Recently, I had the opportunity to participate on a panel discussion of Internet of Things (IoT) privacy and security at the Consumer Electronics Show in Las Vegas. This week, Barcelona plays host to the 2016 Mobile World Congress, where technology leaders convene to discuss what’s next in the mobile industry. Both events point to a future in which Internet-enabled devices are ubiquitous.

We cannot yet see exactly how our lives will change as a result of this next wave of innovation. What is clear, however, is the potentially transformative nature of a world packed with connected devices. For that potential to be reached, consumers need assurances that their privacy and security will be carefully protected. Here, both industry and government have important roles to play.

The IoT represents a revolutionary step in the development of technology—much more so than the advent of the cloud computing. We can now connect products that were designed separately. We can even connect devices originally built without the capacity for connectivity. Already, this network of connected devices is being leveraged in new and exciting ways. For example, Cisco has partnered with Sprint, GE, Sensity, and Kansas City, Missouri, to develop a two-mile long streetcar system that will be outfitted with Wi-Fi-connected light poles. The system will not only be able to deliver Wi-Fi to people in the surrounding area, but also to communicate information about open parking spots, to conserve energy by illuminating only those streets where people are present, and to deter crime.

We can’t fully predict where the next big idea in IoT will come from when we start to connect the unconnected. With this in mind, the Kansas City project includes an innovative public private partnership called the Living Lab, where anyone can propose ideas for how this new Wi-Fi connected corridor can benefit the community. This experimental model will enable the lab to generate and test original, and surprising, uses for technology that cannot be foreseen without study.

For this next phase of innovation to develop, governments need to provide sufficient opportunity for change. The FTC recognized the importance of taking a step back from this emerging market in the IoT report it issued last year. At the same time, the FTC has distilled lessons about security and privacy by design from its enforcement cases into an educational program for startups and small businesses, called “Start with Security.”

Developers of IoT technologies have a distinct role in providing this space as well. If we expect more space and time to be allotted for the IoT market to mature, our industry has to help itself by proactively designing, developing, maintaining, and operating our products and services with security and privacy in mind.

The emergence of the IoT may necessitate updates or adaptations to traditional privacy constructs like the Fair Information Practice Principles (FIPPS). In the meantime, it is vital that industry avoids uses of consumer data that either violates a promise or otherwise creates some significant risk of harm or surprise. Failure to proactively protect against security and privacy harms will lead to an inhibitive regulatory environment that will prevent the full exploration of the IoT and the benefits we cannot even yet foresee.

For more information about Cisco’s Data Protection and Privacy Program, visit trust.cisco.com.


Eric Wenger

Senior Director, Technology Policy

Global Government Affairs