the internet of things and consumer protection daniel kaufman deputy director bureau of consumer...
TRANSCRIPT
![Page 1: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/1.jpg)
The Internet of Things andConsumer Protection
Daniel KaufmanDeputy Director
Bureau of Consumer Protection
Views expressed are those of the speaker and not necessarily those of the Commission or any Commissioner.
![Page 2: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/2.jpg)
FTC Background
Independent law enforcement agency
Consumer protection and competition mandate
Section 5 of FTC Act prohibits “unfair or deceptive acts of practices”
Policy work includes public workshops, Congressional testimony, consumer education, and business guidance
Privacy is a consumer protection priority
![Page 3: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/3.jpg)
Enforcement Actions
![Page 4: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/4.jpg)
Common Remedies
Prohibition against misrepresentations
Comprehensive data security or privacy program, appropriate to company’s size, activities, information collected
Third party assessments of programs
Other case-specific requirements – e.g., disclosures, software updates
Civil penalties for violations
![Page 5: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/5.jpg)
Internet of Things
Devices or sensors sold or used by consumers that connect, store, or transmit information with or between each other.
Offer many benefits but raise privacy and security concerns.
![Page 6: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/6.jpg)
Internet of Things
FTC held a workshop to discuss risks and benefits of IoT.
Participants included technologists, academics, consumer advocates and industry representatives.
Resulting Staff Report issued in January 2015.
![Page 7: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/7.jpg)
Internet of Things Staff Report
Ongoing initiatives• Law enforcement• Consumer and business
education• Participation in multi-
stakeholder groups• Advocacy
![Page 8: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/8.jpg)
Internet of Things Staff Report
Four areas of recommendations:• Security• Data minimization• Notice and Choice• Legislation.
![Page 9: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/9.jpg)
Internet of Things Staff Report
Security• Security by design• Training and oversight• Multi-layered defense• Monitor through
expected product life cycle
![Page 10: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/10.jpg)
Internet of Things Staff Report
Data Minimization• Limit collection• Retain for limited time
![Page 11: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/11.jpg)
Internet of Things Staff Report
Notice and choice• No “one-size-fits-all”• Innovative approaches
identified• Response to criticisms
![Page 12: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/12.jpg)
Internet of Things Staff Report
Legislation• Specific IoT legislation
premature• Reiterates Commission
call for flexible data security and breach notification legislation
![Page 13: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/13.jpg)
CarefulConnections: Building the Internet of Things
Practical advice for businesses, including: • Taking advantage of what
experts have learned;• Proper authentication;• Designing reasonable
security measures;• Pre-launch testing• Default settings; and• Communications with
customers.
![Page 14: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/14.jpg)
TRENDnet: overview
FTC’s first IoT case• Security vulnerabilities
in IP cameras and mobile apps
• Attacker accessed hundreds of camera feeds
![Page 15: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/15.jpg)
TRENDnet: design & testing No software security
review and testing at key points
Failed to implement reasonable guidance or training for responsible employees
![Page 16: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/16.jpg)
Deception and Unfairness Company falsely represented
that it had taken reasonable steps to ensure that (1) its cameras and apps could securely monitor private areas of a consumer’s home or workplace and (2) that a user’s security settings will be honored
Company failed to provide reasonable security to prevent unauthorized access to live IP camera feeds
![Page 17: The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and](https://reader034.vdocuments.site/reader034/viewer/2022051417/5697bf771a28abf838c81398/html5/thumbnails/17.jpg)
TRENDnet: order requirements
Required to provide notice to consumers, with technical support to update or uninstall cameras
Prohibited from misrepresenting security
Required to establish comprehensive security program, with third-party compliance assessments