FOSTERING THE ADVANCEMENT OF THE INTERNET OF THINGSThe goal of this paper is to identify elements of an approach for the Department of Commerce to foster the advancement of the Internet of Things. The record of comments underlying this green paper, however, does set forth a series of issues that should be considered in any future discussions related to the possibility of a national IoT strategy. The Department heard a strong message from the submitted comments that coordination among U.S. Government partners would be helpful, because of the complex, interdisciplinary, cross-sector nature of IoT. A federal coordination structure for these issues may also be helpful when working with international and private sector partners.With an April 2016 Request for Comment, "The Benefits, Challenges, and Potential Roles for the Government in Fostering the Advancement of the Internet of Things,” the Department of Commerce sought to review the current technological and policy landscape relating to IoT. A broad array of stakeholders -- from the private sector, academia, government, and civil society -- offered perspectives in response to the request. In September 2016, the Department hosted a workshop to delve deeper into the questions raised by the Request for Comment, and to explore some of the related issues arising from the public comments. This paper represents the Department's analysis of those comments. It also identifies key issues that can impact the deployment of IoT technologies, highlights potential benefits and challenges, and discusses what role, if any, the U.S. Government, particularly the Department of Commerce, should play in this evolving landscape. INTERNET POLICY TASK FORCE & DIGITAL ECONOMY LEADERSHIP TEAMIPTF&DELT_a201afea-dc6b-11e6-9fd3-ad198a99ac47Department of CommerceThe Internet of Things (IoT) -- in which connected devices are proliferating at an unprecedented rate -- is a technological development that is transforming the way we live and do business. IoT continues the decades-long trend of increasing connectivity among devices and the Internet, bringing online everything from refrigerators to automobiles to factory inventory systems. At the same time, IoT encompasses a widening scope of industries and activities and a vastly increasing scale and number of devices being connected, thus raising the stakes and impacts of broad connectivity. The prospective benefits of IoT to personal convenience, public safety, efficiency, and the environment are clear. IoT has the potential to make our highways safer by enabling connected vehicles to interact with each other to prevent accidents, to make quality health care more accessible through remote monitoring devices and telehealth practices for those who cannot easily travel, and to reduce waste and improve efficiency both in factory supply chains and in the running of cities. It even has the potential to create new industries and consumer goods that have yet to be imagined. For the full potential to be realized, however, the necessary infrastructure and policies must be in place, including strategies to respond to the challenges raised in areas such as cybersecurity and privacy. Due to its expertise in the issues raised by IoT, as well as its economy-wide perspective, the Department of Commerce (Department) is well placed to meet these challenges and to champion the development of a robust IoT environment that benefits consumers, the economy, and society as a whole. U.S. GovernmentOver the past few decades in the United States, the role of government largely has been to establish and support an environment that allows technology to grow and thrive. Encouraging private sector leadership in technology and standards development, and using a multi-stakeholder approach to policy making, have been integral elements of the government's approach to technology development and growth. Following a review of public comments, meetings with stakeholders, and the public workshop, it is clear that while specific policies may need to be developed for certain vertical segments of IoT, the challenges and opportunities presented by IoT require a reaffirmation rather than a reevaluation of this well-established U.S. Government policy approach to emerging technologies. Private SectorAcademiaGovernment AgenciesCivil SocietyLocal OfficialsThe approach proposes engagement on a set of cross-cutting issues across these contexts from cybersecurity and privacy to innovation and intellectual property, with all stakeholders at the local, tribal, state, federal, and international levels.Tribal OfficialsState OfficialsFederal OfficialsInternational OrganizationsMicrosoftMicrosoft asserts that: IoT is surrounded by definitional challenges. There is no universally agreed-on definition of IoT, just as there is not universal agreement that the phenomenon itself is named IoT. Rather than defining IoT narrowly, in a manner that may limit the scope of its potential applications, we urge NTIA to consider recognizing that the term IoT does not simply describe a new type of technical architecture, but a new concept that defines how we interact with the physical world.U.S. Council for International BusinessThe U.S. Council for International Business suggested that "a precise, exclusive definition of the IoT is not necessary at this point" ...Trans-Atlantic Business Councilthe Trans-Atlantic Business Council advocated that "[a]ny definition should be flexible enough to adapt as IoT further develops."IBMMany commenters suggested a definition based on particular attributes of devices, activities, or the integration of sensors, actuators, and/or network connectivity. IBM referred to IoT "as the growing range of Internet-connected devices that capture or generate an enormous amount of data every day along with the applications and services used to interpret, analyze, predict and take actions based on the information received."Center for Data InnovationThe Center for Data Innovation commented that IoT is device-based, with the "term used to describe the set of physical objects embedded with sensors or actuators and connected to a network."VodafoneVodafone commented that it does not focus on the devices, but rather describes IoT as a "dynamic global network infrastructure with self-configuring capabilities based on standard and interoperable communication protocols that connects to smart 'things.'"American Bar Association Section of Science & Technology LawOther commenters did not focus on connectivity in their proposed definitions. The American Bar Association Section of Science & Technology Law argued that "IoT is not itself a 'thing,' device or product," but rather "it is a conceptual structure consisting of tangible things (e.g., commercial and consumer goods containing sensors), real estate and fixtures (e.g., roads and buildings containing sensors), plus intangibles (e.g., software and data), plus a range of services (e.g., transmission, development, access contracts, etc.)."Center for the Development and Application of Internet of Things TechnologiesThe Center for the Development and Application of Internet of Things Technologies at Georgia Tech stated that "of all the many facets of the Internet of Things as it is understood today, the one single groundbreaking element is not the connectivity … [but] the smartness of things."National Security Telecommunications Advisory CommitteeThe President's National Security Telecommunications Advisory Committee, in its 2014 Report to the President on the Internet of Things, described IoT as "a decentralized network of objects, applications, and services that can sense, log, interpret, communicate, process, and act on a variety of information or control devices in the physical world." Others have suggested that IoT should be described through the lens of its integrated component layers -- applications, network, devices, and data -- as a way to segment and analyze the associated opportunities and policy challenges.Agricultural SectorThe growing number of sectors deploying IoT devices includes agriculture, defense, energy, entertainment, environmental monitoring, health care, manufacturing/industrial operations, retail, supply chain logistics, transportation, and others. Often included within the purview of IoT are a variety of "smart" applications, such as "Smart Homes," "Smart Cities," and "Smart Infrastructure."Defense SectorEnergy SectorEntertainment SectorEnvironmental Monitoring OrganizationsHealth Care SectorManufacturersIndustrial SectorRetailersSupply Chain Logistics SectorTransportation SectorLigado NetworksFrom baby monitors to automatic climate control, IoT technologies promise a wide array of safety and efficiency benefits for consumers and businesses alike. While consumer-facing devices -- such as exercise trackers, health monitors, and home safety systems -- have drawn much of the media attention, Ligado Networks suggested that the most significant value for the U.S. economy is likely to result from enterprise IoT applications, particularly those that focus on industries such as manufacturing, agriculture, and infrastructure.Manufacturing SectorBroken down by industry, the manufacturing sector appears to have the most to gain from the adoption of IoT, with connected factories increasing productivity, optimizing inventory planning, reducing waste, and saving on energy costs and equipment maintenance. Industry is already exploring how connected devices can improve the safety and reliability of complex processes, and can achieve greater energy and operational efficiencies.Supply Chain ManagersConnected devices are becoming a key tool for providing improved information about supply chains, distribution centers, land, and seaports; for tracking environmental and causal factors; and for helping to secure indoor and outdoor facilities.Distribution CentersLand ManagersSeaport ManagersCompaniesIoT technology can also help companies reimagine their supply chains, identifying inefficiencies or shipping delays, or confirming product integrity from manufacturing plant to a retail store. These devices are also prevalent in process-driven tasks in which instantaneous feedback and control are essential, such as in the energy sector.BusinessesBusinesses can use this improved data to eliminate inefficiencies in industries such as manufacturing, health care, transportation, energy, and retail.Commercial AirlinesIoT technologies will generate data that helps companies make more-informed decisions, which in turn can improve efficiency, productivity, management, and quality control, regardless of the industry. For example, during transcontinental flights, the sensors on a commercial aircraft's various systems can generate data to improve safety and flight handling. Telematic sensors in tens of thousands of delivery vehicles track engine performance, improve routing, and reduce fuel consumption and overall emissions.Manufacturing Facility OperatorsOperators in a manufacturing facility with robotic assembly lines can automatically track every action down to the number of times a screw is turned. Any problems can be addressed as they are detected, which minimizes the impact on production.ConsumersConsumers are likely to see benefits from IoT in their homes.HomeownersConsumer Technology AssociationThe Consumer Technology Association suggested that from the consumer perspective, Internet-enabled appliances, home automation components, and energy management devices are moving us toward a vision of the "smart home," offering more security, energy efficiency, and convenience.Alliance of Automobile ManufacturersAs the Alliance of Automobile Manufacturers noted in its comments, advancements in vehicle sensors, communications technology, and vehicle automation have the potential to significantly reduce the occurrence or severity of crashes by helping correct for errors in human driving.Direct Marketing AssociationWearable fitness and health monitoring devices and network-enabled medical devices are expected to transform health care, according to the Direct Marketing Association.Disadvantaged CommunitiesThrough remote health and education services, IoT technology holds immense promise for disadvantaged and rural communities.Rural CommunitiesMedical Device ProvidersConnecting medical devices could greatly improve the quality and effectiveness of service, while also expanding the reach of medical professionals and reducing costs.GSM AssociationFor example, the GSM Association suggested that IoT-enabled remote health monitoring allows medical professionals to facilitate early interventions, improve adherence to medical regimes, and reduce readmission rates.Medical ProfessionalsInternet SocietyThe Internet Society stated that IoT will be beneficial for people with disabilities and the elderly, improving levels of independence and quality of life at a reasonable cost by reducing the number of in-person visits needed to provide the required care.People with DisabilitiesGovernmentsIoT benefits are not confined to the business and consumer world. Streamlined data and analysis will also enable governments to deliver better, cheaper, and more efficient public services.First RespondersThe improvements suggested in emergency response and first responder capabilities alone are highly encouraging, such as increased collection and sharing of data among first responders. Further, many IoT infrastructure improvements have the ability to provide governments with cross-cutting solutions.Future of Privacy ForumFor example, according to the Future of Privacy Forum, sensors on roads and in traffic signals can allow for dynamic toll pricing and traffic control to decrease congestion. Additionally, the Forum noted, these automated sensors can turn street lights on and off based on street use, potentially reducing both energy consumption and electricity costs.Utility ServicesConnected devices can pinpoint costly leaks in water pipes, identify overflowing storm drains that threaten to mix public water with sewage, or detect the area of a power outage quickly without relying on reports from human observers. These devices can also help residents better understand their power or water usage, which may spur them to conserve use and help decrease their utility costs.Waste Management ServicesCross-cutting IoT infrastructure advancements have the ability to improve countless government services. From Wi-Fi-enabled trash cans that inform waste management services when they are full in order to increase route efficiency and decrease fuel consumption, to IoT-enabled hospitals and emergency vehicles that can reduce wait times for medical services.HospitalsEmergency Service ProvidersBSA | The Software AllianceBSA | The Software Alliance forecast in its comment that these types of IoT "smart city" initiatives will have an economic impact of up to $1.6 trillion per year by 2025.CitizensA key function of government at all levels, according to the Internet Society, is also to provide for the safety and security of its citizens, and the potential benefits of a robust IoT environment to improve public safety are well documented across law enforcement, fire services, emergency medical services, and homeland and border security. Wearable sensors, body cameras, drones, and Global Positioning System (GPS) trackers are a few examples of technologies being deployed in the field today. Such devices will increase situational awareness to save lives, improve operational efficiency to lower costs, and enable predictive analytics to identify future public safety situations.Law Enforcement OfficialsFire Services PersonnelEmergency Medical Service ProvidersHomeland Security OfficialsBorder Security OfficialsPublic Safety PractitionersAdditionally, the