FTC and Chamber Weigh in on IoT at CPSC
June 15, 2018
Federal Trade Commission (FTC) staff has weighed in on the Consumer Product Safety Commission (CPSC)’s public proceeding on the Internet of Things (IoT) and consumer product hazards. That proceeding asks what the CPSC should be doing to help address potential safety hazards from IoT devices.
Today, as diverse stakeholders shared their views with the CPSC, comments from staff of the FTC’s Bureau of Consumer Protection highlighted the “flourishing” IoT market and the potential consumer benefits that come along with it. The FTC noted that many IoT devices offer safety benefits—for example, home IoT locks and burglar alarms. But it also warned that these devices may create technology-related hazards for consumers—for example, physical safety hazards may arise if an intruder has access to a connected lock or alarm. The FTC’s comments also included a discussion of the FTC’s “host of guidance” regarding risk assessment, service provider oversight, and ongoing efforts to address updating, and patching. In this sense, the FTC’s comments reinforce concerns about the scope of the CPSC’s efforts, which may try to avoid complex issues about mobile security updates but be unable to.
While the FTC specifically declined to take a position on whether the CPSC should implement regulations regarding IoT device hazards, it did suggest that any CPSC approach should be “technology-neutral” and “sufficiently flexible so that it does not become obsolete as technology changes.” And, to the extent the CPSC considers IoT device certification requirements, FTC staff implicitly acknowledged the complexities of certification regimes, suggesting that “CPSC should consider requiring manufacturers to publicly set forth the standards to which they adhere.” FTC staff noted that under its FTC Act authority, it could “take action against companies that misrepresent their security practices in their certifications.”
The CPSC will hear from other stakeholders regarding IoT security, as today is the final day for commenters to submit written comments. Wiley Rein filed comments on behalf of the U.S. Chamber of Commerce’s Technology Engagement Center and its Institute for Legal Reform. Those comments reiterate the Chamber’s call for a national strategy for global IoT issues that embraces international, consensus-driven standards, avoids fragmentation, and prevents counterproductive litigation. For example, the U.S. Chamber produced security principles for IoT, in collaboration with Wiley Rein, here. In those principles and in the CPSC comments, the Chamber urges CPSC to coordinate with other agencies—including the FTC, NIST and NTIA—to address IoT concerns with a light-touch approach that enables innovation and creativity.
With so much activity focused on the nascent IoT market, regulators need to work to coordinate their efforts and avoid chilling innovation through unnecessary work and duplication of efforts.
Comments in CPSC’s IoT docket will be available here.