The Internet of Things is exploding the digital world. A report in 2014 from EMC Digital Universe and IDC found the amount of data in the world to be doubling every two years, and expected to reach 44 zettabytes by 2020.

“These 'things' unobtrusively gather data and communicate with users, and with other devices, to solve a variety of consumer and business needs,” according to Senate Commerce Committee Chairman John Thune (R-SD), opening a February 11 hearing on the Internet of Things. “There are some truly fascinating examples of the Internet of Things. A bed with smart fabric and sensors that tracks your sleep habits and uses the data to make sure your sleeping environment stays comfortable throughout the night.”

Thune emphasized that such devices “can collect sensitive consumer and business data,” so privacy and security concerns “should be at the forefront.” However, he encouraged his fellow Senators “to resist the urge to jump head first into regulating this dynamic marketplace,” and just ” let consumers and entrepreneurs decide where IoT goes.”

Ranking Member Bill Nelson (D-FL) expressed more skepticism of the promises of the technology. “We’re gonna have a bed that will help us improve our sleep. That does sound good… but the promise must be balanced with real concerns over privacy.” He worried that “interconnected devices collect, amass and transmit information,” risking consumers’ personal privacy.

“It is one thing for my refrigerator to inform me I need more milk; it is another thing for my refrigerator to tell a grocery store the same thing for marketing purposes.” Nelson ended up mis-referencing George Orwell, but you get the gist: “Did you ever read ‘Animal Farm’ and learn about Big Brother?”

The FTC recently released their own report on the Internet of Things as well, recommending a number of industry best practices and legislative initiatives.

Mike Abbott, lawyer at Kleiner Perkins Caufield & Byers, testified that “consumer confidence is paramount, but we must not over-regulate and stifle innovation.” He categorized the consumer-relating part of the Internet of Things as “the Internet of Me,” which “enables people to use connectivity to enrich their lives and the lives of their family and friends.” Abbott’s long-term vision for the Internet of Things will “become unobtrusive, another chapter in how entrepreneurs and their innovations can help improve the quality of life for new generations.”

Justin Brookman, director of the consumer privacy project at the Center for Democracy & Technology, took a more dour perspective. While admitting the “real revolutionary potential,” he pondered a series of questions: “Do consumers want everything to be smart? Is there a meaningful use case for a smart toaster? Even if there are incremental advantages to some connected devices, might the downsides in some cases outweigh the benefits?”

Adam Thierer, senior research fellow at George Mason University’s Mercatus Center, testified that the Internet of Things requires a “flexible policy regime” to succeed, and “while there are formidable privacy and security challenges associated with the Internet of Things, top-down or one-size-fits-all regulation will limit innovative opportunities.”

Questioned by Chairman Thune about the need for common standards, Theirer pointed out that everyone at the hearing that day was carrying mobile devices, with lots of different standards. “I think the marketplace can fix that.”

Protecting privacy and data security
Ranking Member Nelson asked the witnesses about what role Congress should play, and if “this is something the FTC should do.”

Theirer responded that the FTC was already active on “this front,” levying major fines and 20 year privacy audits imposed under the FTC’s existing authority. Brookman called for at least requiring “companies to actually say what they are doing.”

Sen. Kelly Ayotte (R-NH) expressed her concerns about data security “as we see more homogeneity” in data. For instance, “22 percent of my state” were affected by the recent Anthem data breach. So she asked the witnesses, “What should we be doing on data breach and legislation?”

Consumers are telling Intel that “security is the number one concern” for connected devices, according to the company’s VP and General Manager (Internet of Things group) Douglas Davis. “We think you have to design security into these implementations from the beginning.” Security by design is a regular recommendation from the FTC, including in their recent Internet of Things report.

Theirer pointed out that there are already “many other legal mechanisms to deal with these things,” and most states have security laws. Asked about the need for a national standard, he thought that “there may be a case to be made for it,” since a few states don’t have such laws and the standards differ. Ayotte further asked if one of the challenges we face is that “there’s never been a clear definition under Section 5 [of the FTC Act] about what is a deceptive or unfair practice” and if that might confuse companies. Theirer observed that Section 5’s meaning is evolving out of case law and FTC enforcement actions.

Sen. Steve Daines (R-MT), who was part of a cloud computing startup in his career prior to government service has a good grasp of the marketplace. He pointed out that while he has concerns “about privacy and security,” he also has “a great concern about the power of technology and innovation to move quickly.” Speed is “a competitive differentiator,” and while technology innovators “move at the speed of electrons, we move at the speed of glaciers” here in DC. He asked the witnesses if government can “regulate something I don’t think they even understand?”