proliferation of sensors and predictive analytics used by public safety practitioners will benefit citizens by providing real-time access to better information before disaster strikes, which will help people stay safe in emergencies. Policy MakersRole of Government in Fostering IoT -- The goal of this paper is to identify elements of an approach for the Department of Commerce to foster advancement of the Internet of Things, and defers to future policy makers to determine the value of crafting a national strategy. The paper -- based on the record of comments received -- reviews a range of issues and seeks to set out an approach that should be considered in any future discussions related to a national IoT strategy. According to commenters, any future national strategy, if created, should strive toward global consistency and predictability and be based upon robust interagency coordination, public-private collaboration, and international engagement.Private SectorThe U.S. Government, through numerous administrations, has a long record of promoting technology and innovation, and the Department expects to build on that foundation in our approach to the IoT environment. Dating back at least to the 1997 Framework for Global Electronic Commerce, the U.S. Government has been operating under the principle that the private sector should lead in digital technology advancement. Even where collective action is necessary, the U.S. Government has encouraged multistakeholder approaches and private sector coordination and leadership where possible. When governmental involvement is needed, it should support and enforce a predictable, minimalist, consistent, and simple legal environment for commerce.Bush AdministrationThe Bush Administration, in its National Strategy to Secure Cyberspace (2003), affirmed the policy that the private sector and government must work together through a voluntary, collaborative process to protect the nation’s connected infrastructure.Organization for Economic Cooperation and DevelopmentThe U.S. Government has long recognized that innovation can drive economic growth and address national priorities through novel applications of new technologies. The U.S. Government remains committed to the Principles for Internet Policy Making, adopted by the Organization for Economic Cooperation and Development (OECD) in 2011 that stress a flexible, multi-stakeholder approach to Internet policy making. As the 2011 International Strategy for Cyberspace noted, "connectivity is no end unto itself; it must be supported by a cyberspace that is open to innovation, interoperable the world over, secure enough to earn people’s trust, and reliable enough to support their work." Those concepts remain critical to our mission.Regulatory AgenciesCommenters have urged the U.S. Government to avoid over-regulation that could stifle IoT innovation. The risk of premature and excessive regulation is notable given the size of the potential economic benefits to U.S. producers and consumers. Importantly, the U.S. Government's relevance is not only as a potential policymaker and regulator, but also as an enabler and adopter of IoT technology. Center for Digital InnovationSeveral commenters called for a national strategy on IoT. As stated by the Center for Digital Innovation: A national strategy for the Internet of Things, if designed and implemented correctly, would maximize the opportunity for the Internet of Things to deliver substantial social and economic benefits. The United States will not successfully capture these benefits by leaving development of the Internet of Things solely up to the market, just as no government actions could capture all of the potential benefits without a robust private sector that can innovate unencumbered by overly restrictive regulations.Semiconductor Industry AssociationThe Semiconductor Industry Association commented that the "U.S. government should work with industry to establish a long-term national strategy that will enable America to lead the world in IoT ... that promotes key capabilities, including connectivity and interoperability, scalability and security, and complex intelligent analytics."Rapid7Rapid7 called for "a national strategy with a set of overarching, high-level, voluntary principles generally accepted by government agencies and industry, which IoT security guidelines should follow … [and can] enhance coordination and give agencies, regulated entities, and consumers a roadmap to incentivize development, awareness, and adoption of IoT security standards."American CompetitorsAlthough no commenters opposed a national strategy, one cautioned that an overly prescriptive technology policy such as that seen in some parts of Asia and Europe could actually disadvantage American competitors as they seek to sell their IoT products worldwide.European NationsAsian NationsGSM AssociationThe GSM Association urged the U.S. Government to focus on spurring IoT adoption and filling gaps that might hinder deployment if left entirely to market forces.U.S. Trading PartnersInternational Engagement -- Those who commented on international engagement expressed the critical importance of a global free and open Internet to future innovation and growth in the IoT space. On IoT issues internationally, the U.S. Government will need to maintain its robust advocacy for industry-led approaches and consensus-based standards and continue to use multi-stakeholder approaches to address policy challenges. Comments encouraging international engagements fell across a continuum of activities, including engagements focused on breaking down trade barriers, ensuring a consistent approach and common policy approach, and establishing formal IoT dialogues with interested parties. The U.S. Government already has several formal government-to-government dialogues with some of our top trading partners that include digital economy issues. Within these existing dialogues, stakeholders commonly discuss issues such as cross-border data flows, technical standards, privacy, cybersecurity, spectrum allocation, IPv6, and cloud computing. The Department of Commerce expects IoT and related issues to be on the agenda of these international dialogues, and will support continued IoT engagement internationally, through various fora.Regional EntitiesThere is a wide variety of regional and international entities engaged in standards development related to IoT whose work, and work methods, are critical to the successful implementation of IoT policies.International EntitiesStandards BodiesThe Department will continue to support U.S. industry initiatives and participation in a range of standards bodies, and will actively advocate for work methods that recognize the value of private sector standardization efforts, and will continue to support greater collaboration between standards organizations. The Department will also advocate against attempts by governments to impose top-down, technology-specific "solutions" to IoT standardization needs.U.S. IndustryThe effects of varying policies and practices of countries around the world relating to IoT will almost certainly impact U.S. industry competitiveness. The Department of Commerce is aware that several governments recently released national policies and strategies related to the development of IoT. Regardless of whether the U.S. adopts an IoT national strategy, the government plays an important role in articulating and encouraging an approach to IoT policy and standards development worldwide that promotes a globally connected, open, and interoperable IoT environment.Public-Private Process PartnersStakeholder-Driven Policy Processes -- In addition to its role advocating internationally for policies that are conducive to IoT advancement and balanced global policy, some commenters also noted that the U.S. Government can continue to play a role in convening public-private processes to address policy challenges in the IoT arena. Commenters acknowledged the success of the Department's efforts to engage with stakeholders, including civil society and the private sector, in building flexible and adaptable frameworks, codes of conduct, and best practices in the fast-moving technology policy space.National Institute of Standards and TechnologyExamples include the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Multistakeholder Forum on the Digital Millennium Copyright Act (DMCA) Notice and Takedown System, convened by the U.S. Patent and Trademark Office (USPTO) and the National Telecommunications and Information Administration (NTIA). Commenters noted that the U.S. Government should continue to employ these processes to solve policy challenges as an alternative to pursuing top-down regulatory solutions while IoT technologies are still advancing and gaining market scale.U.S. Patent and Trademark OfficeNational Telecommunications and Information AdministrationCoordination among U.S. Government partners to foster the advancement of the Internet of Things._a201b170-dc6b-11e6-9fd3-ad198a99ac47To identify elements of an approach for the Department of Commerce to foster the advancement of the Internet of Things. _a201b2e2-dc6b-11e6-9fd3-ad198a99ac47ProactivityAn Approach for Departmental Action to Advance the Internet of Things -- Given the great economic and social potential of IoT, as well as the qualitatively different challenges raised by its development, it is important for the Department to engage proactively yet selectively on issues described in this paper.InnovationThe Department has a longstanding approach to encouraging innovation in new technologies, while taking steps to address policy matters in a proactive, multi-stakeholder manner.RestraintWe have approached emerging market trends and technologies with restraint and an eye toward allowing new entrants room to experiment and mature before they encounter significant government intervention. These guiding principles worked well as the Internet developed, and -- as gleaned from our commenters -- are appropriate to apply in the IoT sphere as well.ExperimentationPartnershipCoupled with close partnership and collaboration with stakeholders, including our government and international partners, a cautious but thoughtful approach will map well to an emerging landscape where existing and new policy and technology norms and standards are starting to coalesce or collide. The overarching goal will remain the same: to foster the benefits of IoT while meeting its challenges. CollaborationPolicySeveral principles -- derived from stakeholder input -- will guide the Department's intended ongoing engagement with all stakeholders at the local, tribal, state, federal, and international levels across the evolving IoT landscape. InclusivenessThe Department will lead efforts to ensure the IoT environment is inclusive and widely accessible to consumers, workers, and businesses.AccessibilityStabilityThe Department will recommend policy and take action to support a stable, secure, and trustworthy IoT environment.SecurityTrustworthinessConnectionThe Department will advocate for and defend a globally connected, open, and interoperable IoT environment built upon industry-driven, consensus-based standards.OpennessInteroperabilityConsensusGrowthThe Department will encourage IoT growth and innovation by encouraging expanding markets and reducing barriers to entry, and by convening stakeholders to address public policy challenges.MarketsCybersecurityWe expect to work on a set of cross-cutting issues across these contexts from cybersecurity and privacy to innovation and intellectual property, with all stakeholders, at the local, tribal, state, federal, and international levels. The next section delves in depth into each of these areas of engagement, summarizing commenter feedback, describing current Department initiatives, and proposing next steps.PrivacyIntellectual PropertyUniquenessUnique Opportunities and Challenges -- The Request for Comment's initial question -- and likely the most important one -- was whether IoT is different from technological issues that we as a society have already faced, or at least different enough to merit specific attention and/or different policy responses. Based on the collective comments, the responses at the workshop, and our conversations with stakeholders we have concluded that IoT is different in important aspects:ScopeIoT is connecting a wider range of systems and devices than ever before, enabling greater integration of previously distinct industries, sectors, and activities. This will require new forms of cross-sector and cross-government collaboration, knowledge sharing, and alignment. From wearable devices that track infant heartbeats to supply chains that are capable of tracking an individual soda can from production to recycling, from connected vehicles to self-monitoring bridges, IoT portends significant and in some cases revolutionary changes. IoT applications offer the potential for industry, government, and individuals to reap benefits in terms of increased efficiency, safety, and convenience that were previously impossible. At the same time, these industries and government agencies -- and society as a whole -- will need to grapple with issues that are inherent to connectivity: cybersecurity, access, data flows, education, workforce and labor impacts, cultural and socio-political differences, intellectual property rights, and privacy.ScaleThe number of connected devices coming online is growing rapidly. Cisco estimates that, between the years of 2015 and 2020, the number of connected devices in the United States will nearly double from 2.3 billion to 4.1 billion; globally connected devices will increase from 16 billion to 26 billion over the same period. McKinsey Global Institute has projected that, by 2025, the overall impact of these devices on the global economy will be between $4 trillion and $11 trillion. This rapidly changing environment will have broad implications. As described by commenters, the sheer magnitude of IoT devices connected will impose significant challenges for the current infrastructure, including stability, capacity, resilience, policy and regulatory consistency, and international cooperationStakesWhile many commenters argued that IoT is an evolution rather than a revolution in information and communications technologies, the increased scale and scope produces a qualitative change in the stakes involved in connectivity. A major Internet outage or a cyberattack would never have been without consequence, but IoT raises the stakes significantly, as such events can now affect medical devices, supply chain reliability, and cars driving down the highway, raising the real possibility of physical harm. This represents a shift in the potential physical effects of incidents which, in the past, were generally isolated to industrial control system environments. Similarly, it is more important than at any time in the past to ensure that current and future policies foster an innovative and adaptive environment to realize the full potential of technology. As one commenter noted, the importance of well-crafted policy to address potential barriers to adoption, innovation, and trust will only increase as more devices gain connectivity.OpportunityThe Department believes that IoT poses qualitatively different opportunities and challenges from those that society has dealt with before. This is because the existing opportunities and challenges of the Internet are emerging in new contexts, with greater reach and impact. These characteristics of IoT support a strong case for the U.S. Government both to pursue policies that foster IoT innovation and growth, and to promote consumer trust and safety. At the same time, it is also important to recognize the policies and practices