The US Consumer Product Safety Commission is investigating the safety of internet-connected devices.
The US Consumer Product Safety Commission (CPSC) is holding a public hearing regarding the safety of internet-of-things (IoT) devices.
The hearing was announced in a notice published on the Federal Register Wednesday.
Safety consulting and certification company Underwriters Laboratories (UL) estimates that by 2020, as many as 20 billion devices will be connected to the internet. With so many devices jumping online, smart home security is a big concern for consumers and manufacturers.
We've seen hacks on popular smart home devices such as the Belkin Wemo switches, which could be cycled on and off fast enough to short the outlet and start a fire, one of the major safety risks the CPSC often considers. Belkin fixed that issue quickly, but not every manufacturer might be so responsive. With UL working on standards for IoT devices and data breaches continuing to hit the headlines, it seems that the CPSC is finally taking notice.
Citing an increase in the number of consumer products connected to the internet, the CPSC's hearing allows the public to submit comments or present information regarding safety issues and potential hazards related to IoT products. That includes smart thermostats, smart locks and other internet-connected household devices.
The hearing itself will be held on May 16 and available via webcast. You'll be able to submit written comment to the CPSC until June 15.
The IoT hearing notice cited safety concerns about the safety of internet-connected devices including:
Typically, the CPSC regulates issues related to physical hazards surrounding products. Data breaches and security issues aren't familiar territory for the agency. In fact, Wednesday's notice states:
We do not consider personal data security and privacy issues that may be related to IoT devices to be consumer product hazards that CPSC would address.
Still, the notice divides potential hazards into two categories of "product safety challenges" which touch on software and data encryption, as well as whether or not a device could be manipulated.
This category refers to hazardous conditions designed into products intentionally or without what the CPSC calls "sufficient consideration." Could a smart home device catch on fire if operated remotely or left unattended? This kind of question forms the more traditional role the CPSC plays in ensuring safe products, but with IoT devices debuting nearly everyday with hundreds of functions and capabilities, that's a tall order.
The CPSC defines hazardization as, "the situation created when a product that was safe when obtained by a consumer but which, when connected to a network, becomes hazardous through malicious, incorrect or careless changes to operational code." Basically, could someone hack your robot vacuum, sending it speeding through your home knocking over kids, terrifying dogs and destroying knickknacks?
The notice also included a tantalizing list of dozens of discussion questions:
These are just a few of the questions posed by the CPSC to its members, the IoT industry and the public.
IoT regulation is a topic gaining heat by the minute, and the CPSC expects that these challenges will lead agencies and industries to think harder about policies related to encryption, authorized access and defensive software.
The CPSC regulates a wide range of consumer products in the US, through safety rules under the Consumer Product Safety Act (CPSA) and the Federal Hazardous Substances Act (FHSA). You can see a full list of laws the CPSC administers here. More information on public hearings can be found on the CPSC website.