The speed of innovation means rules can’t keep up, Theirer pointed out. He recommended that Congress should focus on a clear vision of consumer education, which “government has a long track record of doing,” like FTC’s OnGuard Online.

Daines’ kids apparently tell him, “Dad, you’re so January 2015 already.”

Brookman was a bit more forceful. While agreeing with Theirer that “the FTC has already acted in this area” to some extent, “on the privacy side, we’re just asking for greater transparency.” He felt that, “if you can’t explain it in a statement,” you shouldn’t be able to do it.

“I also have great faith in the power of crowd-sourcing,” and consumers control the world in a free market, said Daines. However, he wanted to know what could be done about appropriate disclosures and protections for children in the Internet of Things. Theirer agreed that “kids are often ahead of us parents” in their abilities. He reiterated the need for government to focus on “media literacy and technology literacy” to make children aware of “appropriate” digital behavior.

Brookman again pointed to legal changes needed. “The default,” he said, should be “if you want to sell [my personal health data] to researchers, get my permission” or “pay me for it.”

Sen. Joe Manchin (D-WV) admitted that, if data sharing was really a problem, Facebook wouldn’t be so successful, but “we still want privacy.” After insisting that “no one’s business got hurt” by the national Do Not Call registry (notwithstanding the destruction of the U.S. telemarketing industry, which he did not discuss), he said he understands “why companies don’t want any kind of privacy, because that’s a big money-maker.”

Abbott remarked that “a lot of that sharing improves the customer experience” with the user getting “a reward for the sharing of that information.”

But where does all that data sharing and selling profit go, asked Manchin? “For those of us who want a little bit of privacy, it looks like you’re doing pretty good.”

Theirer responded that a lot of that profit “is coming back to consumers in the form of lower prices.” He asked Manchin in return that, if regulation raised prices, “would consumers understand and appreciate that?”

Manchin recognized that industry might be afraid of government regulation going “too far,” but “we have a hard time believing that you don’t have enough information now, because there’s a lot of information that you do have; your financials show that. We’re just trying to find that balance.”

Sen. Maria Cantwell (D-WA) concurred. “I want a discount” in exchange for industry “getting my personal information and preferences,” she said.

Sen. Richard Blumenthal (D-CT), ranking member on the Subcommittee on Consumer Protection, lamented that most connected devices right now, almost seventy percent, lack data encryption, and most of them have “insecure web interfaces” and “insecure software.”

Brookman replied that the FTC needed a national data security and data privacy law to back them up in tackling such problems, since the Wyndham and LabMD cases are challenging the FTC’s authority in court right now.

Theirer responded with amusement, since he felt that no car company would knowingly sell vulnerable technology, and if they should do so, they would end up in court and likely out of business.

Blumenthal still worried that “the fact that protection is offered as one of the features… may not be decisive for a consumer,” so government needs to protect them.

A “national plan”
Sen. Brian Schatz (D-HI) proceeded into a line of comments and questions about a “national plan” for the Internet of Things, which he thinks we need but that would not be quickly achieved “in an American democracy system,” unlike our rivals in China. “How do we... develop a national Internet of Things plan that is in the context of a free market and democracy?” The only tangible suggestion from the witnesses was to focus on education and producing more data scientists.

Schatz also suggested the need to “empower consumers,” such as with a “good housekeeping seal of approval” for IOT devices “they should feel comfortable about.” However, no one on the panel seemed to think that was an important job for government.

Sen. Deb Fischer (R-NE) asked, “what kind of policies are we going to need as we address the Internet of Things?” She was “concerned about government getting in the way” and seeing “all the excitement… move overseas.”

Theirer replied that “America found the secret sauce of modern innovation... starting with light-touch regulation instead of a plan.” He recommended that government not “try to preemptively figure out and solve every problem before we allow entrepreneurs to innovate.”

Sen. Cory Booker (D-NJ) suggested that the Internet of Things poses “a phenomenal opportunity for a bipartisan, profoundly patriotic approach to an issue that can explode our economy. I think that there are trillions of dollars, creating countless jobs, improving quality of life, [and] democratizing our society.”

“We can’t even imagine the future that this portends of, and we should be embracing that,” Booker continued. “We should continue to be the global innovator in this area,” and government should do everything it can to “encourage this, not discourage it.” He noted concerns about privacy and security in the Internet of Things as understandable, but every era has had advances with some of us feeling “tremendous fears” in the face of them.