More evidence U.S. lags dangerously behind EU on IoT privacy

There’s new confirmation that the U.S. remains dangerously behind the European Union on the twin issues of Internet of Things privacy and security. As I’ve warned before, especially in the context of the continued outrage over the NSA surveillance, if these issues aren’t solved collaboratively by the private sector and government, they threaten to derail the IoT express.

In her Stanford Masters thesis, I believe Mailyn (sic) Fidler accurately summarizes the US’s stance:

“The IoT in the United States is characterized by late but strong entry of companies to the market and by recent, but minimal, interest from the federal government. Specifically, the federal government views the IoT largely as part of the ongoing privacy and security discussion in Washington, D.C. Complicating analysis of the IoT in the United States is that the “Internet of Things” is not a generally recognized term. In the U.S., the IoT is viewed as a natural evolution of American innovation rather than as a unique field.”

http://m3.licdn.com/mpr/mpr/shrink_80_80/p/2/000/0dc/3bd/392d2fe.jpgFidler contrasts this lack of concern by the government to the EU, which, while also

Mailyn Fidler

viewing IoT privacy in the broader context of general privacy policy, has made IoT personal privacy and security a priority — more about that in a future post about the “Butler Project” report):

“The IoT has been a political priority for the European Union. Even with the recent recession, interest and funding in IoT enterprises has not slowed, and the EU has invested 70 million Euros in at least 50 research projects since 2008. In addition to the EU’s hopes that the IoT will bring economic benefits, particularly to small businesses and public institutions, the EU’s interest in the IoT reflects its concerns about who controls emerging technologies. Indeed, EU officials have stated an ambition to build an IoT ‘that will bring about clear advantages for Europe.’

However, despite the EU’s investments, a lack of legislative clarity, slow technical progress, and pressure from international strategic interactions threaten to slow EU efforts to develop a globally competitive, European-centric IoT.

The EU considers privacy a societal priority and has a history of regulating technologies to prevent privacy risks, as its Data Protection Directive indicates. The IoT is no different. The privacy risks the IoT presents, however, are discussed in the context of ongoing data protection reform in the EU. EU officials are debating how to author broad, technology-neutral guidance while, at the same time, many officials seem convinced that technology-specific guidance will be necessary. The EU’s political prioritization of the IoT fuels attempts at lobbying for IoT-specific regulation, as the myriad, overlapping attempts at IoT guidance demonstrate. The IoT’s advancement, then, is mired in this larger debate about the future of technology policy.”

Even with this greater focus, Fidler says the EU hasn’t made as much progress as might be hoped. Only 1 of the 33 2010 Cluster of European Research Projects on IoT explicitly investigated security, and, in a study the same year of IoT standards, only 2 or 175 explicityly investigated security — and none have addressed IoT cybersecurity.

In other words, they ain’t great, but we’re worse (in fact, among US agencies, only the FTC seems to give a fig about the IoT). Pathetic.

Fidler’s report also covers China. You can bet that privacy and security aren’t high on their priority list, LOL.

The EU, while perhaps lagging behind on IoT technology, may get the last laugh on the privacy and security issues. As we’ve seen with successful suits against Microsoft and Google on other Internet issues, the EU has prevailed in the past on questions of privacy and security, and, according to Fidler, it may happen again:

“The EU, faced with the IoT approaches of the United States and China—arguably the leading centers of technological innovation—may stand behind its social parameters and emphasis on new international governance mechanisms as a way of asserting alternative power. With such laws and institutions, economic activities involving the EU and the IoT would have to conform to EU-based standards. The EU, thus, compensates for technological disadvantages in innovation through social and governance parameters. Similarly, the United States and China are seeking to maintain or create their technical edge in new cyber technologies by encouraging unique standards regimes or more aggressive development environments.”

If so, I say bully for them! Someone has to stand up for the individual in this brave new world, and it looks as if the Obama Administration isn’t taking the challenge. Shame!

Fidler concludes that the geopolitical competition among the U.S., E.U., and China may have negative effects on the IoT’s overall growth if it results in incompatible standards:

“This geopolitical competition at such an early stage of the IoT’s development could create international interoperability problems, with negative political, economic, and social consequences. How governments and societies navigate the technological and political aspects of the emergence of the IoT will determine if the IoT’s benefits will be ubiquitously available or if the Internet’s foray into the realm of things will be interrupted.”

FADE TO Youngbloods singing “Get Together”…..

http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management