FTC's McSweeny Encourages Use of Encryption, End-User Controls
Strong security and end-user controls are “critical to protect personal information,” FTC Commissioner Terrell McSweeny wrote in a blog for the Huffington Post Thursday. “Most of us are just beginning to be aware of the amount of sensitive information we are sharing or transmitting each time we download a new app or connect up a new wearable, sensor, household appliance or device.” With estimates of 25 billion to 50 billion connected devices by 2020, that's a “target rich environment for bad actors,” she said. Companies collecting and storing data have an obligation to secure it and should do more to protect against breaches, she said. The FTC is urging companies to embrace security by design because the impact of major breaches may be reduced the more users’ data and communications are encrypted end to end, but there's no such thing as perfect security, McSweeny said. “Each of us can play an important role in protecting our information on laptops, desktops, and smartphones by using strong end-user controls, such as disk encryption and firmware passwords.” McSweeny encouraged policymakers to “carefully weigh the potential impact” of requiring “back doors,” saying if consumers don’t trust the security of their devices, innovation could be stymied and privacy and security protections could be weakened for consumers.