In recent months, a series of U.S. government reports have documented U.S. policymakers’ growing concerns over Chinese government policies and programs designed to advance China’s competitive edge in a range of technologies and industries. In turn, the findings of these reports are shaping U.S. economic and national security laws and policies, as illustrated by the recent Section 301 tariff actions, national security reviews of investment by Chinese firms under the Committee on Foreign Investment in the United States (CFIUS) process, and provisions of the recently-passed John McCain National Defense Authorization Act that restrict exports of “emerging and foundational technologies” and U.S. government use of certain Chinese-made telecommunications equipment. Against this background, a report released on October 26, 2018, is likely to further increase U.S. government scrutiny of China-manufactured devices with internet connectivity features – so-called “Internet of Things” or “IoT” devices.
The Federal Trade Commission has focused some of its recent public statements on technology issues and related enforcement challenges. In this blog post, I provide a recap of those statements, including one before the House Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection.
In March 2018, the Consumer Product Safety Commission (CPSC) issued a Notice of Public Hearing and Request for Written comments on The Internet of Things on Consumer Product Hazards. The CPSC expressed interest regarding existing safety standards on existing IoT devices, how to prevent hazards, and the role of government in the effort to promote IoT safety.
Data – big or small – has tremendous potential for use (and misuse). For example, using mobile apps to keep track of one’s own physical activity or caloric intake may empower individuals to improve their health. Should other parties (e.g., that app’s developer, physician, employer, insurance company, online friends) be able to access the same information, and if so, under what conditions? As another example, expressing one’s own feelings and preferences on a social media platform may strengthen bonds within a professional community or a family group, expedite academic collaborations, and/or improve an individual’s sense of belonging. However, may those same messages – freely expressed in a public domain – be re-purposed for a study of mental health trends or for marketing strategies; and if so – when/how/by whom, or why/why-not? Questions like these touch on a host of ethical and legal issues that only recently began to be explored in depth, even as new norms of individual behavior, human interactions, and treatment of data are evolving.
On February 14, 2018, the National Institute of Standards and Technology (NIST) released a draft of its NIST Interagency Report 8200 (NISTIR 8200), which is intended to inform policymakers and standards participants in developing and implementing cybersecurity standards in and for IoT devices and systems. At a high level, the draft report is intended to:
- provide a functional description for IoT (Section 4);
- describe several IoT applications that are representative examples of IoT (Section 5);
- summarize the cybersecurity core areas and provides examples of relevant standards (Section 6);
- describe IoT cybersecurity objectives, risks, and threats (Section 7);
- provide an analysis of the standards landscape for IoT cybersecurity (Sections 8 and 9); and
- map IoT relevant cybersecurity standards to cybersecurity core areas (Appendix D).
On February 13, 2018 FDA approved a software application with clinical-decision support capability, in this case alerting providers of a potential stroke in patients. The system, “Viz.AI Contact,” is developed by a US/Israeli company named Viz.ai, which uses artificial intelligence and machine deep learning for analyzing medical images. Earlier in January, this system also received a CE Mark from the European authorities.
Stroke is caused by an interrupted blood supply to the brain; for example, due to a blood vessel’s rupture. Stroke is among leading causes of mortality and long-term disability in the U.S. and other countries. The Viz.AI Contact system analyzes brain computed tomography (CT) scans, identifies a suspected large vessel blockage, and sends a text notification to the health care specialist.