News & Resources

Publications & Media

“FTC offers ways to navigate privacy and Internet of Things”

Safe and Sound By Jessica L. Franken

“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

The line comes straight out of Samsung’s privacy policy, and when the Daily Beastpublished it in its article titled, “Your Samsung TV is Spying on You, Basically” in early February, a media firestorm ensued.

Samsung responded immediately, defending itself in a blog post and promising to change its privacy policy. But the truth is, Samsung TVs aren’t the only devices with the potential to spy on us.

The Internet of Things includes all physical objects embedded with electronics, software, sensors and connectivity to enable them to exchange data with manufacturers, operators or other connected devices, and are intended to offer more value and services to consumers. As the Internet of Things continues to grow and take up a larger footprint in our homes via fitness monitors, home security devices, connected cars and household appliances (to name only a few), consumers and companies alike need to be aware of the privacy concerns these devices may pose.

The Federal Trade Commission (FTC) seems to be ahead of the game. In late January, before the Samsung Smart TV news broke, the commission released a report on the Internet of Things that recognized the growth and benefits of these connected devices, but also underscored the risks that could undermine consumer confidence. In its report, the FTC offers companies guidance on how to navigate this rapidly growing area of technology.

The FTC held an Internet of Things workshop in late November 2013, which was attended by leading technologists and academics, industry representatives, and consumer advocates. The resulting FTC report details a number of best practices for companies developing smart devices to implement to safeguard their customers’ private information.

They include:

  • Build security into devices at the outset of the design process, rather than as an afterthought;
  • Train employees about the importance of security, and manage security appropriately throughout the organization;
  • When hiring outside service providers, ensure that they are capable of maintaining reasonable security and provide reasonable oversight of the providers;
  • When the company identifies a security risk, consider a “defense-in-depth” strategy, in which multiple layers of security are used to defend against a particular risk;
  • Consider measures to keep unauthorized users from accessing a consumer’s device, data or personal information stored on the network; and
  • Monitor connected devices throughout their expected life cycle, and where feasible, provide security patches to cover known risks.

“The only way for the Internet of Things to reach its full potential for innovation is with the trust of American consumers,” FTC Chairwoman Edith Ramirez said in a recent statement. “We believe that by adopting the best practices we’ve laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized.”