FTC Seeks Input on Privacy and Security Implications of the Internet of Things; FTC Project No. P135405; Commission Staff to Conduct Workshop on November 21, 2013 in Washington, DC #00023 

Submission Number:
00023 
Commenter:
Pattison, Stephen - VP Public Affairs, ARM Holdings plc 
State:
Outside the United States
Initiative Name:
FTC Seeks Input on Privacy and Security Implications of the Internet of Things; FTC Project No. P135405; Commission Staff to Conduct Workshop on November 21, 2013 in Washington, DC
Dear FTC (Lesley?) Thank you for giving me the opportunity to comment on your suggested questions. They are all good. I would be happy to offer substantive views on them at the right time, and plan to attend the 21 Nov event. First, a bit about ARM. We design microprocessors. Our designs are used in over 95% of mobile phones, tablets and many other devices. We are a British company, with a strong presence in the US (listed on Nasdaq, with large numbers of US investors) and other countries. Our interests are global. We hope IoT will drive further growth in our sector. One of the features of our designs is their power efficiency. This will be key to IoT applications. My comments on the sorts of issues the seminar might address are as follows: • The IoT debate sometimes risks ending up in anecdote: ie talk about niche applications. I hope you can avoid this. One idea would be to focus on the areas where IOT will have an impact: smart cities, e health, energy management, security, consumer and B2B. • Do you need to define Iot? It means different things to different people. Our definition is on the lines of ‘objects having sensors which enable them to collect information about themselves and what is happening around them and transmit that information somewhere else’. This helps avoid some of the more sci fi notions around IoT. • Does IoT raise substantially different public policy/regulatory issues from the internet as a whole? or does it magnify some of those issues which have been around for a while? • Why has IoT not materialised yet ( it has started but there is still a long way to go)? Two possible reasons: interoperability (standards etc) and business model ( who pays for it). What are the emerging standards and business models? • Data is going be key (including to driving some business models). Regulatory frameworks need to balance the need for consumer confidence against the need not to stifle innovation around data usage. The WEF has done some good work on data, dividing it into three classes: data volunteered in the process of entering a contact; data which is wholly anonymised; and data which is observed about someone. This sort of approach helps frame the issue around which sort of data is likely to be most sensitive. A further complication is that data of course, unlike most other materials, is reusable! • Is there a data sensitivity ranking: health data ( going to your insurer or employer) might be considered more sensitive than traffic data? • Outlining the benefits of IoT is key. Not enough has been done on this. There are benefits for companies, public authorities and consumers. • Is B2B IoT likely to be stronger than B2C? I hope this is helpful. Stephen Stephen Pattison VP Public Affairs ARM Holdings plc [redacted] Tel: [redacted] Mob: [redacted] Email: [redacted] Follow me on Twitter: [redacted] -- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.