FTC chairwoman Edith Ramirez talked at the Consumer Electronic Show about the Internet of Things and the inherent privacy and security risks that come with the technology development.
FTC chairwoman Edith Ramirez talked at the Consumer Electronic Show about the Internet of Things and the inherent privacy and security risks that come with the technology development.

Federal Trade Commission (FTC) Chairwoman Edith Ramirez used her opening remarks at the International Consumer Electronic Show (CES) on Tuesday to warn attendees of the future privacy issues the Internet of Things (IoT) could stir up.

In 2015, she said there would be 25 billion connected devices and smart home devices will reach nearly 25 million, which could allow for the start of “smart-home hacking” and major privacy concerns.

“Connected devices that provide increased convenience and improve health services are also collecting, transmitting, storing and often sharing vast amounts of consumer data, some of it highly personal, thereby creating a number of privacy risks,” she said.

Companies creating devices should take particular interest in ensuring consumers' privacy and security, Ramirez said. Specifically, “security by design” should be adopted, which would have companies perform risk assessment for their designs, keeping privacy and security in mind. This security mindset would also involve “smart defaults,” including having users change default passwords during the set-up process.

Ramirez urged the companies to consider encryption, especially when dealing with sensitive information. They also need to monitor products throughout their life cycle to keep up on identifying and patching vulnerabilities, she said.

Additionally, the chairwoman advised that any personal data that is collected should follow “the principle of data minimization,” or only collecting information that is specifically needed. The data should be removed responsibly, as well.

Ramirez closed her speech by saying that as companies invest billions of dollars in IoT, they should also “make appropriate investments in privacy and security.”