Proposed Plan to Regulate IoT Devices through the FCC
History buffs may know that the Titanic disaster had far-reaching consequences as officials struggled to understand and correct what had led to such a terrible loss of life. One of the lesser known outcomes was the formation of the Federal Communications Commission, or FCC, under the Radio Act of 1912.
At the time of the ship’s sinking, anyone with the right homemade equipment could be a “wireless” operator, and the overload of crisscrossed signals spreading incorrect information was initially blamed for the shortage of ships coming to Titanic’s aid. The Radio Act made several provisions, including one that licensed radio operators and ensured that emergency radio communications weren’t disrupted by individual operators.
Now, the FCC is once again at the center of a newly proposed plan to keep the public safe from a previously unforeseen communication threat: Internet of Things-connected devices.
A DDoS attack in October used unsecured IoT devices to block access to several major websites in various high-density areas of the country. A DDoS attack, or distributed denial-of-service attack, occurs when someone redirects so many accounts to one website’s servers that the website crashes under the weight of all the people trying to use it. In the case of the recent event, the accounts that were clogging up Facebook, Twitter, PayPal, and many other websites weren’t real. Instead, they were things like webcams, smart TVs, and Wi-Fi routers that hackers had infiltrated and rerouted to clog up these websites.
In order to prevent this type of hacking event, outgoing FCC Chairman Tom Wheeler has sent a proposal in response to a letter from Senator Mark Warner, one which outlines the need for a certification concept for IoT devices similar to the ones that are already in place for cordless phones and cell phones. The goal seems to be better regulation and labeling with the intention of securing some of the millions of households that use IoT-connected devices.
But one of the FCC’s broader concerns is now the internet services providers (ISPs) themselves, or the companies that provide internet service to customers. ISPs are ultimately the source of the internet connections that hackers rerouted, and the FCC wants to make sure that the ISPs are doing everything they need to in order to prevent this type of large-scale IoT attack. For now, though, some officials have argued that regulating the ISPs is outside the scope of the FCC’s authority, and that this kind of regulation couldn’t happen without broadening the current reach of the agency.
As always, anyone who believes their identity has been stolen or their personal data has been compromised is invited to connect with the ITRC through our toll-free call center at (888) 400-5530, or on-the-go with the new IDTheftHelp app for iOS and Android.