the U.S. Government has followed for decades to create environments in which emerging technologies have thrived, and to acknowledge that those policies and practices form a strong and essential foundation for developing approaches that advance IoT applications.InfrastructureEnable infrastructure availability and access. _a201b6ca-dc6b-11e6-9fd3-ad198a99ac47AEnabling Infrastructure Availability and Access: Fostering the physical and spectrum-related assets needed to support IoT growth and advancement... The expected increase in connected devices associated with IoT will dramatically increase demands upon the nation's information and communications infrastructure. It could put stress on legacy networks as well as more recently deployed all-Internet Protocol systems.InfrastructureMeet increased infrastructure demand._a201b85a-dc6b-11e6-9fd3-ad198a99ac47A.iCiscoCisco estimates that, in addition to the anticipated expansion in the number of devices, Internet traffic will be 22 times greater in 2018 than 2013. Such traffic growth is likely to dictate the need for greater overall network capacity -- and smarter use of the bandwidth that is available. Meeting these connectivity demands will require continued modernization of legacy telecommunications infrastructure and buildout of additional broadband capable networks. A percentage of the current telecommunications networks were primarily built for voice service and historically were largely copper-based. Over time, however, the demand for other services, including broadband Internet access, and more recently, video applications, has helped to fuel a transition to all-Internet Protocol-based multimedia networks using a variety of technologies such as fiber, hybrid fiber-coaxial cable, enhanced copper, and wireless networks that offer increased capacities. This transformation is allowing for much more dynamic, more efficient, and faster means of connecting devices. As a result, ongoing and future efforts across the country to spur increased broadband deployment and adoption should have a positive multiplier effect on IoT usage and functionality. Commenters did express concerns regarding hurdles to deploying infrastructure, including difficulties in siting of wireless towers and antennas, and access to necessary poles, conduits, and rights-of-way. With wireless networks, these problems are exacerbated by emerging architectures that require significantly more infrastructure than legacy systems.Increased Infrastructure Demand -- IoT will depend upon both public and private communications networks, and will use various wireline and wireless modes, including satellite, often in combination or on an interdependent basis. For example, different network resources may be used for access or backhaul, or to offload traffic. The need for seamless connectivity will require deployment of robust broadband infrastructure for interconnecting devices.SpectrumMeet increased spectrum demand._a201b9ea-dc6b-11e6-9fd3-ad198a99ac47A.iiQualcommFor example, Qualcomm pointed out that automated vehicles, critical infrastructure management, remote medical procedures, and command and control communications for unmanned aerial vehicles and robotics may all use different spectrum bands.Hewlett Packard EnterpriseHewlett Packard Enterprise similarly commented that the expected diversity in connected devices and applications means that the required data rates as well as the duration and persistence of transmissions will vary widely, meaning that spectrum needs will be very different depending on the device and application. Some commenters asserted the need for dedicated spectrum to support connected automobiles. Today, automobiles already rely on connectivity for safety, convenience, and entertainment features. This trend is expanding, highlighted by the development of autonomous vehicles, and multiple communications technologies are likely to play a role.Edison Electric InstituteSpectrum will also play a key role in the ability of utilities to leverage IoT technologies, according to the Edison Electric Institute. It also noted that utilities seek dedicated spectrum for broadband communications to manage peak loads, maintain grid stability, and monitor and control millions of utility system devices.Deere & CompanyDeere & Company observed that many IoT systems, including those in agriculture, rely on unimpaired location services. As a result, Deere urged that government spectrum policies continue to protect the GPS from harmful interference. IoT devices and applications will rely on various wireless technologies in rapidly escalating numbers, and they will use a number of licensed and unlicensed spectrum bands. This will increase demands on already scarce wireless spectrum resources.U.S. GovernmentAs a result, commenters generally agreed that the U.S. Government can advance IoT by ensuring that our limited spectrum resources are used effectively and efficiently. Many suggested that access to additional spectrum will be needed to support IoT, with support for a balance between licensed and unlicensed access. Some indicated that specific spectrum bands should be identified that could support IoT with some flexibility in exactly how such spectrum is used. Many other commenters, however, recommended the federal government instead maintain its overall approach of meeting increasing demand by continuing to make available a broad range of spectrum on a technology neutral, flexible-use basis.AT&TAT&T commented that, for licensed spectrum, the licensee can manage and employ the spectrum it controls in an optimized fashion for the mix of traffic types that it needs to support. It also stated that such flexible commercial spectrum allocations allow the evolving market and consumers to determine the highest and best use of the spectrum and affords an opportunity for innovative technologies to emerge. Commenters noted that the wireless industry requires access to a broad range of frequencies across the lower, middle, and higher spectrum bands to support enhanced connectivity for consumer, enterprise, and other uses, including IoT. Some commenters urged the U.S. Government to encourage policies that ensure competitive carriers and small providers have access to additional licensed spectrum.Wi-Fi AllianceHewlett Packard Enterprises suggested that dynamic sharing mechanisms and spectrum access systems may hold great promise for unlocking access to spectrum, particularly in sub-1 GHz bands, adding that the lack of spectrum availability in these bands is a potential constraint on the growth of IoT. The Wi-Fi Alliance echoed this call for unlicensed access to spectrum in lower frequency bands.Increased Spectrum Demand -- Wireless technologies are likely to play a significant role in supporting many of the increasing numbers of connected devices being developed by IoT manufacturers. In addition to existing wireless resources, IoT applications will leverage exciting technological advances, such as those associated with 5th generation (5G) wireless technologies, innovative unlicensed use of spectrum, low-power connectivity protocols, and others. Many commenters, however, pointed out that a shortage of available spectrum could become a constraint on the growth of IoT. IoT-associated demand for spectrum access is rapidly expanding, from consumer-focused applications, to industrial systems to increasing government use cases.IPv6Quicken the pace of IPv6 adoption._a201bbac-dc6b-11e6-9fd3-ad198a99ac47A.iiiInternet SocietyDespite this challenge and others, the Internet Society stated, many experts believe that IPv6 is "the best connectivity option and will allow IoT to reach its potential." In support of this effort, the Department will continue to encourage the adoption of IPv6 through its ongoing efforts to enhance standards profiles, support measurement and testing infrastructures, and foster multi-stakeholder collaboration.Internet Protocol Version 6 Adoption -- There is a growing demand for Internet connectivity in light of IoT. Many devices connect to the Internet via Internet Protocol addresses (IP addresses). The system most in use today -- Internet Protocol version 4 (IPv4) -- was created in the 1970s as the Internet’s first, large-scale addressing system, and it provided us with nearly 4.3 billion IP addresses. This number, however, is far less than what the ever-expanding network -- and IoT -- will demand. As one commenter noted, IPv4 is an "outdated version of the Internet Protocol" which "severely restricts the number of devices that can be connected to the Internet." In the 1990s, the Internet technical community provided a sustainable solution to this problem by creating IPv6, the next generation protocol. IPv6 offers a significantly expanded addressing space that can comfortably meet the growing demand for Internet connections and obviate the need for technologies used to prolong the life of IPv4. Compared with IPv4's 4.3 billion possible addresses, IPv6 offers 340 trillion trillion trillion addresses. Although IPv6 addresses are available and plentiful, the majority of the Internet has not made the transition from IPv4 to IPv6. Thus, a key question is what incentives or policy approaches can help quicken the pace of IPv6 adoption, in order to create the optimal enabling environment for the sustainable growth of IoT. 90 Due in large part to IoT, billions of additional devices -- from industrial sensors to home appliances and vehicles -- will be connected to the Internet between now and 2025. Commenters point out that the expected increase in connected devices associated with IoT will dramatically increase demands upon the nation’s information and communications infrastructure, and that "only IPv6 will scale to the size expected for Internet communication." At the same time, however, one comment noted that IPv6 implementation requires many considerations, including security concerns generated by the capabilities of devices connected to the network. "Unlike IPv4, which was relatively simple to implement, IPv6 is more complicated," Krawetz, et al, noted. "Many IoT devices do not fully implement IPv6. These incomplete implementations are vulnerable to network attacks and malware." The capacity of hardware and software to support IPv6 is one of several considerations to take into account when deploying IPv6 services.EquityAddress issues of equity in IoT._a201bd5a-dc6b-11e6-9fd3-ad198a99ac47A.ivHealth Care ProvidersHealth care providers can do this remotely, which helps rural patients or patients with mobility problems. Because of this, it is essential that government and the private sector work together to ensure that all Americans have an opportunity to reap the benefits brought by IoT.Underserved CommunitiesWhile IoT has the ability to improve the lives of consumers and citizens, a lack of access to the Internet, and thus many IoT applications, could also make things worse for underserved communities.Center for Data InnovationThe Center for Data Innovation commented that if "the public sector does not implement policies to encourage equitable deployment, the Internet of Things could exacerbate existing inequalities by providing the benefits of data-driven decision making only to some, and placing already underserved communities at an even greater disadvantage." In general, the concern is the cumulative impact of inequality (e.g., economic status plus other factors), and how some consumers may be left out of the benefits of IoT. The growth in IoT device use and the resulting data analytics from their use has been significant, and government should be conscious of issues of social inclusion and equity.Issues of Equity in IoT -- Connected devices have the extraordinary potential to improve the health, economic, and personal welfare of underserved communities. Wearable devices can closely monitor a patient's health, which is critical for certain illnesses.Planned ActivitiesPlan appropriate activities._a201bf08-dc6b-11e6-9fd3-ad198a99ac47A.vIt is clear from commenters that infrastructure needs to be deployed, developed, and maintained to ensure that IoT reaches its full potential. This will require a continued focus on the deployment of, and investment, in wireline and wireless connectivity, spectrum availability, and standards development. The push for infrastructure deployment and development should be private-sector led, with the support of the Department to assess spectrum requirements, promote and foster broadband deployment, and ensure that access is made available to all communities. IoT infrastructure development will also require international engagement to address issues of interoperability, access, and inclusiveness. Current InitiativesContinue ongoing initiatives._a201c0fc-dc6b-11e6-9fd3-ad198a99ac47A.v.1Smart CitiesEmpower communities to become smart cities. _a201c2be-dc6b-11e6-9fd3-ad198a99ac47A.v.1.aCommunitiesCitiesNTIANTIA assists in the development of the broadband infrastructure necessary for the use of IoT both directly through toolkits and indirectly through work with the Broadband Opportunities Council (BOC).Broadband Opportunities CouncilPrivate SectorPrivate sector partners can be an important source of capital, technical knowledge, continuing innovation, and workforce development. To assist communities looking to embed new digital technologies into municipal infrastructure, NTIA released Using Partnerships to Power a Smart City: A Toolkit for Local Communities for local officials and citizen groups to use as a guide for building successful public-private partnerships.Department of CommerceThe Department co-chairs the BOC, which includes 25 federal agencies and departments and that engages with industry and other stakeholders to understand ways the Executive Branch can better support the needs of communities seeking broadband investment. The BOC released a report in September 2015 that includes action items and milestones for each agency, and will continue its work to monitor implementation of the action items and to explore additional steps that can be taken to remove barriers to broadband deployment and adoption.Empowering Communities to Become Smart Cities.Spectrum-Related InteractionsConduct research and development into spectrum-related interactions. _a201c476-dc6b-11e6-9fd3-ad198a99ac47A.v.1.bNTIANTIA's Institute for Telecommunication Sciences (ITS) is investigating interaction effects among new IoT-related spectrum use and incumbent spectrum users in cases where they are collocated and/or in adjacent bands. This is creating a technically neutral body of knowledge and expertise to inform future policy. Continued development of this IoT testbed will provide a better understanding of the performance and behavior of IoT systems. It will also establish a base of scientific principles to inform neutral and accurate predictions of future spectrum needs and trouble areas. Using the scientific principles derived by the continued development of the IoT testbed, ITS also plans to develop the capability to model large-scale interactions of currently deployed and new, not-yet deployed IoT systems.Institute for Telecommunication SciencesResearch and Development into Spectrum-Related Interactions.First RespondersEnable IoT functionality for first responders. _a201c67e-dc6b-11e6-9fd3-ad198a99ac47A.v.1.cFirst RespondersFirst Responder Network AuthorityAn anticipated key driver of the benefits of IoT for public safety is the First Responder Network Authority's (FirstNet) Nationwide Public Safety Broadband Network (NPSBN). FirstNet is deploying the necessary infrastructure to allow for transfers of data wirelessly, real-time in the field, without potential congestion from commercial network traffic. This will be crucial during routine