By Susan Cassidy, Jenny Martin, and Catlin Meade The National Institute of Standards and Technology (“NIST”) released on August 15, 2017 its proposed update to Special Publication (“SP”) 800-53. NIST SP 800-53, which was last revised in 2014, provides information security standards and guidelines, including baseline control requirements, for implementation on federal information systems under … Continue Reading
On August 1, 2017, a bipartisan group of Senators introduced legislation (fact sheet) that would establish minimum cybersecurity standards for Internet of Things (“IoT”) devices sold to the U.S. Government. As Internet-connected devices become increasingly ubiquitous and susceptible to evolving and complex cyber threats, the proposed bill attempts to safeguard the security of executive agencies’ … Continue Reading
A bill pending in the California legislature, if passed, would create new obligations for manufacturers of “connected devices.” S.B. 327 (also known as the “Teddy Bear and Toaster Act”) would operate somewhat differently than existing laws, such as the California Online Privacy Protection Act (“CalOPPA”). Security obligations. Manufacturers of connected devices that sell those devices … Continue Reading
On December 1, 2016, the Commission on Enhancing National Cybersecurity released its Report on Securing and Growing the Digital Economy. In its Report, the Commission, established in February 2016 by President Obama, provided detailed short- and long-term recommendations to strengthen cybersecurity in the public and private sectors. The Commission took a multi-stakeholder approach, emphasizing the … Continue Reading
The recent National Institute of Standards and Technology (NIST) publication of cybersecurity guidance for the Internet of Things (IoT) is a useful reminder that hacking incidents can result not only in privacy breaches, but also in bodily injury or property damage — via critical infrastructure, medical devices and hospital equipment, networked home appliances, or even … Continue Reading
Following NIST’s release of cybersecurity guidance for the Internet of Things last week, the Broadband Internet Technical Advisory Group (BITAG) released a report today titled Internet of Things (IoT) Security and Privacy Recommendations (the Report). BITAG is a non-profit organization that brings together engineers and technologists in a working group to develop consensus on technical … Continue Reading
On November 15, 2016, the National Institute of Standards and Technology (NIST) released its final guidance providing engineering-based solutions to protect cyber-physical systems and systems-of-systems, including the Internet of Things (IoT), against a wide range of disruptions, threats, and other hazards. NIST Special Publication 800-160 (the “Guidance”) is the result of four years of research … Continue Reading
Yesterday, the Senate Commerce Committee passed a bill meant to increase government involvement in the development of the “Internet of Things” (IoT). By a voice vote, the committee approved the Developing Innovation and Growing the Internet of Things (DIGIT) Act, sponsored by Sen. Deb Fischer (R-Neb.), Sen. Kelly Ayotte (R-N.H.), Sen. Cory Booker (D-N.J.), and … Continue Reading
By Kristof Van Quathem Yesterday, the European Commission launched its “Digitising European Industry” package, a series of industry related initiatives aimed at “updating Europe’s digital infrastructure”, see press release here, Q&A here and homepage here. The package includes reports and proposals addressing cloud computing, ICT standardization, eGovernment, Internet of Things (“IoT”), quantum technologies and high … Continue Reading
Yesterday, the National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce, issued a Request For Public Comment (RFC) seeking comment on the benefits, challenges, and potential roles for the government in fostering the advancement of the Internet of Things (IoT). NTIA issued the RFC as part of the Commerce Department’s Digital … Continue Reading
The FTC has cautioned that a recent settlement holds lessons for companies involved in the Internet of Things. The settlement, announced on Tuesday, was reached with hardware manufacturer ASUS over concerns that its router products carried certain security vulnerabilities. Notably, in addition to alleging that ASUS’s actions violated promises to consumers, the FTC alleged that … Continue Reading
A European Parliament policy department has released a report, entitled Big Data and Smart Devices and Their Impact on Privacy, that criticizes the lack of focus on privacy and data protection in the European Commission’s “Digital Single Market” policy agenda, noting a “conflicting” intersection between the Commission’s Digital Single Market objectives and the EU’s efforts, … Continue Reading
