Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
How digital technology is shaping the future of marthab
1. How Digital Technology is Shaping
the Future of Humanity
An American Legal Perspective
MARTHA BUYER
MARCH 1, 2017
LAW OFFICES OF MARTHA BUYER, PLLC
WWW.MARTHABUYER.COM
1
5. Incredible convenience and efficiencies
create incredible vulnerabilities
Would you want your emails read?
What steps do you take to keep your private
information private?
5
8. In the U.S., 4 critical entities
NTIA – U. S. Department of Commerce
FTC – Federal Trade Commission
FCC – Federal Communications Commission
States
8
11. NTIA – U.S. Department of Commerce
Not a regulator
Multiple stakeholders process
Continuing open standards process
To continue to be a strong and active user of devices
to learn from the staff’s own experiences
11
13. FTC (con’t)
Same basic principles of software security apply to
IoT
Making sure that the right people are in charge and
actively managing security issues
Having a written plan in place
13
14. FTC (enforcement focus)
Conducting risk assessments and addressing the
identified risks
Oversight of service providers
A continuous process
The “reasonableness” in enforcement, not strict
liability
14
15. Quantifiable Harm
FTC’s pursuit of “deception” will continue
Industry-specific statutes will continue to be used in
enforcement
FTC will be looking at harm.
When there’s a failure of an IoT device, there can
be numerous harms
15
17. FCC
FCC’s privacy rules, which are scheduled to take effect this
Thursday, require broadband providers (ISPs) to keep
customer information confidential.
FCC’s vote gave consumers control, with mandated disclosure
and opt-in requirements for sensitive data, as well as data
security protections, he added.
17
19. Managing Increased Connectivity
A Legal Perspective
IoT has many new players who haven’t had to
consider security in the same way that other
information technology providers have.
19
20. 3 key challenges to managing IoT
devices
1. Ubiquitous data collection
2. Unexpected uses of consumer data
3. Heightened security risk, as devices can be easily
compromised.
20
21. Two categories of devices
Those with privacy implications
Those without privacy implications
21
22. IoT Device Management
Current operation
Ongoing maintenance and support
Knowledge about how IoT-generated
information is being shared, and with whom
22
23. One more thing…
Sometimes the information that’s being collected
becomes its own product with its own generated
income stream.
Whose information is it?
Who is benefiting from its sale?
23
24. Whose Responsibility is it?
Manufacturer
Seller/Distributor
Consumer
Software patches
Security updates
Ongoing maintenance
Knowledge of product life cycle
24
26. Every lawyer’s favorite question…
Where is the risk?
Risk in communications to and from
IoT device(s)
Risk to the integrity of the device
itself.
26
27. IoT Trivia
Large number of IoT devices with factory default
passwords that have never been changed
Personal devices
Industrial devices with broad reach
27
28. Cybersecurity Considerations
1. “Mature” manufacturers of newly connected
devices may have little, if any experience in
managing the collection, security and protection
of consumer data
28
29. Cybersecurity Considerations (con’t)
2. Challenge of the manufacturer and
distributor of getting the product to
market v. getting the product to market
safely
29
32. OK…one more consideration
Security failures are more likely to occur
when security is not a consideration
throughout the concept and design
processes
32
33. Data Minimization
The collection and retention of large amounts of data
increases the harms associated with a breach
Larger stores of data are more valuable to hackers
than are small ones
33
34. If the company collects and retains large
amounts of data, there is a risk that the data
will be used in a way that departs from
consumers’ reasonable expectations of how
that data will be used
34
35. Pre-IoT Purchase Questions
1. Does the hardware contain built-in safeguards?
a. What authentication tools exist?
2. Is a complete testing protocol in place?
a. The keyword here is “complete.”
3. How can security practices be communicated to customers, relevant regulators
and the public?
4. How often will the system be upgraded or patched? Is there a regular schedule
35
36. Regulation
Industry should regulate itself
Regulation stifles innovation
Industry is too young to be regulated
(yet)
Industry cannot regulate itself
36