Senators to push privacy, security legislation for IoT

One of them is Sen. Edward Markey, who plans to introduce legislation to require security measures in connected cars

Some Democratic senators want new laws that mandate security and privacy measures on the Internet of Things, as concern grows over personal data collected by connected devices.

Several democratic members of the Senate Commerce, Science and Transportation Committee said Wednesday they are exploring legislation that would enforce privacy and security standards for connected devices. Senator Edward Markey, a Massachusetts Democrat, plans to introduce a bill that will focus on security standards and the data collected by connected automobiles.

This week, Markey released a report saying that most auto manufacturers selling vehicles in the U.S. have "massive holes" in their data security. Only two of 16 car companies that responded to information requests from Markey's office said they have capabilities to respond to a hacking attack in real time, he said during a hearing.

New cars are now "computers on wheels," Markey said, and hacked vehicles can be dangerous.

"A small vulnerability or error in coding can lead to a catastrophic consequence for drivers, passengers and pedestrians," he said. "Thieves no longer need a crowbar to break into your car -- they just need a smartphone."

Markey's legislation will require that makers of wireless access points on connected cars use penetration testing technologies and that collected data is encrypted. The legislation will also require that the car manufacturer or a security vendor be able to detect and respond to hacking attempts in real time.

The bill will also require car makers to explain their data collection practices to drivers and allow them to opt out of data collection without having to disable navigation.

Car companies that can build software to track vehicle performance and other information "should have the same geniuses in those companies to build in protection for security and privacy," Markey said. "If you can figure out an algorithm that sends information around the world in the blink of an eye, you should be able to figure out an algorithm that provides consumers the security and privacy they need."

Representatives of auto makers didn't testify during the hearing. The Alliance of Automobile Manufacturers, a trade group, said it has not yet fully reviewed Markey's report, but its members take several steps to protect security and to tell customers about the data they collect.

"Automakers believe that strong consumer data privacy protections and strong vehicle security are essential to maintaining the continued trust of our customers," the group said in a statement.

Other Democrats in the hearing also suggested they are open to new legislation addressing the privacy and security of the IoT. The IoT industry is projecting huge growth by collecting customer data, and Congress needs to "find that balance" between the industry's data collection and customer privacy, said Senator Joe Manchin, a West Virginia Democrat.

More transparency about the kinds of data IoT devices are collecting is also needed, said Senator Richard Blumenthal, a Connecticut Democrat who plans to cosponsor Markey's connected cars bill. Congress should explore legislation that more easily allows consumers to file class-action lawsuits for data breaches, he said.

Congress should also consider legislation that requires companies to follow best practices in cybersecurity, said Justin Brookman, director of the Consumer Privacy Project at the Center for Democracy and Technology. While the U.S. Federal Trade Commission has brought dozens of data security complaints against companies, it is facing court challenges on its authority to do so, he noted.

Several speakers at the hearing brought up recent concerns about the ability of smart TVs to capture conversations via their voice command features. Brookman also mentioned the cases where hackers have taken over webcams and broadcast videos online.

Congress, while considering a national breach notification law, should expand the consumer data covered by notifications to include nonfinancial information held in online accounts, he said. "Internet of Things devices reveal really sensitive stuff about us," Brookman added.

While some committee Democrats said they will explore legislation, representatives of the IoT industry urged Congress to go slow. Consumer confidence in the IoT is important, "but we must not overregulate in a way that would stifle innovation," said Michael Abbott, a general partner in the venture capital firm Kleiner Perkins Caufield & Byers.

Most of the panel's majority Republicans, and a handful of Democrats, agreed. The IoT is in early stages of its growth, and Congress shouldn't rush in to regulate, they said.

"Let's treat the Internet of Things with the same light touch that has caused the Internet to be such a great American success story," said Senator John Thune, a South Dakota Republican and committee chairman. "We should let consumers and entrepreneurs decide where IoT goes, rather than setting it on a Washington, D.C., directed path."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags U.S. SenateInternet-based applications and servicesJoe ManchinKleiner Perkins Caufield & ByersregulationJohn ThuneJustin BrookmaninternetEdward MarkeyAlliance of Automobile ManufacturerssecurityMichael AbbottRichard BlumenthalCenter for Democracy and Technologygovernment

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?