GAO Reports Demonstrate Wisdom of A Coordinated U.S. IoT Strategy
The Internet of Things (IoT) is key to the digital future. Policymakers in the U.S. and abroad are studying and in some cases regulating it, based on concerns about security, privacy, and interoperability. The U.S. faces a few fundamental questions: How do we responsibly deploy IoT for the benefit of citizens and businesses? Should it be regulated and if so under what conditions? How can we preserve open international markets for what is—at bottom—inherently global and interconnected?
Reports on IoT abound, but lessons can be drawn from a few recent reports by the Government Accountability Office (GAO). Let’s focus today on the second question above, regulation, and more specifically, let’s think about how we should NOT proceed. It would be a mistake for U.S. approaches to IoT to splinter and balkanize across federal agencies and across states and localities. Why?
First, because innovators will be pulled in too many directions and may be unable to deploy broadly enough to achieve economies of scale. A May 2017 Technology Assessment of the Internet of Things, by GAO’s Center for Science, Technology and Engineering, GAO-17-75, noted that IoT stakeholders have found that “IoT technologies can face regulatory competition” such as when “a device spans sectors and falls into many agencies’ jurisdiction. On July 25, 2017 GAO issued another report on IoT, Communities Deploy Projects by Combining Federal Support with Other Funds and Experience, GAO-17-570, identifying no less than 11 federal agencies that are involved in IoT, with at least nine having oversight or providing guidance on IoT. The May Technology Assessment noted that “various agencies oversee or regulate aspects of the IoT, such as specific sectors, types of devices, or data.” As if to illustrate this dynamic, just yesterday GAO issued a new IoT report, GAO 17-668, identifying security weaknesses in IoT use by the Department of Defense, illustrating yet another agency impacting IoT.
Divergent regulatory approaches and multiple overseers drains resources and will slow innovation. IoT will thrive in a uniform non-regulatory environment, as the U.S. Chamber and others have explained: “Much like earlier phases of the Internet, IoT will flourish, and the U.S. will effectively compete on the world stage, under a light-touch, market-driven approach guided by technological advancements, not regulatory classifications or silos.”
In addition, if policy is ad hoc and not united by key principles, the U.S. won’t be able to speak with one voice on the global stage. Other countries are approaching IoT aggressively, funding deployments, shaping standards to their liking, and considering domestic and regional regulation that may slow or impede the international movement of data, products and services. The GAO’s May IoT Technology Assessment noted this as well, finding “urgency” in developing consensus global standards, which it observed have a “limited window” to be influenced. GAO identified efforts by numerous countries and regions to encourage IoT use, including with subsidies, as in Asia. The U.S. should be actively engaged and leading discussions about IoT, to ensure open transparent standards processes, and discourage static, top-down regulation that may be premature and stifle innovation.