U.S. Industry Recommends Market Solutions for Privacy, Cybersecurity, and Law Enforcement Access Challenges for the Internet of Things
The Internet of Things raises new concerns about privacy, security and law enforcement access. Rather than develop new rules for new devices, industry experts convened during the 2014 Winnik International Telecoms & Internet Forum recommended allowing the market to try solve these challenges before the government steps in.
In May 2014, the President’s Council of Advisors on Science and Technology (“PCAST”) released a report on big data as an accompaniment to the big data review being conducted by the White House. As moderator Mark Brennan of Hogan Lovells noted, the report offers a practical framing of privacy issues in light of current technologies and provides insight into the future trajectory of privacy and big data issues. Jules Polonetsky, Executive Director and Co-Chair at the Future of Privacy Forum, called the report “remarkably sane,” stating that it considered in earnest both the potential benefits and the potential harms of big data. Michael Brown, Vice President of Security Product Management and Research at Blackberry, indicated that one of the key takeaways from the report is that rigid application of the Fair Information Practice Principles (“FIPPs,” the legacy guidelines that underscore certain data collection and use policy frameworks) could stifle many of the benefits that big data has to offer.
On the cybersecurity front, Danielle Kriz, Director of Global Cybersecurity Policy at the Information Technology Industry Council, said that her organization was very pleased when the U.S. Executive Order on Improving Critical Infrastructure Cybersecurity (“EO 13636”) was released in February 2013. She explained that the right approach to cybersecurity needs to be based on risk management, leverage partnerships, and be globally feasible and flexible, and she noted that EO 13636 meets each of those criteria. Polonetsky added that, even though legislation in this area may not be likely, those who support self-regulation should do more of it. He also explained that companies have incentives to voluntarily subject themselves to oversight or enforcement to show that legislation is not necessary, or to set the right path forward for others in an industry.
The panelists also indicated that technology solutions can play a role in addressing data and cybersecurity challenges For example, Rob Mahini, Policy Counsel at Google, explained that Google has just announced that it is supporting Security Key, a physical USB device that enables easier two-factor authorization. Security Key incorporates open protocols from the Fast IDentity Online (“FIDO”) Alliance, an industry consortium launched in 2013 to address online authentication issues. The hope is that new technologies like Security Key can spur more users to take advantage of two-factor authorization and other processes that promote cybersecurity.
Additionally, Moderator Chris Wolf from Hogan Lovells asked the panelists how the Snowden allegations have affected privacy and cybersecurity issues. Kriz indicated that Snowden’s allegations have harmed the sales of U.S. companies overseas. Those companies’ sales are based on trust, she explained, and that trust has been eroded by Snowden’s allegations and by other recent news stories. Brown added that it has been fascinating to see the level of scrutiny being demonstrated by customers—not only in Europe, but also all over the world. The level at which consumers are informed has greatly increased, he said, which is improving cybersecurity across the board.
In the end, the panelists praised recent actions by the Executive Branch and found them to be steps in the right direction. However, they also suggested that, for the foreseeable future, the market’s role in the areas of privacy and cybersecurity may be as large if not larger than the government’s.