- WND - http://mobile.wnd.com -

Congress wants 'Internet of Things' protected

You’ve shut down your accounts on the social media sites that violate consumer privacy the most, you’ve scrubbed what you can of your personal details from the web, and you’re actually reading every word of privacy provisions.

So what else can you do to protect yourself from the digital invasion?

How about checking whether your car, your phone or even your appliances are snitching on you to data reapers?

There’s a new bipartisan plan proposed in Congress that would give consumers a leg up on that effort.

It focuses on the “Internet of Things.”

That includes technologies that allow utilities to monitor appliances in your home, the location beacons in your cars, fitness devices that monitor health and much more.

According to the Electronic Privacy Information Center, control of personal information “can be lost if someone hacks into the smartphone or computer acting as a remote for the other devices.”

“In the case of computers and smartphones, this hacking can be done remotely and often undetected. Smartphones, just like computers, carry an enormous amount of personal information about their owners. They often link to bank accounts, email accounts, and in some cases household appliances. Stolen data can result in serious problems. Vehicles contain many computers that control their function. Initially, these computers could not be hacked into. With the increased connectivity of the IoT, however, vehicles are now at risk due to being connected to the Internet.”

Frank Pasquale, an EPIC board member and law professor, warns the IoT “will result in a world that is more ‘prison-like’ with a ‘small class of ‘watchers’ and a much larger class of the experimented upon, the watched.'”

Sens. Mark R. Warner, D-Va., and Cory Gardner, R-Co., Maggie Hassan, D-N.H., and Steve Daines, R-Mont., introduced the “Internet of Things Cybersecurity Improvement Act of 2019.”

“The legislation would require the National Institute of Standards and Technology to set baseline security standards for Internet-connected devices,” EPIC said.

It addresses “any attribute of hardware, firmware, software, or combination … that could enable the compromise of the confidentiality, integrity, or availability of an information system or its information or physical devices to which it is connected.”

The standards would need to address secure development, identity management, patching and configuration management, among others.

The organization warned that connected video cameras and connected medical devices also can reveal untold amounts of private information.

“They are able to communicate with consumers, collect and transmit data to companies, and compile large amounts of data for third parties,” the organization said.

“This increased connectivity raises a myriad of consumer privacy and data security issues. Government agencies, like the Federal Trade Commission, are concerned with issues such as data security, mobile privacy, and big data. The development of the IoT means that companies preserve privacy. Among other things, this involves adopting privacy and data security best practices, only collecting consumer information with express consumer consent, and providing consumers with access to their data.”

The issue already has come up several times in connected toys, which respond to a child’s comments and directions. They mostly are linked by WiFi directly to a manufacturer or subcontractor, which then is able to hear anything going on in the room where the toy is.

Car safety also is a concern, since connected vehicles have, as any other computer system, the capability of being hacked and controlled by outside agencies.

EPIC said the term “Smart Grid” encompasses “a host of inter-related technologies rapidly moving into public use to reduce or better manage electricity consumption.”

“Smart grid systems may be designed to allow electricity service providers, users, or third party electricity usage management service providers to monitor and control electricity use. Privacy implications for smart grid technology deployment centers on the collection, retention, sharing, or reuse of electricity consumption information on individuals, homes, or offices.”

EPIC said: “Perhaps the most visceral example is the hacking of an automobile by a bad actor, which could lead to vehicular homicide. Researchers have already demonstrated the ability to access and control vital functions of a car, including its brakes, by compromising its connected features. Another category of IoT devices that could be hacked with horrific consequences are personal medical devices, such as defibrillators, pacemakers, and insulin pumps; hacking of any of these devices could lead to physical injury or death. Other vulnerable devices include IoT cameras, which can surreptitiously record audio and video, HVAC systems that control heating and cooling levels, and alarm systems that can provide access to user’s homes and other secure areas.”