R Street Institute comments to the National Telecommunications and Information Administration regarding the “internet-of-things”
We thank NTIA for the opportunity for further comment on this important emerging technology. The Department’s green paper sets the appropriate tone by framing NTIA’s role as one of support and encouragement of emerging technology. While we will comment broadly on the role of the Department of Commerce [“Department”] in advancing a light-touch regulatory approach to the internet-of-things, our comments focus on our areas of expertise, including cybersecurity and user privacy. With this focus in mind, the below sections define the unique challenges and benefits the internet-of-things poses, outline the role for government (question 1), comment on areas of engagement (question 2) and detail how the Department should engage to advance the development of the internet-of-things (questions 3-4).
- Benefits and Challenges in Internet-of-Things Development
As NTIA’s green paper points out, the internet-of-things is challenging to define. Broadly, the “internet-of-things” is an array of connected objects with unique identifiers that have the ability to transfer data over a network. These technologies have exciting applications in the fields of infrastructure, agriculture, energy, transportation, manufacturing, health and communications and more. According to McKinsey & Company, global internet-of-things adoption could generate between $3.9 and $11.1 trillion per year by 2025, equivalent to up to 11 percent of the global economy. Internet-of-things devices can streamline routines and chores. They can leverage sensors and data to smooth traffic flows or signal when infrastructure need repairing. The combined scale, scope and interconnectivity can lead to economic growth and increases in productivity and prosperity. Yet, these features also present unique challenges.
Because of network effects, one device’s vulnerability can become a problem for the entire network. Malware can infect vulnerable internet-of-things devices, form a botnet and organize distributed denial of service (DDoS) attacks to bombard websites or service providers with traffic. Such attacks can result in costly internet outages. The average DDoS attack can cost $500,000 for a firm. Furthermore, the internet-of-things can be an avenue for physical attacks, cyber espionage, eavesdropping, data exfiltration or other attacks on our private data. The consequences of device vulnerabilities are magnified by interconnectivity. Combating issues related to cybersecurity and privacy will require efforts from industry, policymakers, consumers and third parties. The Department can play a role in improving security outcomes by supporting market solutions and adopting a light-touch regulatory approach.
For full comments, see the PDF attached above.