The FTC Wants All Your Internet-Connected Things To be Secure

Data should be protected and not used in ways consumers don't want

The Internet’s already inextricably intertwined with our everyday lives, and it’s only going to become more and more prevalent as the so-called “Internet of Things” takes off. Everything from wearables to home appliances to medical devices are going to be connected to the net, and the U.S.’s Federal Trade Commission wants manufacturers to make sure that the security and privacy of consumers is paramount.

In a detailed report issued by the FTC on Tuesday, the agency spells out a number of best practices companies should take to ensure that their services and products aren’t used maliciously.

The FTC says that there are already 25 billion devices around the world connected to the Internet, and that number is expected to double by 2020. As more and more of our everyday devices become connected, those gadgets and gizmos gain an increasing amount of insight into our lives. For example, data from home automation devices could be used to determine patterns of when its occupants are away, based on the thermostat and light settings; wearables also provide location information that ill-intentioned parties could use to discover where someone is at any moment; and medical devices could be aware of sensitive information about a person’s health. Because all of these devices are designed to communicate with the Internet, that data is potentially accessible and at risk.

Once your information is out there, it’s out there, and it gets a lot harder to control what’s done with it.

The report covers everything from corporate culture–having a point person responsible for security–to technological requirements–making sure solid encryption is used. Besides security, the FTC’s reports identify three additional areas that companies should focus on: data minimization, notice, and choice. Data minimization means that companies should protect their users’ privacy by not collecting any more data about its customers than is necessary. Limiting data collections helps reduce the chance that unauthorized parties will access private information about customers.

In areas of choice and notice, the FTC recommends that companies be very transparent when explaining what information will be collected about their customers. The FTC also says companies must give customers ample opportunities to choose what data is collected and how it’s allowed to be used. Even in cases where information might not be stolen, it might be used in ways that consumers don’t expect. The commission points out that information about your driving or workout habits could be used to affect your auto or health insurance rates. Additionally, devices might be able to find out what TV shows you’re watching and then potentially sell that information to advertisers.

Security and privacy might seem like no-brainers, but as the last few years have shown, plenty of companies have fallen victim to security breaches or data leakages. It’s bad enough to have to cancel your credit card, but when the information in question is far more personal—your location, for example, or your health—things grow a bit more concerning. Once it’s out there, it’s out there, and it gets a lot harder to control what’s done with it.