Internet of Things: Would New Regulations Help or Hurt?Attorney Discusses Privacy and Security Concerns
Establishing new laws and regulations to address privacy and cybersecurity concerns related to the Internet of Things would likely be ineffective, says attorney Steven Teppler, who co-chairs an American Bar Association committee addressing IoT issues.
"This is a very, very hotly contested issue," Teppler says in an interview with Information Security Media Group.
At a recent ABA-sponsored meeting about the Internet of Things, Teppler notes, "it was clear from the regulatory agencies who presented that putting out [new] regulations or laws would typically wind up being so outdated by the time they become effective that ... they would possibly operate against stakeholders' interests."
As a result, the best path forward, he says, is likely industry self-regulation "tempered by lawsuits which will help develop the legal framework by which these devices should be developed and managed during their lifespan."
The most concerning Internet of Things devices are those that "if misused or are defective in the mechanical world can cause either property damage or personal injury," Teppler says.
For example, if a stove that can be operated remotely by a smartphone had defects and vulnerabilities in its software, a command to cook something for one hour could result in an instruction to cook something for 20 hours, he says. And automobiles, he notes, contain "sensors, chipsets and operating code ... that introduce new vectors for damage and personal injury." (See An In-Depth Analysis: How Automobiles Can be Hacked).
In the healthcare arena, certain devices used to share data with providers, insurers or device manufacturers could pose privacy risks if security measures are lacking, he adds.
In the interview (see audio player below photo), Teppler also discusses:
- Potential risks posed to the privacy and security of personally identifiable information by Internet of Things devices;
- How to address the security of internet-connected medical devices and other health-related gear;
- Privacy concerns related to internet-connected toys.
As a partner at the Abbott Law Group, P.A. in Jacksonville, Fla., Teppler leads the firm's electronic discovery and technology-related litigation practice. He is also an adjunct professor at Nova Southeastern University Law School. Teppler is the co-chair of the Internet of Things Committee of the American Bar Association's Science and Technology Section and past co-chair of the eDiscovery and Digital Evidence Committee of the American Bar Association.