day-to-day incidents, large planned events or unexpected disasters.CongressIn 2012, Congress allocated $7 billion and 20 megahertz of spectrum to FirstNet to partner with the private sector to build the NPSBN, an LTE-based wireless broadband network dedicated to public safety. Once operational, the FirstNet network promises to transform the way first responders communicate, providing public safety personnel with dedicated access over a prioritized, reliable, and secure mobile connection. This will enable first responders to send and receive text, voice, video, images, location information, and other data in real time to help increase situational awareness and operational capability in the field. In addition to revolutionizing emergency communications, the FirstNet network will be an incubator and proving ground for public safety focused IoT solutions by linking more first responder data sources, such as their gear, emergency vehicles, fingerprint scanners, databases, and more. The constant transfer of data over a dedicated, mission critical network will enable faster decision making that can help coordinate responses and save lives. By focusing on public safety needs first, FirstNet seeks to drive industry to continue to innovate to improve public safety activity to save lives, improve responses to incidents and disasters, and better anticipate future responses.Enabling IoT Functionality for First Responders.IPv6 AdoptionChampion IPv6 adoption and use in networks, devices, and websites and promote IPv6-enabled content._a201c854-dc6b-11e6-9fd3-ad198a99ac47A.v.1.dDepartment of CommerceThe Department is championing IPv6 adoption and use in networks, devices, and websites, and promoting more IPv6-enabled content, but there is more to be done.NISTNIST leads IPv6 planning within the U.S. Government, and developed the technical infrastructure to assist the Government with IPv6 adoption.NTIANTIA and NIST have in the past supported awareness-raising and information-sharing by holding public meetings on IPv6, and have produced informational resources to help those implementing the new protocol, including a Technical and Economic Assessment of IPv6 (2006) and an IPv6 Readiness Tool for Business (2011). NIST leads IPv6 planning within the U.S. Government, and developed the technical infrastructure (i.e., standards profiles, testing infrastructure, and deployment guidance) to assist the government with IPv6 adoption. The agency also maintains up-to-date statistics on IPv6 deployment. NTIA conducted a Request for Comment (RFC) on the Incentives, Benefits, Costs and Challenges to IPv6 Implementation in order to better understand the industry's experience with and viewpoints on IPv6 implementation, and received a number of high quality insights from individuals, cloud providers, Internet service providers, and various industry associations.Cloud ProvidersInternet Service ProvidersIndustry AssociationsNext StepsTake the appropriate next steps._19955df2-dc73-11e6-a11a-90318a99ac47A.v.2Proposed Next Steps -- The Department will: CoordinationCoordinate with the private sector, as well as federal, state, and local government partners._19956176-dc73-11e6-a11a-90318a99ac47A.v.2.aCoordinate with the private sector, as well as federal, state, and local government partners, to ensure the infrastructure to support IoT continues to expand, that access to infrastructure is inclusive and affordable, and that the infrastructure remains innovative, open, secure, interoperable and stable. This includes promoting adoption and usage to encourage deployment and investment, and engaging in technical assistance and research and development.ExpansionEnsure the infrastructure to support IoT continues to expand._19956414-dc73-11e6-a11a-90318a99ac47A.v.2.a.1Inclusiveness & AffordabilityEnsure that access to infrastructure is inclusive and affordable._19956cfc-dc73-11e6-a11a-90318a99ac47A.v.2.a.2Innovation, Openness, Security, Interoperability & StabilityEnsure that the infrastructure remains innovative, open, secure, interoperable and stable._19957184-dc73-11e6-a11a-90318a99ac47A.v.2.a.3Spectrum ManagementContinue to innovate in spectrum management to increase access to spectrum that will help facilitate IoT growth and advancement. _19957422-dc73-11e6-a11a-90318a99ac47A.v.2.bNTIANTIA, through its Office of Spectrum Management, will collaborate with stakeholders, including its spectrum-related interagency (Policy and Plans Steering Group and Interdepartmental Radio Advisory Committee) and external advisory bodies (Commerce Spectrum Management Advisory Committee), to assess the spectrum implications of the diverse IoT applications that currently or in the future may be delivered through a number of technologies operating in various spectrum bands.Office of Spectrum ManagementPolicy and Plans Steering GroupInterdepartmental Radio Advisory CommitteeCommerce Spectrum Management Advisory CommitteeDigital InclusionExpand digital inclusion efforts to include an emphasis on IoT adoption and availability._19957bca-dc73-11e6-a11a-90318a99ac47A.v.2.cIPv6Continue to encourage the adoption of IPv6._19957fee-dc73-11e6-a11a-90318a99ac47A.v.2.cContinue to encourage the adoption of IPv6 by fostering multi-stakeholder collaboration and dialogue and provide a platform for discussion on issues such as mobile IPv6 routing, security in dual-stack environments, and privacy implications of IPv6.Data Collection & AnalysisCollect data and conduct analysis on the usage and growth of IoT devices through the Digital Nation data collection in order to better inform industry and policy makers. _199582aa-dc73-11e6-a11a-90318a99ac47A.v.2.dIndustryPolicy MakersPolicy & CoalitionsCraft policy and build coalitions. _a201ca3e-dc6b-11e6-9fd3-ad198a99ac47BGovernmentsCivil SocietyAcademiaTechnical CommunityPrivate SectorCrafting Balanced Policy and Building Coalitions: Removing barriers and encouraging coordination and collaboration; influencing, analyzing, devising, and promoting norms and practices that will protect IoT users while encouraging growth, advancement, and applicability of IoT technologies... Commenters detailed several discrete policy areas that will require coordinated engagement by all stakeholders -- government, civil society, academia, the technical community, and the private sector, globally and domestically -- to ensure forward-looking, adaptable, and balanced policy that fosters innovation while addressing risks and challenges.Cybersecurity_a201cc82-dc6b-11e6-9fd3-ad198a99ac47B.iDNS ProvidersThe distributed denial of service (DDOS) attack in October 2016 on a Domain Name Service (DNS) provider's lookup service that used an army of IoT devices protected only by factory-default passwords is an example of how Internet-connected devices have changed the cybersecurity environment. The incident was the most visible and far-reaching example of the potential risks that must be mitigated when considering IoT.Incident ManagersIncident management in cases such as these may require enhanced coordination by the private sector, government, and individuals in the future. The risks for IoT systems that support the economy’s industrial sectors are even more challenging, according to IBM. Industrial devices are connected to the Internet to allow for broader visibility, control, and maintenance, but these devices can also become potential attack targets.Electronic Frontier FoundationAt the same time, commenters noted that cybersecurity best practices are a new concept for many IoT stakeholders. Mature manufacturers of newly wired devices, such as an appliance manufacturer developing a wireless-enabled refrigerator, may have little to no experience collecting, securing, and protecting consumer data, the Electronic Frontier Foundation (EFF) said in its comments. EFF added that start-ups building IoT technologies and interfaces for the first time may focus primarily on getting a product to market, without considering how to protect and secure computer networks or data. IoT EntitiesCommenters stated that different sets of best practices will be relevant for different IoT entities, such as hardware manufacturers/integrators, developers, deployers, and operators.IoT Hardware ManufacturersIoT IntegratorsIoT DevelopersIoT DeployersIoT OperatorsIoT will be integrated into our lives to an unprecedented degree. While the computer and Internet revolutions have pushed more of our lives into the data domain, IoT will continue that trend and bring both software and connectivity into almost every aspect of the home, enterprise, and public space. One comment noted that several factors contribute to the more challenging environment of increased connectivity, including: the highly networked nature of IoT creates a large number of attack surfaces that can be exploited; some IoT device makers have not followed established cybersecurity best practices used in other information security contexts; and some connected devices will collect vast amounts of personal information, enabling high impact attacks. Meanwhile, the expected ubiquity of and dependence on IoT magnifies the security risk on each domain, whether it is the power grid, our automobiles, or children's toys.Risk & FlexibilityImplement flexible, risk-based solutions._19958ae8-dc73-11e6-a11a-90318a99ac47B.i.1U.S. Chamber of CommercePredefined solutions quickly become obsolete or even provide bad actors with a roadmap for attack, the U.S. Chamber of Commerce noted. Many commenters stated that regulators must allow developers the flexibility to create cutting-edge improvements to defend their products and services and protect their users.AT&TOverly prescriptive regulations could impede stakeholders' abilities to respond to ever-changing threats, AT&T commented.CiscoCisco stated that governments should work within existing regulatory structures, and focus on outcome-oriented approaches to manage newly identified risks associated with the use of particular technologies, instead of regulating the underlying technologies.Rapid7The U.S. Government can play a valuable role in driving awareness and resolution of the cybersecurity issues facing IoT development, Rapid7 wrote, suggesting the government can facilitate coordination and standardization among IoT stakeholders to improve security. Several commenters called for a greater recognition of the role played by the security research community, which can independently discover, assess, and correct cybersecurity vulnerabilities.U.S. GovernmentCommenters recommended that the U.S. Government continue to foster a community for cybersecurity information sharing, and collaborate with industry on clearer guidelines for security research and coordinated disclosure.Information Technology Industry CouncilThe Information Technology Industry Council pointed to two examples of public-private partnerships that can help ensure greater coordination and collaboration across the government: information sharing and analysis centers and sector coordinating councils.ChildrenCommenters suggested some limited areas that may require special consideration. Devices that are used by children may constitute one of these areas.Common Sense Kids ActionFor example, as Common Sense Kids Action pointed out, a recent data breach involving a toy manufacturer exposed names, dates of birth, password recovery questions and answers, genders, pictures of parents and children, audio recordings of children, and chat logs between parents and children.Vehicle ManufacturersAutonomous vehicles may be another area for special consideration, particularly regarding safety-critical systems.Association of Global AutomakersThe Association of Global Automakers recommended Federal criminal penalties for those who electronically tamper with a motor vehicle without the owner’s consent.SymantecSymantec, for example, distinguishes between risks to communications to/from an IoT device, and risks that undermine the integrity of the device itself. Many other commenters highlighted the fact that concerns about the risks to data confidentiality and integrity can be best addressed by encryption, while other commenters said that concerns about the risk of malicious control of devices require access control and authorization mechanisms.Dan CaprioAt the September 2016 IoT workshop, the Providence Group's Dan Caprio stated that IoT risk is such a complex and multifaceted issue that it needs to be addressed through an enterprise risk management approach. This emphasis on a risk-based approach conforms with a broader focus across the Department on understanding and addressing cybersecurity risks in the business/mission context.NISTThis approach is embodied within the NIST Framework for Improving Critical Infrastructure Cybersecurity (NIST Framework). Many commenters referenced the NIST Framework as providing a model to think about cybersecurity for IoT applications and devices. The NIST Framework offers an overarching structure to address cybersecurity across all critical infrastructure sectors using existing international standards and best practices, while providing adaptability and flexibility to meet the unique needs of each sector and address new threats. The NIST Framework highlights the limitations of a "one-size-fits-all" solution and instead is a voluntary, flexible framework that can be scaled to organizations' different needs, allowing them to take into account their particular business models, assets, and other variables. This structure enables organizations to adapt to an ever-changing, dynamic environment, which is critical for IoT technologies.VerizonVerizon called for a process expanding on NIST's model that builds on collaboration between industry, academic, and government stakeholders to identify standards and practices for IoT security.Threats and vulnerabilities are constantly evolving... The range of IoT devices and applications, as well as the many potential attack vectors and harms, may preclude a single, prescriptive solution. Instead, many commenters advocated a risk-based approach to understand threats and vulnerabilities. Just as there is no easy description for IoT itself, there is no single prescription for IoT security. Commenters argued that breaking down the security challenge into particular risks allows for a better understanding of the solution space.Security by DesignBuild in security by design._19958ef8-dc73-11e6-a11a-90318a99ac47B.i.2Software & Information Industry AssociationThe Software & Information Industry Association, for example, encouraged a practice of a risk assessment during the product design stage and security testing during development and before products and services launch.Rapid7When integrating multiple components, Rapid7 suggested that each component must be understood well enough to configure it properly to minimize unused features and secure any insecure defaults.Federal Trade CommissionThe Federal Trade Commission has also embraced this approach, with its IoT guidance that companies "Start with Security." The overall notion is often most easily understood in its absence: security failures are more likely to occur when security is not a consideration throughout the concept and design process. Attempts to "bolt on" security features late in the product development process are both more expensive and more prone to error. While many commenters embraced this notion, there is no clear consensus or straightforward path on how to implement such a concept across the broad IoT space. The software industry has spent many years developing tools, techniques, and standards for integrating security into the development lifecycle. These range from approaches developed by specific companies to those developed by open standards organizations.Information Technology