needed in the near future in four major aspects: connectivity spectrum, network security & resilience, network addressing and data privacy. The document has an overwhelmingly positive tone, displaying great trust in the technology’s prospects, in the UK’s role in its development and exploitation and in the supposedly already strong foundation of infrastructure and regulation that will allow us to successfully mitigate its considerable risks. This positive attitude is reflected in the majority of the UK press reports so far.
The US regulator’s report is not nearly as optimistic. If the Ofcom report gives ample space to the discussion of IoT’s technical requirements, the FTC focusses on the risks it poses to security and privacy. The FTC recognizes the great technical, economic and social potential of IoT but questions whether the existing global infrastructure, pool of technical expertise and legal solutions are up to the challenge. In terms of security, it realistically considers how IoT already represents a challenge for organisational ICT systems and can turn into a significant risk when faced with insufficient infrastructure and lack of timely/competent technical support. In terms of privacy, it recognises that the quantity and complexity of the IoT generated data represents a huge liability and explores several options which might help mitigate it: privacy-by-design, data minimization and notice-and-choice versus data de-identification. Unlike its British counterpart, the Commission’s report is not merely a statement of intention: it also formulates official policy recommendations that form the first step towards regulation of IoT in the US.
At the time of writing this entry, no official critique of the Ofcom statement came to my attention. However, attention has already been officially called to the oversights of the FTC report by one of the commissioners in charge of preparing it. Commissioner Joshua D. Wright’s dissenting statement identifies several weaknesses: insufficient research base for formulating policy recommendations, lack of sufficiently defined vocabulary on essential issues, lack of meaningful analytical content and supporting cost-benefit analysis.
Although Internet of Things aspects have been implemented for years, its accelerated development poses technical, policy and social challenges which require urgent attention. It is our hope that the insights CaSMa is bringing into personal data ethics will contribute to the discussion on IoT privacy issues.