You and your smartphone, smart energy meter or smart TV are at ground zero in the battle between cool and creepy.
Smart meters may let people better monitor their energy use, but researchers in Germany described how they were able to capture enough unencrypted data from smart meters to determine what TV shows people were watching.
Closer to home, security experts told the Federal Trade Commission they can hack into smart insulin pumps to change patients’ dosage and remotely access smart car braking systems.
In a new report released Tuesday, the FTC spelled out the risks smart devices pose to users and renewed its call for Congress to enact stronger laws to protect consumers and the devices they use.
The commission also urged the industry to adhere to best practices to secure smart devices and the data they collect.
The FTC noted that although smart devices can provide benefits to consumers, they also collect an extraordinary amount of sensitive data about people and their habits. In a previous report on data brokers, the FTC noted that this kind of data can be compiled from multiple sources and used to create detailed dossiers about people without their knowledge and consent.
Rather than targeting legislation to the Internet of Things — smart devices and sensors that connect people to the Internet — the commission called for Congress to create “strong, flexible, and technology-neutral federal legislation” that would scoop up a wide range of industries that collect or analyze data about consumers.
President Obama called earlier this month for Congress to work with him on legislation that will give consumers more control over how – or whether – data collected about them is used. The commission’s report, the result of its exploration of the impact the Internet of Things could have on consumers, is likely to help guide Congress as it picks up a number of privacy and data breach proposals.
The commission also released best practices it recommends that industries voluntarily adopt. Those include quicker notice to consumers about breaches, building security into devices at the design stage and electing to capture and store less data about consumers.
The FTC worried in this and past reports that companies may collect personal information that customers don’t expect and use it in ways they never agreed to. For example, the commission said, an insurer or lender might use health data to decide whether to do business with a consumer.
The FTC notes there are 25 billion connected devices in use worldwide – a number that’s expected to double in the next five years.