Industry CouncilThe Information Technology Industry Council suggests starting at the hardware level with built-in safeguards. Other mechanisms for building in security include considering authentication tools, using modern, well-tested software packages, and having a complete testing protocol in place.IoT DesignersDesigners, developers, and integrators must understand security from an initial stage. Further tools to empower easier security decisionmaking may be necessary as IoT grows. IoT DevelopersIoT IntegratorsIoT CommunicatorsThe final hurdle to security-by-design is the challenge of how to communicate the effectiveness of security practices to customers, relevant regulators, and the public. This problem is not unique to IoT, but is necessary to foster public trust and market rewards for security investment.IoT CustomersIoT RegulatorsThe PublicMany commenters underscored the importance of security considerations as an integral part of the entire life cycle of IoT products, from conception to deployment and beyond... As several commenters noted, a common means of capturing this holistic approach to security is "security by design," a concept the Department strongly supports. This is not a new idea, and is linked to important concepts like "privacy-by-design."PatchingPatch devices to plug security vulnerabilities and protect privacy._199591e6-dc73-11e6-a11a-90318a99ac47B.i.3Electronic Frontier FoundationThe Electronic Frontier Foundation noted that unpatched smart devices create security vulnerabilities and can put privacy at risk by making devices easier to compromise or by leaking user information.ManufacturersManufacturers of connected devices, unlike those who make traditional computers, often lack an effective update and upgrade path once the devices leave the manufacturer’s warehouse.Device UsersSeveral commenters noted that, without a patching capability, it is difficult to mitigate devices' known security flaws on a large scale. These vulnerabilities can have potentially devastating consequences for users.Rapid7Many manufacturers entering the IoT space do not traditionally offer frequent or fast-paced support or updates to their products, and are only beginning to look into quick response practices for vulnerability patching, Rapid7 commented. Effective patching is challenging even for mature market sectors that have update mechanisms, such as smartphones and routers, and therefore Rapid7 suggests IoT newcomers will need to quickly incorporate patching and updating processes into their practices. Many connected devices are likely to be long-lived (sometimes lasting decades), and many will undoubtedly require patches as security issues are identified in the future.Automobile ManufacturersFor example, cars are purchased with the expectation that they will be used for at least 11 years. Commenters suggested that methods to allow updates from reputable sources, sometimes despite low bandwidth and intermittent connections especially over the long term, should be considered. This is important even if the original manufacturer or service provider no longer supports the device or is no longer in business.MicrosoftMeanwhile, Microsoft pointed out that many connected devices will be deployed into environments that fall under multiple jurisdictions with different regulatory requirements, or into consumer environments with fewer security management resources.The lifecycle of a device lasts beyond the development process and will vary greatly depending on the device, from short periods to many years. Technical LimitationsAddress the technical limitations of many IoT devices._1995993e-dc73-11e6-a11a-90318a99ac47B.i.4CTIACTIA commented that a breach could exist for an extended period of time before being noticed, and once noticed, correction or mitigation may not be possible or practical. Alternative solutions may require greater coordination across different parts of the IoT environment. The difficulties and costs of implementing encryption on technically limited devices drew substantial comment.IoT Encryption ResearchersResearchers who studied IoT encryption found that many of the devices exchanged completely unencrypted information with servers. Even devices that did encrypt the data traffic they sent and received were at times revealing other points of information, such as when power had been turned on or off. Many commenters agreed that encryption is important in all areas of the IoT environment, including at the device level, for data in transit, and at the platform or service level. Commenters urged the government to encourage the adoption and use of the best commercial encryption implementations and security practices available. While encryption is just one of many important capabilities, it drew numerous comments.Niskanen CenterThe Niskanen Center stated that strong encryption has significant economic benefits, encouraging and promoting the trust necessary for robust online commerce and finance.NISTNIST has already begun to explore the potential of "lightweight encryption" for devices with low computing power.One comment highlighted the technical limitations of many IoT devices as a particular hurdle for implementing known good security practices. These limitations include computationally weak hardware, minimal operating systems, and/or limited memory, commented Krawetz et al. They added that limited resources make connected devices more vulnerable to denial of service and stacksmashing attacks (causing a stack in a computer application or operating system to overflow, which may subvert or crash the stack); the IoT world has not yet developed common mitigation techniques. Even when adequate technology exists, devices may lack the metrics or interfaces for security awareness.PrivacyProtect privacy._19959dd0-dc73-11e6-a11a-90318a99ac47B.iiGSM AssociationFor example, the GSM Association stated that "privacy considerations that accompany IoT will affect different sectors of the economy, and conflicting, sector-specific regulations will hinder IoT development and deployment." Many commenters nonetheless argued for a "privacy-by-design" approach, or the use of privacy enhancing technologies (PETs). These techniques would typically need to be implemented before the developers determine the use for devices or components that are deployed in both consumer-facing and non-consumer facing applications. Several commenters argued that there are no new privacy issues related to IoT, that it is too early to craft regulatory responses, or that current regulation is sufficient.U.S. Chamber of CommerceThe U.S. Chamber of Commerce stated that "[w]ithout evidence of heightened privacy concerns or consumer harm, there is no reason not to allow the IoT market to mature under the frameworks that exist for protecting consumers' legitimate privacy interests."Federal Trade CommissionThese commenters primarily pointed to Federal Trade Commission enforcement of its Section 5 authority over unfair or deceptive practices, sector-specific legislation such as the Children's Online Privacy Protection Act, and the Health Insurance Portability and Accountability Act as providing the protections needed by consumers.VerizonVerizon, for example, stated that "[p]olicymakers should leverage existing privacy frameworks -- including the existing Federal Trade Commission regime and self-regulatory mechanism -- to create a holistic policy approach to IoT-related privacy issues. Doing so will create the necessary regulatory certainty and stability to support continued investment and growth in IoT solutions." These commenters are concerned about the potentially negative effect that proactive regulation would have on innovation and growth in IoT. Other commenters argued that the privacy concerns raised by IoT were either novel or were different enough in scale, scope, and stakes to necessitate distinct consideration.MicrosoftAs Microsoft argued, "IoT raises unique privacy concerns. IoT will dramatically increase the number of devices facilitating the creation, collection and transmission of data. In parallel, connected devices without screens or other direct user interfaces create significant practical challenges for privacy regimes based primarily on notice and consent." Commenters also raised the challenge of notice and consent, suggesting the need for flexibility and modernization of how consent is gained. Given the vast amounts of data that IoT devices are capable of collecting, commenters also discussed the link between the privacy concerns raised by IoT and those inherent in the discussions of big data, with the paramount concern being the need to combat potential discrimination, secure collected data, and promote transparent decision-making processes. SymantecSymantec states: The unprecedented volume of data that will be generated by connected devices will in many applications raise significant privacy issues. First and most obviously, an exponential increase in data collection brings with it a similar increase in the potential for and damage from a data breach. This data will need to be securely collected, transmitted, and stored. But the analytics that can be applied to all of this data raises different issues, as Americans are increasingly concerned with how big data is providing corporations and governments insight into their lives. As with security, the first step towards addressing these issues is transparency -- people should have the opportunity to understand how data about them is being secured, just as they should know how that data is being used.Electronic Frontier FoundationMany commenters expressed significant concern about the ubiquity of data collection and the potentially sensitive or personal nature of this data. The Electronic Frontier Foundation cited a Hewlett Packard Enterprise study that "found that 90 percent of IoT devices collected at least one piece of personal information via the device, the cloud, or its mobile application."Hewlett Packard EnterpriseMichelle De MooyAt the September 2016 IoT workshop, Michelle De Mooy of the Center for Democracy and Technology stated that these concerns are intertwined with concerns about security, given that insecure data is the primary way in which user privacy is likely to be breached. Straddling the line between privacy and security concerns is the need to address data breach notification policy, which is currently a patchwork of laws and regulations. Commenters also raised the need to address the problem of data ownership over the lifecycle of a consumer device.Federal Trade CommissionThe scope of personal data collected by connected devices is potentially immense, expanding far beyond the usual concerns of traditional e-commerce. The systematic collection of personal information, habits, locations, and physical conditions over time can easily allow an entity that has not directly collected this information to infer specific details about the user or users of the devices, as the Federal Trade Commission pointed out in its January 2015 staff paper on IoT privacy and security.Consumer Federation of AmericaAs to how these issues should be addressed, several commenters felt that the Department of Commerce, for various reasons, is not the place to develop policy in this area. For example, the Consumer Federation of America argued that "[t]he DOC is not the right place to develop U.S. privacy policy. It is not a privacy or consumer protection agency."Niskanen CenterAnd the Niskanen Center stated that "Congress, and not a confusing hodgepodge of competing regulatory bodies, will be the primary regulator of IoT. Congress, not Executive Branch regulators, should lead on the IoT." There was some support, however, for multi-stakeholder efforts, both facilitated by the government or in which the government acts as a participant. Multistakeholder efforts call for bringing all interested stakeholders together to try to reach consensus on how to address a particular problem or issue.CongressHewlett PackardOne clear argument made by several of the commenters and participants in the workshop is that any approach to privacy policy from the government should be technology neutral. Hewlett Packard argued that the "overall privacy and data protection environment should be flexible enough for new technologies, and not create IoT-specific requirements."Julie BrillFormer Federal Trade Commission Commissioner Julie Brill called for technology-neutral baseline privacy legislation during the IoT workshop. Through baseline privacy legislation, such as the Commerce Department's 2015 Discussion Draft based on the Consumer Privacy Bill of Rights, it would be possible to address privacy concerns without regard to the type of technology used. It would also supplant the current patchwork of regulation based on information type and use.Potential privacy concerns arising from the use of IoT devices were second only to cybersecurity in number of comments received. While it is clear that consumer trust is essential to the growth of IoT, and that ensuring the privacy of users is a key aspect of building that trust, commenters were divided on whether IoT presents novel privacy challenges and on the appropriate response to these challenges. It is clear that connected devices are not all equal in their relative effects on privacy. According to some commenters, industrial, agricultural, and other non-consumer facing uses of IoT generally would not likely collect information that could be considered personally identifiable information. Any policy response to privacy concerns would need to avoid placing regulatory burdens on applications that pose limited potential for privacy-related harms. There is also a danger in creating too many "sector-specific" regulatory requirements.Intellectual PropertyAddress intellectual property issues._1995a122-dc73-11e6-a11a-90318a99ac47B.iiiIoT technologies and uses can involve significant intellectual property issues -- including copyright, patents, trade secrets, and trademarks -- some of which commenters discussed and are highlighted in this section. The comments indicate that, in general, intellectual property is an important topic that deserves recognition and further consideration as IoT penetrates more households and businesses and becomes a ubiquitous part of everyday life. Furthermore, as the comments suggest, IoT plays into ongoing intellectual property policy discussions, which address more general concerns. These issues also have international policy implications.CopyrightProtects original works of authorship._1995a9ba-dc73-11e6-a11a-90318a99ac47B.iii.1AuthorsConsumersSome commenters focused on how licensing terms affect the way in which consumers interact with the copyrighted software embedded in IoT devices, and argued for solutions that would enable consumers to own the copies of software embedded in the devices they purchase. Other commenters stated that it is important that IoT policies do not inadvertently undermine intellectual property rights, or weaken established licensing practices.Mobile Application DevelopersOne commenter pointed out copyright's important role in deterring counterfeit mobile applications by discouraging counterfeit applications that may carry malware. Some commenters focused on the impact that anti-circumvention provisions may have on access to software and data. Commenters were divided on how these provisions would ultimately affect the development of IoT, and what actions the government should take as a result. For example, one commenter argued that the unrestricted ability to access and modify embedded software will threaten the reliability, safety, and usability of IoT devices. Another wrote that technological protection measures inhibit security research, which