Broad Reach of COPPA Extends to IoT

This month, the Federal Trade Commission (FTC) updated its Children’s Online Privacy Protection Act (COPPA) Rule Compliance Guide in its ongoing effort to ensure that COPPA reflects changes in technology, including the Internet of Things (IoT).  Although the FTC’s update confirms that COPPA applies to IoT devices, it does not provide meaningful guidance to operators regarding how to effectively implement the COPPA requirements in the unique IoT context.   

NTIA Seeks Comment on Mitigating Botnet Threats

The National Telecommunications and Information Administration (NTIA) issued a Request for Comment (RFC) on promoting stakeholder action against botnets and other automated threats.  NTIA initiated this review pursuant to President Trump’s Executive Order on cybersecurity (summarized here), which directs the Secretaries of Commerce and Homeland Security to jointly identify and promote stakeholder action to mitigate threats perpetrated by automated and distributed attacks.  

“Flying Cars” Aren’t Cars. (And They Might Not Fly)

Since the premiere of The Jetsons in 1962, we’ve all wondered when we can expect to see futuristic flying cars in real life—pod-shaped vehicles that can float above traffic and safely deliver us to work and school.  Momentum for the idea of flying cars has been building lately, leading industry watchers to speculate whether the future is now.  

FAA’s Model Aircraft Registration Rule Doesn’t Fly with the D.C. Circuit

On May 19, 2017, the United States Court of Appeals for the D.C. Circuit announced its decision in Taylor v. Huerta, vacating the FAA’s 2015 Registration Rule as applied to model aircraft.  That rule requires owners of small unmanned aircraft, including model aircraft, to register with the FAA.  The court held that the plain language of Section 336 of FAA Modernization and Reform Act of 2012 (FMRA) bars the FAA from promulgating any rule or regulation regarding model aircraft, and that this prohibits the agency from applying the Registration Rule to model aircraft owners. 

Cybersecurity Framework Updates Coming, Including on the Internet of Things

NIST held a public workshop on Tuesday and Wednesday in Gaithersburg, Maryland to discuss proposed updates to its highly-lauded Cybersecurity Framework for Critical Infrastructure (CSF), which was released in 2014.  CSF Draft Version 1.1 was released on January 10, 2017, and NIST has taken public comment.  A summary by NIST of the comments received is available here.

Litigating the Internet of Things

Let’s say you manufacture a connected oven, and the six o’clock news runs a story in which researchers claim they can remotely access and turn on the broiler.  Anyone exploiting such a vulnerability would be committing a felony, but luckily, no exploit happened.  But before you know it, you are slapped with a class action lawsuit claiming economic injury because some consumers would not have bought the oven if they knew it was “defective”—i.e., that it was susceptible to potential third party “hacking.”

NIST Is Finalizing Its Cybersecurity Framework Manufacturing Profile

The National Institute of Standards and Technology (“NIST”) recently released the final draft of its Cybersecurity Framework Manufacturing Profile—a document dealing with the desired cybersecurity outcomes and posture for manufacturing systems.  The breadth of the document is wide, encompassing any sort of manufacturer, including makers of electronic devices and consumer technology.  

Chamber of Commerce’s C_TEC Urges Government “Think Big” on IoT

Wiley Rein today helped the Chamber of Commerce’s C-TEC advocate for pro-innovation policies that can advance the Internet of Things.  In comments filed in an NTIA proceeding about the role of IoT in the economy, C_TEC urges the government to:

  • Promote data–driven decisions and consistent, broad definitions that recognize the diversity of IoT;
  • Promote global, voluntary and open industry-led standards, supporting interoperability and the free flow of information;
  • Promote security through partnerships, education, and reduction of liability risk; and
  • Remove barriers to infrastructure deployment and avoiding regulation and fragmentation.