NTIA IoT Green Paper Gets Support, Suggestions for Improvement
Industry groups and other commenters backed the IoT green paper developed by NTIA and Department of Commerce, which posted the comments Wednesday (see 1703140022 and 1701120050). But many provided recommendations on improving the paper and IoT development approach. ACT|The App Association said the paper didn't adequately describe IoT's potential in fueling job growth and should have an "unambiguous policy recommendation" that an ex ante or ex post government action be based on data-driven evidence. "Government actions (or reactions) based on hypothetical and/or anecdotal harms will pose a significant threat to the innovation in the app ecosystem that will drive the growth of the IoT," ACT commented. The Center for Democracy & Technology said NTIA's assessment of IoT privacy issues is "inadequate." CDT said the IoT raises new questions about what constitutes personal data and privacy, which are challenging current legal frameworks. It said NTIA and Commerce should pursue consensus-based global standards and highlight efforts to promote privacy in the industry. NCTA commented that there are security areas the paper doesn't address including: incorporating a unique identifier for each IoT device; supporting authentication and authorization for users to validate a person to use a device and have permission to perform an operation; ensuring data at rest is protected; and "over manageability" of IoT devices for users. NCTA said users will need to keep an inventory of their devices, managing credentials, including when a device changes ownership. CTIA said 5G networks will "provide the speed, reliability and capacity necessary" for IoT growth, addressing "dense usage patterns in urban areas, and [powering] data-rich applications like high-resolution video and medical imaging, streaming media, and augmented and virtual reality." Microsoft worried about the expectation of "unlimited support" for connected devices, because some security advancements can be enabled only through new hardware, not patching. The company said unlimited support would probably stifle innovation by putting a large cost burden on new market entrants and dissuading consumers from buying new devices. CTA commended the paper for concluding that the IoT "require a reaffirmation, not a reevaluation" of government policy to encourage private sector leadership, global standards development and a multistakeholder approach in policy making. The group backed passage of the Digit Act (S-88), which would give Commerce lead responsibility in identifying regulatory hurdles to IoT development.