they claimed further threatens consumer privacy and security.Copyright law protects original works of authorship fixed in a tangible medium of expression by granting to authors certain exclusive rights subject to a number of exceptions and limitations. The United States and many other countries also provide protection against the circumvention of technological protection measures (TPMs) designed to prevent the unauthorized use of or access to works protected by copyright. Key copyright-related IoT issues involve ownership, access, and usage of data and software. Commenters noted that there are still questions about who owns data in the IoT environment, and what may be done with it. The answers will depend in part on the nature of the "data," whether it is embodied in a copyrightable compilation, and whether an exception or limitation applies. Although mere "facts" (e.g., the temperature of a home) are not eligible for copyright protection, if data outputs produced by IoT devices include copyrightable sounds or images, or reflect a sufficiently original selection and presentation of data, then permission may be required to copy, distribute, or modify the resulting works.PatentsSecure property rights for the inventors of technical advances._1995af28-dc73-11e6-a11a-90318a99ac47B.iii.2InventorsBy securing exclusive property rights for the inventors of technical advances, patents provide incentives for innovators to develop better IoT devices, manufacturing practices, and infrastructure. Several patent policy issues have the potential to impact IoT industries going forward.USPTOAt present, none of these issues are unique to IoT, and the USPTO and other federal agencies have been working to address a number of them. As standards for IoT are developed in the United States and abroad, issues around standard essential patents and licensing may arise, reflecting discussions currently underway in broader sectors such as information and communication technology.Standards Developing OrganizationsWhen private-sector standards developing organizations (SDOs) develop new consensus standards, some SDOs encourage or require participants to declare any patents they own (or pending patent applications) that would be needed to implement the standard.U.S. GovernmentFor its part, the U.S. Government, based on longstanding policy, defers to private sector SDOs to adopt approaches that meet the needs of the participating members and the industries where those standards will be used while appropriately balancing the various interests involved while fairly compensating patent owners for use of their technology.Department of CommercePatent quality is another critical issue that attracted considerable attention among stakeholders, particularly with regard to litigation. The Department recognizes that clarity is important for letting industry competitors and the public know which functionality or actions are covered by a patent, when they should seek licenses, and what alternatives they can pursue.USPTOUSPTO has been actively engaged on this topic with the patent community. Commenters also stated that the government should address patent trolls and reduce abusive patent litigation, according to two commenters. One commenter noted the importance of providing clear eligibility for patentable subject matter in the IoT space.Supreme CourtIn response to several Supreme Court cases that altered longstanding practice on eligibility, the USPTO issued guidance to patent examiners in 2014 on how to apply the Supreme Court's rulings during examination, and has been providing regular updates and teaching examples with substantial input from patent stakeholders as new court cases are decided.Niskanen CenterThe Niskanen Center stated that IoT may likewise present challenges for enforceability of patents. For instance, the distributed nature of IoT may raise a number of questions regarding multi-party infringement liability. Traditionally, one party must perform every element of a patent claim to be liable for infringement. However, sometimes multiple parties act together in such a way that the combined result performs the patent claims.Patent OwnersPatent owners have limited mechanisms to enforce their patents in such situations. However, these types of liability have limitations that can make it difficult to enforce certain patents, particularly since the Internet allows seamless, invisible, efficient interactions by multiple parties.As with any technological field, patents can be expected to play a key role in IoT development.Trade SecretsProtect trade secrets._1995b2ac-dc73-11e6-a11a-90318a99ac47B.iii.3EntrepreneursTrade secrets are crucial to helping our entrepreneurs and businesses start, grow, and innovate, including in the IoT space. In addition, the proliferation of devices and connectivity that makes up IoT also gives rise to trade secret vulnerabilities.BusinessesA trade secret is confidential, commercially valuable information that provides a company with a competitive advantage, such as customer lists, methods of production, marketing strategies, pricing information, and chemical formulae. The type of information that could be protected as a trade secret is virtually limitless. At issue is how trade secret protection promotes IoT innovation, and how the rise of IoT impacts trade secret protection... In relation to IoT, one commenter posited that "[p]roducts will be defined by the sophistication of their algorithms. Organizations will be valued based not just on their big data, but the algorithms that turn that data into actions and ultimately customer impact." The protection and security of algorithms associated with IoT has been noted as an issue. Accordingly, the protection of trade secrets is one key element to the encouragement of innovation in the IoT sphere. Confidentiality concerns were mentioned by some commenters. In business environments, data sharing without appropriate controls to protect against inadvertent release of confidential information creates additional risk that trade secrets will be exposed. Only one commenter specifically mentioned the implication of these general concerns for trade secrets, although other references to proprietary, confidential, and/or sensitive information could be considered to relate to trade secrets as well.TrademarkEnforce trademarks._1995bb4e-dc73-11e6-a11a-90318a99ac47B.iii.4ConsumersTrademarks serve several functions for consumers and brand owners, including serving as quality indicators as well as signaling who is responsible for a substandard product.Brand OwnersSome commenters said that products falsely alleged to be compatible with a suite of proprietary branded devices or services could engender performance deficits that affect the operation of the branded products and subject the brand owner to lawsuits.Interoperability CertifiersUse of the brand by third parties to signal interoperability presents enforcement costs as well as licensing opportunities. Notably, there may be a significant role for use of certification trademarks to indicate that goods have been certified as meeting standards for device interoperability. These challenges are not specific to IoT, but should be considered when deciding how best to leverage brands using these new technologies.According to some commenters, the creation of platforms for interoperability of products and services creates opportunities for trademark owners to diversify their brand offerings but raises enforcement challenges. Transboundary Data FlowsSupport the free flow of data across borders._1995bff4-dc73-11e6-a11a-90318a99ac47B.ivU.S. GovernmentMultiple commenters recommended that the U.S. Government continue to work with the international community to encourage the cross-border flow of data to enable IoT services and discourage forms of localization. This might include work on interoperability of privacy and cybersecurity regimes and standards. Stakeholders also recommended that the U.S. Government should seek to form binding commitments with other nations to ensure the flow of information.Free Flow of Data Across Borders -- The free and open global Internet, with minimal barriers to the flow of information and services across national borders, is the lynchpin of the digital economy today. A number of commenters emphasized just how important a free and open Internet is to the future innovation and growth of IoT. They stressed that cross-border information flows are critical to companies across sectors, from industrial to human resources. While some governments have created policies that limit cross-border data flows for various reasons, such policies could negatively affect the growth of certain IoT sectors by impeding the normal functioning of the devices, many of which themselves cross borders frequently (e.g., sensors on an airplane). Further, these commenters argued that these policies raise costs, especially for small and medium sized companies, which can slow economic growth.Planned ActivitiesEngage in appropriate activities._1995c3a0-dc73-11e6-a11a-90318a99ac47B.vThe Department reaffirms its commitment to the policy approach that has made the United States the leading innovation economy. This approach is reflected in the 1997 Framework for Global Electronic Commerce, and has been maintained across all subsequent Presidential administrations. It asserts that policy should generally be industry led, and that regulation, when needed, should be predictable and consistent. The Department is positioned to advance U.S. policy approaches around IoT, including those recommended in this paper. Policy related to IoT spans multiple domains from data protection and privacy issues, to infrastructure stability and security, to digital inclusion. The following issues are and will continue to be priority focus areas of the Department in the IoT domain.Current InitiativesContinue current initiatives._1995cc92-dc73-11e6-a11a-90318a99ac47B.v.1International EngagementsEngage in government-to-government dialogues and relevant international fora._1995d2a0-dc73-11e6-a11a-90318a99ac47B.v.1.aInternational Telecommunication UnionIn international fora, the Department engages in the work of the International Telecommunication Union and in the Internet Governance Forum (IGF) IoT dynamic coalition, among others.Internet Governance ForumGovernment-to-government dialogues and relevant international fora are major vehicles for the Department's international engagement on IoT. Currently the Department maintains formal dialogues with numerous governments where digital economy and general information and communications technology issues are often discussed. Through stakeholder input, the Department envisions IoT and aspects thereof will continue to be raised in these engagements. Interagency CollaborationContinue to work with interagency partners on the development of policy._1995d6a6-dc73-11e6-a11a-90318a99ac47B.v.1.bThe Department will continue to work with its interagency partners to ensure the development of policy that fosters IoT innovation and protects the rights and safety of individuals. CybersecurityBring private sector experts together with policymakers._1995e01a-dc73-11e6-a11a-90318a99ac47B.v.1.cCybersecurity ExpertsPolicymakersThe Department will continue to bring private sector experts together with policymakers to define security principles for IoT, facilitate IoT security framework development by sector and application, and encourage the implementation of best practices and/or minimum standards. Cybersecurity Multistakeholder ProcessConvene a cybersecurity-focused multistakeholder process to address IoT security upgradability and patching._1995e52e-dc73-11e6-a11a-90318a99ac47B.v.1.c.1NTIANTIA is convening a cybersecurity-focused multistakeholder process to address IoT security upgradability and patching. NTIA Cybersecurity Multistakeholder Process... The objective of this multistakeholder process is to foster a market offering more devices and systems that support security upgrades through increased consumer awareness and understanding. Enabling a thriving market for patchable IoT devices requires common definitions so that manufacturers and solution providers speak a common language. As the process identified, IoT has brought connectivity to business sectors that previously did not provide networked products – and some of these businesses are confronting a new requirement to deal effectively with cybersecurity threats targeting their products. The Department is assisting by working with industry and other stakeholders to document best practices for patching, vulnerability notification, and control of data retention for IoT products. In addition, the threat posed by orphan devices -- devices no longer supported by their manufacturers -- must also be addressed. Devices that consumers continue to use to connect to the Internet should be updated and protected even if device manufacturers discontinue them. There should be some mechanism (such as transferring the needed software keys to a designated consortium) for ensuring that devices function with the software updates needed to ensure security. Stakeholders, through NTIA's multistakeholder process, will have the opportunity to encourage providers of connected devices and services to embrace security-by-design, beginning with risk assessment as part of the design process, testing security measures before products and services launch, and using encryption to store and use sensitive information. PrivacyAddress privacy concerns._1995e8f8-dc73-11e6-a11a-90318a99ac47B.v.1.dThe Department continues to address privacy concerns in a range of contexts, from support for baseline privacy legislation that would include IoT services, to work to promote the availability of strong encryption (including in IoT devices).Intellectual PropertyPromote the evolution of intellectual property._1995f082-dc73-11e6-a11a-90318a99ac47B.v.1.eThe Department of Commerce will continue to work to promote the positive evolution of intellectual property and its protection in the Internet's digital economy. Over the past few years, the Department has consulted extensively with stakeholders. It produced a green paper on Copyright Policy, Creativity, Innovation, and the Digital Economy, which provided a thorough and comprehensive analysis of digital copyright policy, including issues relevant to the Internet of Things. It published a White Paper on Remixes, First Sale, and Statutory Damages, and is conducting work as recommended in those papers, including facilitating discussions about standards and interoperability in the context of developing the online marketplace for copyrighted works.Cross-Border Data FlowsEnsure that information and data continue to flow freely and the Internet remains open and global._1995f4e2-dc73-11e6-a11a-90318a99ac47B.v.1.fOrganization for Economic Cooperation and DevelopmentFor example, the Department championed the development of the Principles for Internet Policy-Making at the Organization for Economic Cooperation and Development (OECD).Recognizing the value of Internet openness and the free flow of information, and the risks that restrictions on Internet data flows present to innovation, economic growth, and social prosperity, the Department of Commerce has made it a top priority to ensure that information and data continue to flow freely and the Internet remains open and global. The Department has played a critical role in developing policies and initiatives that protect the free flow of information and foster a robust digital economy.Next StepsTake the appropriate next steps._2e168b1e-dd38-11e6-b92d-b91d8a99ac47B.v.2The Department will: EnablementFoster an enabling environment for IoT technology to grow and thrive._2e1695b4-dd38-11e6-b92d-b91d8a99ac47B.v.2.aContinue