Last Friday, Fiat Chrysler announced the recall of 1.4 million vehicles to fix security vulnerabilities, further highlighting the importance of properly addressing cybersecurity issues created by the use of connected devices. The recall follows an article published last Tuesday by Wired magazine which described methods used by security researchers to remotely access a Jeep Cherokee, … Continue Reading
As readers of the InsidePrivacy blog know, we often save some fun reading on privacy issues for the weekend, given the crush of business during the week. This week, we’re up for some digital magazine reading. It’s refreshing when privacy issues burst into the mainstream consciousness, and we have two great examples of that this … Continue Reading
By Ani Gevorkian The Subcommittee on Commerce, Manufacturing, and Trade of the House Energy and Commerce Committee held a hearing on Tuesday entitled, “The Internet of Things: Exploring the Next Technology Frontier.” The hearing focused on the promises Internet of Things (“IoT”) technology holds, and what role Congress should play in addresses the challenges IoT … Continue Reading
Next Tuesday, March 24 at 11 a.m., the House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing, and Trade will host a hearing entitled “The Internet of Things: Exploring the Next Technology Frontier.” The hearing will follow an Internet of Things (“IoT”) showcase featuring Internet-connected products manufactured in members’ districts. Congress already has begun taking … Continue Reading
By Meena Harris and Caleb Skeath Data Breaches Studies show increase. Amidst a flurry of high-profile breaches during 2014, several studies confirmed that data breaches as a whole have risen significantly over the past few years. The California Attorney General released a study showing a 28% increase in breaches in 2013 as compared to 2012. … Continue Reading
The U.S. Senate Committee on Commerce, Science, and Transportation held a hearing on February 11, 2015, entitled The Connected World: Examining the Internet of Things. The panelists included Justin Brookman, director of the Consumer Privacy Project at the Center for Democracy and Technology; Adam Thierer, a senior research fellow at George Mason University’s Mercatus Center; … Continue Reading
As readers of the InsidePrivacy blog know, we often save some fun reading on privacy issues for the weekend, given the crush of business during the week. Sure, you’re reading the FTC’s just‑released Internet of Things report (and hopefully Shel’s helpful analysis of it), but a little broader reading might be just right for our … Continue Reading
Yesterday, the Federal Trade Commission released a staff report on the Internet of Things (“IoT”) that provides best practice recommendations for addressing privacy and security risks associated with IoT products and services. The report, Internet of Things: Privacy & Security in a Connected World, also summarizes findings from the FTC’s 2013 IoT workshop. In the … Continue Reading
On Thursday, January 29, Covington’s Global Privacy and Data Security Practice Group will host a webinar on the Internet of Things (IoT). The webinar will cover the full federal, state, and international legal landscape governing IoT technology. While the Federal Trade Commission (FTC) is expected to release a report soon on privacy issues raised by IoT, the FTC … Continue Reading
By Phil Bradley-Schmieg The UK Information Commissioner’s Office (ICO) has launched an informal survey of current practices relating to the use of data-enabled medical devices and apps. The short and anonymous survey explores whether organisations have put in place specific policies and procedures, asset registers, IT security requirements for medical device procurement policies, information governance … Continue Reading
As readers of the InsidePrivacy blog know, we often save some fun reading on privacy issues for the weekend, given the crush of business during the week. The past couple of weeks have been a challenging time for the Internet, though, and our thoughts have turned to the darker side of anonymity and privacy. The … Continue Reading
On October 20, 2014, a bipartisan group of senators sent a letter to U.S. Senate Committee on Commerce, Science, & Transportation Chairman John D. Rockefeller IV (D-W.Va.) and Ranking Member John Thune (R-S.D.), requesting that the Committee schedule a “general oversight and information-gathering hearing” on digitally connected technologies before the end of 2014. The letter, penned by … Continue Reading
