In May 2017, Senator Mark Warner of Virginia sent a letter to the Federal Trade Commission (FTC) raising concerns about the security of data collected, transmitted, and/or stored by internet-connected products geared toward children. FTC acting Chairman Maureen Ohlhausen sent a response letter discussing Senator Warner’s concerns and the FTC’s enforcement of the Children’s Online Privacy Protection Act (COPPA), and the FTC released updated guidance on COPPA compliance in late June 2017.
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
The Federal Trade Commission (FTC) submitted public comments to the US Department of Commerce’s National Telecommunications and Information Administration (NTIA) in connection with the NTIA’s draft guidance on improving the security of Internet of Things (IoT) devices. The FTC’s comments focus on ensuring that manufacturers better inform consumers about security updates.
The European Union Agency for Network and Information Security (ENISA), along with three semiconductor companies, recently released a position paper proposing a position for the European Commission (EC) on security and privacy standards as they relate to Internet of Things (IoT) devices. ENISA is an agency established by the European Union to assist the EC, its member states, and businesses in addressing, responding to, and preventing cybersecurity issues. The paper points out that as IoT devices expand into all aspects of everyday life, including critical infrastructure and health systems, cyberattacks are becoming more threatening and more risky. The paper includes four key recommendations.
The Internet of Things (IoT) promises a societal transformation based on a virtuous circle of constantly improving connectivity, integration, data, intelligence, and automation. One important element of this transformation is the workplace. As early IoT adopters are discovering, though, workplace implementation is often a slog rather than a splash.
Get By with a Little Help from Your End-to-Ends
According to a report from HCL Technologies, in partnership with Vanson Bourne, many companies are “not taking the right path to overcome” the security, scalability, interoperability, and other difficult IoT challenges they face. The report reiterates the value of the approach we highlighted in a recent post—engage experienced external providers to help formulate and execute end-to-end IoT solutions. Companies can distinguish themselves by working with outside experts to choose and customize a secure and scalable platform, unlock asset value, manage support and maintenance, connect silos, curb IoT-related costs, and turn data into actionable insight.
A seismic shift is afoot in the intelligence, complexity, and interconnectedness of everyday products, and the flimsy foundation of customer assent to standard terms will continue to crack, if not collapse. We recently noted some relatively straightforward adjustments that manufacturers can make to their standard terms to address issues related to e-commerce portals. The Internet of Things (IoT), however, could render the old contracting process (not just old products) obsolete. We highlight some challenging IoT contractual considerations below. A more comprehensive and academic treatment of the topic can be found here.
The results of a recent study by Gartner, Inc. project worldwide growth of 18% in the public cloud services market during 2017. Gartner also expects the growing public cloud services market—projected to reach $246.8 billion in 2017 (a more than $35 billion increase over 2016)—to stabilize soon thereafter, with growth slowing post-2017.
According to the study, infrastructure as a service (IaaS), which includes computing, networking, and storage services provided to the public through vendor-managed data centers, is projected for the highest growth—36.8%—as this technology gains widespread acceptance. Artificial intelligence, analytics, the Internet of Things, and the growth of platform as a service (PaaS) are each expected to contribute to this industry-leading growth of IaaS.
The Pennsylvania Bar Institute’s (PBI’s) annual Internet Law Update seminar will be held on March 28, 2017. This year’s seminar was planned by Morgan Lewis partner Peter Watt-Morse, and Morgan Lewis associates Eric Pennesi and Ben Klaber will join Peter on the faculty.
2017 marks the seminar’s 20th anniversary of providing practical information on the internet’s impact on legal and business issues. This year’s seminar will include a segment on the history of the internet and discussions on where the internet is headed, such as the Internet of Things (IoT) and block chain technology.
Other topics will include the following:
- Privacy, security, and cloud computing
- Copyrights, trademarks, patents, and e-contracting
- Social media and the First Amendment
The live seminar will take place from 9:00 am to 4:15 pm at the PBI Professional Development Conference Center, located at Heinz 57 Center, 339 Sixth Avenue, 7th Floor, Pittsburgh, PA 15222.
More information, including details on CLE credit, is available at the PBI website. We hope to see you at the seminar.
A recent action by the Federal Trade Commission (FTC) against an internet of things (IoT) device manufacturer in the Northern District of California is a significant development in the IoT space and data security law. The action will ultimately test the FTC’s regulatory power over IoT device manufacturers because the complaint is based on alleged security vulnerabilities rather than actual harm to consumers.
The complaint was filed against D-Link and its US subsidiary. The IoT devices at issue are D-Link’s consumer routers, Internet Protocol (IP) cameras, and related software that allow consumers to monitor their homes remotely, including through the use of a mobile app.
Morgan Lewis partner Ed Hansen will present at the Orlando Robotic Process Automation (RPA) Congress in Orlando, Florida on January 24 and 25. The RPA Congress will dive into RPA's transformational impact as a digital tool for back-office processing. Ed will speak on RPA-related topics in front of numerous business service and operational leaders—including global heads; VPs; directors of shared services, human resources, and finance operations; and other leaders in this area.
In a recent post, we noted that the US federal government has become increasingly concerned about the security of Internet of Things (IoT) devices. On November 15, the US Department of Homeland Security (DHS) issued guidance to help stakeholders account for security in the development, manufacturing, implementation, and use of IoT devices.
The set of nonbinding principles and suggested best practices for IoT device security includes the following:
- Provide manufacturer-supplied usernames and passwords that are unique and difficult for botnets to crack (in recognition of the fact that many consumers never reset default usernames and passwords initially provided with their devices).
- Coordinate software updates among third-party vendors to ensure consumer devices have the most updated set of protections.
- Implement an end-of-life strategy and communicate to consumers the risks of using devices beyond their usability dates.
- Apply basic software security and cybersecurity practices while also referring to industry-specific security guidance, if available.
- Perform “red-teaming” exercises—during which developers actively try to bypass the security measures of an IoT device—and use the results to prioritize what and where additional security measures are needed.
- Advise consumers about the intended purpose of any network connections—especially since the critical functions of many IoT devices do not require a connection to the internet.