July 5, 2020

Volume X, Number 187

July 03, 2020

Subscribe to Latest Legal News and Analysis

July 02, 2020

Subscribe to Latest Legal News and Analysis

NTIA Issues Request for Comments on Policies Related to Cyber Threats Surrounding Internet of Things

On April 6, 2016, National Telecommunications and Information Administration (NTIA) issued a federal notice to request public comment on the benefits, challenges, and potential roles for the government in fostering the advancement of the Internet of Things (IoT).  (RFC is here).

Comments are due on May 23, 2016.

NTIA defines IoT broadly to include connection of physical objects, infrastructure, and environments to various identifiers, sensors, networks, and/or computing capability – in essence, any device that gets data and sends instructions to devices and components over the Internet.    IoT technology includes your refrigerator, a light bulb (or a light bulb in your refrigerator)  if it is connected to the Internet.  Until now, it has often seemed as though the focus of IoT product and application development is to provide basic connectivity without addressing any security concerns.  Establishing even minimal security, it was thought, was but an unnecessary cost that degrades device performance to boot.  But not surprisingly, this approach makes IoT devices more vulnerable to attacks – for example, by permitting a hacker to access sensitive user information by entering a user’s home system through an unsecure IoT device.  An unsecure IoT device can provide a gateway by which a hacker can gain significant access to sensitive user information held by an unsuspecting consumer who simply wants his smart phone to control his ceiling fan.

NTIA seeks comment on a wide range of issues related to technology, infrastructure, economics, policy and those implicating international legal and policy considerations.  From the standpoint of privacy, the notice seeks comment on ways in which the government should respond and address confidentiality of personal data specific IoT, cybersecurity concerns about IoT, categorization of IoT, different treatment of consumer as opposed to commercial or industrial data, as well as comments related to disproportionate economic equity and the impact on disadvantaged communities.

In the best cases, government regulation could promote consumer privacy and security safeguards.  Industry standard setting organizations might lead to standardization of basic protocols including security authentication.  Many IoT devices today do not have even basic-password authentication.  A smart home security system may be tied to the home’s original owner and changing  to security protocols to new homeowner (or renters) could be cumbersome.  By establishing a standardized means to address basic issues of security and customer service, IoT devices could promote interoperability between different manufacturers, streamline the practical aspects of unrelated transactions (like home sales) and, in turn, promote faster evolution and use of the technology.  This, indeed, appears to be NTIA’s mission in the proceeding.

By promoting IoT and requesting comments on IoT cybersecurity issues, the NTIA IoT proceeding seeks to train the spotlight on what might be the weakest link in the consumer  and industrial “security chain:”  IoT devices.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume VI, Number 126


About this Author


Laura Jehl is a partner in the Business Trial Practice Group in the firm’s Washington, D.C. office. Ms. Jehl is a privacy and cybersecurity expert and serves as Co-Leader of the Privacy and Data Security Practice.

Ms. Jehl has more than two decades of in-house and private practice experience, and has represented clients on a wide range of business and legal matters, including privacy, data security, breach response, litigation and government investigations, crisis management, Internet, digital media, technology and First Amendment matters. Most...

Dave Thomas, Telecommunications Attorney, Sheppard Mullin, Law Firm

Mr. Thomas is a partner in the Business Trial Practice Group in the firm's Washington D.C. office.

Mr. Thomas has a national practice in the telecommunications and broadband communications industries. His practice focuses on the deployment of competitive networks and services, with a particular emphasis on representing broadband providers in matters involving local franchising, rights-of-way, pole attachments, and similar issues.

Alexander Major, Legal Specialist, Sheppard Mullin,  Government Contracts

Alex Major is an associate in the Government Contracts, Investigations & International Trade Practice Group in the firm's Washington, D.C. office.

Areas of Practice

Mr. Major's professional experience involves a wide variety of litigation, administrative, and counseling issues related to federal procurement laws. His diverse experience includes complex litigation in federal court under the qui tam provisions of the False Claims Act and bid protest actions. He counsels large and small companies on issues relating to compliance with government regulations...


Deepali Brahmbhatt is an associate in the Intellectual Property and Litigation practice groups in the firm's Palo Alto and San Francisco offices. In 2016, Deepali was selected by Super Lawyers magazine as a Northern California “Rising Star” in intellectual property litigation.

Areas of Practice

Deepali's practice emphasizes patent litigation. She has also worked on patent due diligence investigations for mergers and acquisitions, infringement and validity analyses, expert reports and...