Smart IoT Act Approved, Leaves out Security Concerns
Posted by Kayla Matthews
Although many lawmakers decide it’s necessary to oversee the Internet of Things (IoT) industry in some regard, they don’t always agree on how to do it.
However, the House Digital Commerce Subcommittee recently approved an act that could be the first step in setting up a framework for IoT companies to follow. The approval of the H.R. 6032, State of Modern Application, Research, and Trends of IoT (SMART IoT) Act means that the document now has to go through a markup process before the entire committee.
What Does the Act Entail?
Under the Act, the Secretary of Commerce would conduct a study of the IoT industry and submit it to Congress. Part of that research involves creating a detailed list of all sectors that manufacture, promote or use IoT devices as well as any federal agencies that have authority over those industries.
It will also include a list of the public-private partnerships that promote use and adoption of IoT devices, as well as domestic and international entities that have developed or are in the process of developing standards for internet-connected devices, whether mandatory or voluntary.
Moreover, the section of the Act related to federal agencies will discuss any applicable collaborative efforts across organizations — such as working groups — and mention the expertise and reach of each federal group. There will be a segment that lists all federal resources consumers can use to gauge the worthiness of internet-connected devices too.
This report must be submitted no later than one year after the enactment of the SMART IoT Act.
Security Is Not Addressed
One of the defined shortcomings of the SMART Act is that it does not explicitly mention security practices associated with the listed content.
Representative Debbie Dingell, a Democrat from Michigan, weighed in to say that she wasn’t comfortable with the lack of specifications about security. She used an analogy of letting a genie out of a bottle and emphasized that once hackers already have stolen data, it’s too late to implement security precautions.
House representatives agreed that IoT devices are useful and noted that updating existing laws is necessary because the ones in place now don’t cover the most recent technological advancements.
However, since security is not a component of the SMART Act, it’s arguably not thorough enough because a lack of security regulations potentially harms all users that have IoT devices, especially if hackers infiltrate those gadgets.
Are There Downsides to Potential Regulation?
As IoT devices and similar technologies become more prevalent in society, people have started wondering what might happen if the tech sector becomes regulated.
Although regulations might make the companies following them more trustworthy in the eyes of the public, there’s also the potential that it could be so costly to meet the regulatory requirements that small businesses and startup tech companies find that it’s too expensive to get in compliance.
The SMART Act doesn’t appear to have components that could make companies incur expenses, but if it lays the groundwork for strict legislation, some entities could determine that the requirements are financially unfeasible.
Another IoT Act Introduced
On the other hand, Senators Mark Warner and Cory Gardner introduced the Internet of Things Cybersecurity Improvement Act to the Senate last year. That Act sets forth minimum requirements for vendors, such as that the devices must have the ability to receive software updates and be free from known security vulnerabilities.
Even though that Act has security-related aspects, it still doesn’t necessarily benefit consumers. The vendors that must meet those standards are required to do so only if they want to engage in government contracts associated with their devices.
There’s a chance, though, that if such mandates existed, manufacturers would decide to apply them to all their IoT devices instead of only the ones used by government agencies. That would likely be a cost-effective approach that would ultimately benefit everyday users too.
How Could the SMART Act Help?
It seems that the SMART Act’s report will result in an all-encompassing list of the entities involved in the IoT industry and how they affect it. If that’s the case, it could reduce the potential of duplicate regulations by highlighting things that are in progress by other organizations.
However, hopefully, the Act will go into sufficient detail and list the names of companies and organizations instead of just the sectors that use the IoT. Before long, it’ll be challenging to find an industry that doesn’t depend on the IoT in some respect, which could make the report’s findings too vague.