to foster an enabling environment for IoT technology to grow and thrive, allow the private sector to lead, and promote technology-neutral standards and consensus-based multistakeholder approaches to policy making at local, tribal, state, federal, and international levels on issues ranging from U.S. security and competitiveness to cybersecurity, privacy, intellectual property, the free flow of information, digital inclusion, interoperability, and stability related to IoT.PolicyIdentify and, where appropriate, convene multi-stakeholder processes on IoT policy issues based on stakeholder feedback in areas such as cybersecurity, privacy, inclusion, intellectual property, and cross-border data flows._2e169de8-dd38-11e6-b92d-b91d8a99ac47B.v.2.bEngagement & CollaborationProactively engage and collaborate with other relevant agencies on IoT in order to protect the safety and rights of individuals, promote innovation, and ensure a consistent and predictable regulatory environment._2e16af9a-dd38-11e6-b92d-b91d8a99ac47B.v.2.cDepartment of Homeland SecurityDepartment of TransportationFood and Drug AdministrationProactively engage and collaborate with other relevant agencies on IoT in order to protect the safety and rights of individuals, promote innovation, and ensure a consistent and predictable regulatory environment, such as with the Department of Homeland Security, the Department of Transportation, and the Food and Drug Administration, among others.International PolicyLeverage country and industry experts and work closely with key interagency partners toward a consistent and predictable international IoT policy environment based on bottom-up, industry-led solutions._2e16b1a2-dd38-11e6-b92d-b91d8a99ac47B.v.2.dCountry IoT ExpertsIndustry IoT ExpertsCybersecurity_2e16b292-dd38-11e6-b92d-b91d8a99ac47B.v.2.ePolicyProactively support and promote cybersecurity policy for the IoT environment that encourages risk-based approaches, security by design, and the ability to fix or "patch" insecure software and devices. _2e16bada-dd38-11e6-b92d-b91d8a99ac47B.v.2.e.1EncryptionPromote the use of strong encryption in IoT services and products._2e16c4da-dd38-11e6-b92d-b91d8a99ac47B.v.2.e.2IoT Service ProvidersIoT Product DevelopersAs one of the key tools for addressing IoT cybersecurity concerns, promote the use of strong encryption in IoT services and products to address security concerns in the government's risk-based approach to the use and application of IoT technologies. EducationCollaborate with industry to educate consumers on issues such as how to limit risks associated with unsecured connected devices (e.g., by changing default passwords, using password-protected home Wi-Fi networks, and employing virtual private networks). _2e16c610-dd38-11e6-b92d-b91d8a99ac47B.v.2.e.3ConsumersRecommendationsConsider the recommendations of the Presidential Commission on Enhancing National Cybersecurity._2e16ce6c-dd38-11e6-b92d-b91d8a99ac47B.v.2.e.4Presidential Commission on Enhancing National CybersecurityOn December 2nd, 2016, the Presidential Commission on Enhancing National Cybersecurity presented its report to the President, which included several recommendations specific to IoT. The Department welcomes the Commission's endorsement of the Department's leadership role in helping to guide cybersecurity policy, and is carefully reviewing and considering the Commission's recommendations as we move forward in our efforts to meet the nation's cybersecurity needs.PrivacyWork to address the need to protect consumer privacy in the IoT environment, and continue to support baseline privacy legislation, as well as an engineering approach to privacy._2e16d330-dd38-11e6-b92d-b91d8a99ac47B.v.2.fIntellectual PropertyWork to promote the positive evolution of intellectual property and its protection in the digital economy. _2e16d84e-dd38-11e6-b92d-b91d8a99ac47B.v.2.gCross-Border Data FlowsWork with its international partners toward an industry-led global marketplace that promotes innovation for IoT and supports the free flow of information, and the ability of American companies to compete fairly around the world._2e16e10e-dd38-11e6-b92d-b91d8a99ac47B.v.2.hAmerican CompaniesStandards & TechnologyPromote standards and technology advancement. _a201cf66-dc6b-11e6-9fd3-ad198a99ac47CPromoting Standards and Technology Advancement: Ensuring that the necessary technical standards are developed and in place to support global IoT interoperability and that the technical applications and devices to support IoT continue to advance... Numerous commenters called attention to the important role of the U.S. Government in the context of supporting the development of IoT standards, and many agreed that the U.S. Government should encourage industry-led efforts toward the adoption of voluntary, consensus-based, global standards for IoT. Commenters also noted that interoperability and related standards development will be important to the success of IoT from a technical perspective, and the U.S. Government should actively support these national and international industry-led efforts. A wide range of standards addressing different aspects of IoT applications -- technology, connectivity, interoperability, functionality, security, usability, etc. -- will be needed. Standards DevelopmentEnsure appropriate government participation in a private-sector-led approach to standards development._a201d150-dc6b-11e6-9fd3-ad198a99ac47C.iGS1While GS1 was concerned about the confusion that could arise from too many standards, Infineon and CA Technologies discussed the way in which a diversity of industry-led standards organizations will be able to address the various aspects of the IoT environment and will likely converge.InfineonCA TechnologiesAmerican National Standards InstituteUnderscoring the need for a diverse set of industry-led, globally relevant IoT standards activities, the American National Standards Institute referenced the World Trade Organization Technical Barriers to Trade Agreement Committee Decision, which states that the global relevance of a standard is determined by how it was developed, not by where it was developed.World Trade OrganizationStandards OrganizationsGiven the systems engineering nature of IoT applications, it is not surprising that different standards and specifications address different needs in each layer of the system stack. A range of standards organizations are already enabling standards development that is private-sector led, open, voluntary, consensus-based, and nimble. New organizations are being established to meet IoT standards and specification needs as applications evolve for IoT technology. Industry, with active participation from government experts as needed, is ideally positioned to lead the development of technological standards and solutions to address global IoT environment opportunities and challenges. The American National Standards Institute strongly advocated for the multiple-path approach to IoT standardization. Under the multiple-path approach, the relevance and utility of a standard is not linked to the organization that developed it, and multiple or competing standards can be used as solutions to meet given requirements. It added that this will help sustain a level playing field for standards organizations in which standards have been developed in a balanced, open, consensus-based process.Consumer Technology AssociationThe Consumer Technology Association suggested that an emphasis on commercial solutions and market-developed voluntary standards would foster faster adoption of IoT and increased innovation.GovernmentsCommenters pointed to the fact that governments can work as both facilitator and convener to identify standards needs and priorities, and in such instances, they should ensure full industry participation in these processes.Information Technology Industry CouncilThe Information Technology Industry Council urged the Department to strongly encourage governments to participate in industry-led standardization activities, but governments should not take the lead or direct development of standards. In cases where multilateral organizations wish to lead standards efforts, the Information Technology Industry Council suggested those organizations should allow full industry participation, and should avoid engaging in standardization activities that may duplicate, or even conflict with, global industry-led IoT standards.U.S. GovernmentDue to the vast and expansive nature of the technologies underpinning IoT, no single standards developing organization has the resources or the expertise to develop all of the standards that will be needed. Commenters have called attention to the important role the U.S. Government could play in advocating for the development and use of international standards and specifications developed in industry-led efforts that are voluntary, consensus-based, and open to participation by interested stakeholders.United NationsCommenters specifically detailed the U.S. Government's ongoing role in United Nations agencies such as the International Telecommunication Union's Standardization Sector (ITU-T) and the World Intellectual Property Organization, where IoT activities are currently underway. Various commenters noted concerns about the ITU-T. Comments covered concerns with proposed scope and the potential for duplication of work underway in other standards organizations. Commenters urged the U.S. Government to encourage international partners to support the development and use of international standards to the extent practicable and advocate against standards that are developed in processes that are not open to all interested stakeholders or that do not treat all stakeholders in a similar manner. Concern was also expressed about standards development activities that do not have strong industry support or participation. To prevent possible market access barriers, commenters generally agree that the U.S. Government should continue to press adoption of standards that are developed in an open, globally relevant manner.International Telecommunication UnionWorld Intellectual Property OrganizationIt is the Department's position that a private-sector-led approach to standards development with appropriate government participation is fundamental to successfully developing these standards... Market forces will undoubtedly shape IoT development and innovation. The Department of Commerce agrees with commenters that an industry-led, bottom-up, consensus-based approach to standards development is necessary to realize the benefits of the technology. Planned ActivitiesFoster an industry driven, private sector-led consensus-based approach to standards development._2e16e618-dd38-11e6-b92d-b91d8a99ac47C.iiPlanned Activities The U.S. Government fosters an industry driven, private sector-led consensus-based approach to standards development. In some other countries or regions, however, governments can have a distorting effect by identifying and directing standardization priorities and funding the development of those priorities to favor their own entities, or where participation and/or decision making in standards organizations is not open to all interested stakeholders, approaches developed may not effectively address the needs of IoT. The rationale provided by governments for active and often interventionist roles in standards development is that it is required by national/regional laws or policies, to support government policies and legislation, or to foster the development of standards to meet requirements that are unique to that country or region. It is clear from commenters that technical standards need to be developed and maintained in order to ensure that IoT reaches its full potential. This will require all parties to work within voluntary consensus standards development bodies to ensure the development, deployment, and interoperability of the IoT environment. The Department will continue to support IoT standards development that is bottom up and private-sector led. Technology development in the form of hardware and software advancement and new applications and devices will also be critical to IoT growth and adoption. Current InitiativesContinue current initiatives._2e16eb4a-dd38-11e6-b92d-b91d8a99ac47C.ii.1Cyber-Physical Systems Public Working GroupBring together experts to help define and shape key aspects of cyber-physical systems._2e16f4fa-dd38-11e6-b92d-b91d8a99ac47C.ii.1.aCyber-Physical Systems Public Working GroupThe Cyber-Physical Systems Public Working Group (CPS PWG), formed by NIST in 2014, brings together experts to help define and shape key aspects of cyber-physical systems to accelerate their development and implementation within multiple sectors of our economy. Through its five subgroups, the CPS PWG has prepared a Cyber-Physical Systems Framework.NISTSmart CitiesAdvance the deployment of IoT technologies within a smart city environment._2e16fa0e-dd38-11e6-b92d-b91d8a99ac47C.ii.1.bCitiesThe Global City Teams Challenge is a NIST initiative to advance the deployment of IoT technologies within a smart city environment. Nearly 100 teams or "action clusters" are pursuing projects related to energy, transportation, public safety, and other key sectors.Project ArchitecturesCompare and distill architectural efforts among the many smart city projects currently underway around the world._2e16ff54-dd38-11e6-b92d-b91d8a99ac47C.ii.1.cInternational Technical Working Group on IoT-Enabled Smart CitiesThe International Technical Working Group on IoT-Enabled Smart Cities Framework is a NIST effort comparing and distilling current architectural efforts among the many smart city projects currently underway around the world. The goal is to produce a consensus framework document of common architectural features that will help cities employ interoperable and scalable smart city solutions that will meet the needs of their communities.Research & Standards DevelopmentConduct CPS research and develop standards._2e17081e-dd38-11e6-b92d-b91d8a99ac47C.ii.1.dNIST LaboratoriesCPS Research and Standards Development are carried out in multiple NIST laboratories, including programs in advanced manufacturing, cybersecurity, buildings and structures, disaster resilience, and smart grid. ITU-T Study Group 20Monitor the activities of the Standardization (ITU-T) Study Group 20 on the Internet of Things and Smart Cities and communities (SC&C)._2e170d32-dd38-11e6-b92d-b91d8a99ac47C.ii.1.eITU-T Study Group 20NTIA Monitoring of ITU-T Study Group 20. NTIA will continue to monitor the activities of the Standardization (ITU-T) Study Group 20 on the Internet of Things and Smart Cities and communities (SC&C), which is studying IoT, its applications, and big data aspects of IoT Smart Cities. Cybersecurity for IoT ProgramFocus on fundamental and applied research and the transfer to industry to enable technology advancement and innovation._2e171278-dd38-11e6-b92d-b91d8a99ac47C.ii.1.fNISTNIST has active ongoing work in fundamental research, including standards and guidance, that address security (e.g., lightweight encryption; RFID and Bluetooth security; systems security engineering; industrial control systems security; and blockchain).Industry VerticalsApplied research for IoT security at NIST focuses on work to address market-focused application of research through partnering with industry verticals such as Health Information Technology, Vehicle/Transportation, Smart Home and Manufacturing.National Cybersecurity Center of ExcellenceFor example, the National Cybersecurity Center of Excellence (NCCoE) engineers are working with the health care community to address wireless infusion pump security in hospital environments and publish best practices to address