The etiquette of things.
“Good practice, when it comes to handling data, is not something new, it’s something we’ve already done well”, said Marc Rogers, an Internet security researcher. “We have to be careful we don’t get paralysed by worrying about exotic threats”. He was speaking on a panel this morning at CES that looked at the need, or not, for regulating the so-called Internet of things (IoT). When a device in a home, a thermostat for example, automatically sends information to a private company – an electric utility, say – it might not be done with the same degree of privacy and consent that’s involved when a person manually enters data on a website.
Regulations are coming. Federal trade commissioner Maureen Ohlhausen made it very clear that the FTC has consumer privacy and data security at the top of its agenda, although she tried to reassure everyone that it’ll come with a dose of “regulatory humility”.
“We should adopt a regulatory regime that allows innovation, even disruptive innovation, to thrive”, she said, pointing out that federal regulators already have a well-packed tool box, but they’re not quite sure what to do with it. “How do we insure that consumers get the benefits and minimise the risk, without an undue burden on business?”
“You can have a very serious negative impact if you regulate prematurely”, countered Robert Pepper, VP for global technology policy at Cisco. It’s better to wait for people to arrive at their own rules and expectations by social consensus if possible. “Etiquettes are not developed through regulation, they’re developed bottom up by users”.