'Privacy and security implications' of Internet of Things must be addressed, warns US Federal Trade Commission

Edith Ramirez states unregulated IoT could see businesses take 'deeply personal' information without user knowledge

The Internet of Things (IoT) and connected devices pose huge risks to privacy and security, and could allow businesses to paint a "deeply personal" picture of every consumer, the Chairwoman of the United States Federal Trade Commission has warned.

Edith Ramirez voiced her concerns about privacy and the IoT during a speech at the CES 2015 conference in Las Vegas, Nevada. Companies including Intel, Samsung and Cisco are all investing heavily in this area. Indeed, during an event at CES, Samsung argued that the industry must pull together to make the Internet of Things happen.

But while the IoT has "the potential to provide enormous benefits for consumers", said Ramirez, she warned that it "also has significant privacy and security implications", especially surrounding the personal data that the devices collect.

Ubiquitous data collection, the potential for unexpected uses of consumer data and heightened security risks were all earmarked as issues that need to be addressed.

"In the not too distant future, many, if not most, aspects of our everyday lives will leave a digital trail," said Ramirez.

"That data trove will contain a wealth of revealing information that, when patched together, will present a deeply personal and startlingly complete picture of each of us - one that includes details about our financial circumstances, our health, our religious preferences, and our family and friends," she continued, before warning that the risk will only increase as more devices get connected up.

"The introduction of sensors and devices into currently intimate spaces - like our homes, cars, and even our bodies - poses particular challenges and increases the sensitivity of the data that is being collected."

Ramirez said questions need to be raised about how businesses use the sensitive and personal data they collect.

"This pervasive collection of data inevitably gives rise to concerns about how all of this personal information will be used," she said.

"Will the data be used solely to provide services to consumers?" Ramirez asked. "Will the information flowing in from our smart cars, smart devices, and smart cities just swell the ocean of 'big data', which could allow information to be used in ways that are inconsistent with consumers' expectations or relationship with a company?

"We cannot continue down the path toward pervasive data collection without thinking hard about all of these questions," she added.

The IoT also presents greater opportunities for cyber criminals, Ramirez warned.

"Like traditional computers and mobile devices, inadequate security on IoT devices could enable intruders to access and misuse personal information collected and transmitted by the device," said Ramirez.

"And, as we purchase more smart devices, they increase the number of entry points an intruder could exploit to launch attacks on or from," she added, before warning that new firms rushing to enter the IoT arena may lack the security know-how to make their products safe.

"As an initial matter, some of the developers entering the IoT market, unlike hardware and software companies, have not spent decades thinking about how to secure their products and services from hackers," she said.

The solution, Ramirez told CES, is for companies "to prioritize security and build security into their devices from the outset.

"In addition, companies should implement technical and administrative measures to ensure reasonable security, including designating people responsible for security in the organization, conducting security training for employees, and taking steps to ensure service providers protect consumer," she continued.

Ramirez argued "the stakes are too high" to not make the appropriate investment in privacy and security.

"So, as we commit to New Year's resolutions, we should also resolve to take appropriate steps for the IoT to flourish and reach its full potential across our economy in a way that does not harm or sacrifice consumer privacy," she concluded.