commonly found security risks.Health Care CommunityThe NIST Cybersecurity for IoT Program focuses on fundamental and applied research and the transfer of these to industry to enable technology advancement and innovation.Next StepsTake the appropriate next steps._2e171bc4-dd38-11e6-b92d-b91d8a99ac47C.ii.2The Department will:Monitoring & ContributionMonitor IoT related technology developments and applications and contribute to research and development involving those technologies._2e172114-dd38-11e6-b92d-b91d8a99ac47C.ii.2.aAdvocacyAdvocate for industry-led, consensus-based, international standards for IoT technologies and applications in its bilateral and multilateral engagements._2e1727c2-dd38-11e6-b92d-b91d8a99ac47C.ii.2.bParticipationActively participate in, and contribute to, the development of technical standards for IoT._2e173316-dd38-11e6-b92d-b91d8a99ac47C.ii.2.cMarketsEncourage markets._a201d3b2-dc6b-11e6-9fd3-ad198a99ac47DEncouraging Markets: Promoting the advancement of IoT through Department usage, application, iterative enhancement, and novel usage of the technologies; and translating the economic benefits and opportunities of IoT to foreign partners... Beyond the research and development work done by NTIA, NIST, and other government agencies, the U.S. Government as a whole, and the Department of Commerce in particular, can help to encourage the development and growth of the market for IoT devices by being a leading consumer and adopter of IoT; help to address the workforce issues that will arise due to the deployment of IoT; and help to better understand, plan for, and respond to IoT through quantification and measurement. Partnerships & ProcurementPursue public-private partnerships and provide leadership through government procurement._a201d5ec-dc6b-11e6-9fd3-ad198a99ac47D.iU.S. GovernmentThe U.S. Government is relevant not only as a potential policy maker and regulator, but also as an enabler and adopter.Public SectorThe Public sector can be a leading adopter of emerging technologies, helping to promote compatible regulatory regimes on security, privacy, and intellectual property, as well as transparent and predictable market access regimes.Center for Data InnovationAs the Center for Data Innovation commented, "the federal government can reduce the perceived risk of the technology that limits investment and adoption by the private sector and state and local governments. The government should actively pursue opportunities to deploy connected technologies to improve mission delivery, as well as comprehensively examine opportunities to transform agency operations around the potential of the Internet of Things and the data it generates."Department of CommerceIn addition, the Department plays an important role in educating foreign markets about the benefits of new and emerging technologies, and in promoting U.S. technologies in those arenas.PolicymakersThe Department also measures market changes, educates policymakers and the public about market developments, and designs and promotes policies that prepare the U.S. economy for changes that emerging technologies may bring. Workforce IssuesAddress workforce Issues, including education, training, and civil liberties._2e17387a-dd38-11e6-b92d-b91d8a99ac47D.iiConsumer Technology AssociationOver the past two decades, the Internet has spurred incredible innovation in the U.S. economy and positioned the United States as a global leader in information technology, according to the Consumer Technology Association. In particular, advances in IoT are enabling efficiency in the home and workplace, and delivering more narrowly tailored services to businesses and consumers.Ligado NetworksAs Ligado Networks suggested: "US manufacturers will gain a significant competitive advantage by lowering costs and enabling production efficiencies, reinvigorating domestic production, and allowing US manufacturers to compete with low-cost manufacturers globally."BSA | The Software AllianceBSA | The Software Alliance noted that by 2020, there will be more than 50 billion connected devices relied upon by consumers, governments, and businesses,253 and Ligado said that, by 2025, 80 percent of U.S. manufacturers will have implemented IoT technologies.State of IllinoisHowever, the growth potential could stall without adequate preparation for an economy that relies more heavily on IoT. The State of Illinois commented that IoT will allow for U.S. manufacturers and businesses to increase automation and efficiencies, perhaps increasing the pressure to eliminate jobs that may no longer be needed as the technology may be more cost-effective.U.S. Chamber of Commerce Center for Advanced Technology and InnovationIn order for the United States to take full advantage of developments in an IoT economy, the U.S. Chamber of Commerce Center for Advanced Technology and Innovation suggests that the Department will need to prepare U.S. workers for a shift in workforce education and training needs.American Bar AssociationEducation and training are not the only challenges of a workforce conversion in light of IoT adoption. The American Bar Association believes the Department will need to pay attention to individual worker rights and liberties, as some uses of IoT could be invasive (e.g., employee monitoring) or discriminatory.Scott R. PeppetScott R. Peppet of the University of Colorado School of Law commented that an employer could use data from an employee's Fitbit device to infer employee behavior. This is problematic for several reasons, including that the device could be giving the wrong location.Federal Trade CommissionThe Federal Trade Commission described in their comments how data on employee commuter distance could, depending on how it is used, violate the equal-employment opportunity standards. These examples reveal the chasm between the data analysis potential that serves both as a driver for efficiency and innovation and as a potential harbinger for civil rights abuses if not managed to account for these issues.Low-Skilled LaborersIf these changes are not properly addressed, as the State of Illinois commented, low-skilled laborers who may not receive the training and resources needed to stay relevant could find themselves at a disadvantage compared with other workers.Workforce Issues: Education, Training, and Civil Liberties -- Recommendations from commenters include: * Education incentives (e.g., grants, scholarships) for key IoT-related professions such as data science and engineering. * Partnerships with universities to develop specialized curricula.258 * Training opportunities (e.g., seminars, workshops) for businesses adopting IoT technologies.QuantificationQuantify the IoT sector._2e173e4c-dd38-11e6-b92d-b91d8a99ac47D.iiiIoT SectorCompetitive Carriers AssociationThe Competitive Carriers Association recommended not "formulating premature quantification and metrics" while the GSM Association suggested that the private sector is best-positioned to quantify the benefits of IoT, such as cost savings, productivity growth, and other efficiencies.GSM AssociationCenter for Data InnovationIn contrast, the Center for Data Innovation suggested that government should make measuring IoT a priority, citing the importance of understanding the role of IoT in the industrial value chain, as well as which sectors are adopting IoT rapidly and which are not. In particular, they recommended focusing on understanding the value generated by IoT devices as components of the industrial value chain and measuring IoT as part of the broader technology spending."Booz Allen HamiltonWith respect to analytic techniques, Booz Allen Hamilton suggested that "IoT lends itself to traditional measures and forecasts of economic impact," combining broad estimates of economic activity tied to IoT and more targeted impact assessment. Given the complexities of IoT, however, Booz Allen noted that the targeted impact assessment approach would require careful differentiation of which components should be considered IoT and which should not.Cross-Industry Working GroupsAdditionally, the commenter also suggests that "IoT may necessitate development of new cross-industry or cross-system measures," in which case the government should leverage its "cross-industry working groups or stakeholder listening discussions to gather information" about what and how to measure. The Department will take these comments into consideration in its future information-gathering efforts regarding IoT.The Request for Comment asked several questions regarding whether, and how, the government should measure the IoT sector and its economic impact. Most commenters did not address these questions, and those who did suggested that quantification of IoT was not a high priority. Several commenters even advised against government measuring IoT at this stage.Planned ActivitiesFoster the development of IoT through government application, procurement, and international engagements._2e1747ac-dd38-11e6-b92d-b91d8a99ac47D.ivIt is clear from commenters that the government can play an important role in fostering the development of IoT through government application, procurement, and international engagements. The Department is already actively engaged in promoting innovation both within the Department, domestically, and abroad, and will continue to be a champion of emerging technologies and the digital economy, as described in the examples below. Current InitiativesContinue current initiatives._2e174d24-dd38-11e6-b92d-b91d8a99ac47D.iv.1Census SystemsUnify more than 100 systems used in the 2010 census to a single platform by the 2020 census._2e1752b0-dd38-11e6-b92d-b91d8a99ac47D.iv.1.aCensus BureauCensus Field WorkersCensus Enterprise Data Collection and Processing Initiative (CEDCaP). The CEDCaP aims to unify more than 100 systems used in the 2010 census to a single platform by the 2020 census, allowing shared data collection and processing across all censuses and surveys. One part of this initiative is incorporation of IoT technology into the work of the 20,000 census field workers.Skills for BusinessStrengthen regional economies by supporting employer-led partnerships to address talent pipeline challenges._2e175c38-dd38-11e6-b92d-b91d8a99ac47D.iv.1.bBusinessesEmployersSkills for Business Initiative. The Department has committed to use all of its pertinent assets to strengthen regional economies by supporting employer-led partnerships to address talent pipeline challenges, including within emerging technologies such as IoT.Labor Market StatisticsDetermine how our labor market is evolving and how our statistical system should evolve in response to a labor market that is dynamic._2e17628c-dd38-11e6-b92d-b91d8a99ac47D.iv.1.cWorkersEmployersCensus BureauIRSCensus Bureau Research on 1099 Form. Recent advances in technology have changed how workers and employers interact in the 21st century labor market, and it is essential that our measures of employment and earnings evolve in order to remain accurate and relevant. To that end, the Census Bureau is conducting new research using IRS tax records from the "1099 form" for services performed by independent contractors as well as the use of contract workers at U.S. employer firms. These projects will inform how our labor market is evolving already and how our statistical system should evolve in response to a labor market that is dynamic due to developments such as the emergence of IoT.Environmental InformationCollect and distribute information on Earth's environment._2e17682c-dd38-11e6-b92d-b91d8a99ac47D.iv.1.dNational Oceanic and Atmospheric AdministrationThe National Oceanic and Atmospheric Administration's (NOAA) Whale Alert. NOAA incorporates a variety of IoT sensors, provided in collaboration with many of its partners, to collect and distribute information on Earth's environment, from local weather data to the location of whales and other marine mammals. As an example of a particular IoT data collection application, NOAA is collecting user-contributed information on Earth's magnetic field via a free smartphone app that provides users the option to share data with the agency from a phone's internal digital compass. The smartphone compass data is then used by NOAA scientists to construct new, more detailed models of the earth's varying magnetic field, which are in turn used for a wide variety of precision navigation applications in industry. This high resolution description of the magnetic field in complex areas such as cities and other developed areas would have otherwise been costly and difficult to achieve.Data-Driven Decision MakingTransform data into insights, products, and applications to empower data-driven decision making. _2e177416-dd38-11e6-b92d-b91d8a99ac47D.iv.1.eCommerce Data Service. This team of designers, developers, software engineers, and data scientists works to transform raw data from the 12 bureaus, including data collected through connected devices, into insights, products, and applications to empower data-driven decision making. Digital Economy & World MarketsFacilitate U.S. private sector involvement in the global digital economy and to help U.S. companies reach markets worldwide._2e177b50-dd38-11e6-b92d-b91d8a99ac47D.iv.1.fDigital Trade OfficersThe Digital Trade Officers advance commercial diplomacy by driving policy advocacy on technology issues, ensure linkages between trade policy and trade promotion efforts, and provide front-line assistance for U.S. small and medium enterprises to take advantage of the robust e-commerce channels.Intellectual Property AttachésIn addition, USPTO Intellectual Property Attachés aid U.S. embassies, consulates, and international missions. The attachés advocate improving intellectual property policies, laws and regulations abroad, and provide information to help U.S. stakeholders entering foreign markets or conducting business abroad, including on IoT-related issues.Standards AttachésITA also has Standards Attachés in four U.S. embassies and consulates who are able to proactively monitor and work to address standards issues that have potential trade implications for U.S. industry and businesses.U.S. Private SectorInternational Trade AdministrationThis initiative and its pilot (launched in Brazil, China, Japan, India, the European Union, and in the Association of Southeast Asian Nations [ASEAN] region) are led by the Department's International Trade Administration (ITA), working with bureaus across the Department, in collaboration with the State Department and industry stakeholders.State DepartmentBrazilChinaJapanIndiaEuropean UnionAssociation of Southeast Asian Nations [ASEAN] RegionDigital Trade Officers, Intellectual Property Attachés, and Standards Attachés. To respond to the benefits and challenges associated with the digital economy, including IoT, the Department launched a pilot program in March 2016 for Digital Trade Officers to facilitate U.S. private sector involvement in the global digital economy and to help U.S. companies reach markets worldwide. Next StepsUndertake the appropriate next steps._2e178406-dd38-11e6-b92d-b91d8a99ac47D.iv.2The Department will:MissionsContinue to work toward fulfilling the missions of our various bureaus with greater impact and efficiency by leveraging emerging technologies such as IoT. _2e178eb0-dd38-11e6-b92d-b91d8a99ac47D.iv.2.aDepartment of Commerce BureausGovernment PracticesInform and influence government practices in the use of emerging technologies._2e17943c-dd38-11e6-b92d-b91d8a99ac47D.iv.2.bInform and influence government practices (purchasing and otherwise) in the use of emerging technologies such as IoT in a way that maximizes efficiency and the public good while protecting the security and privacy of individuals, which will help promote a market for devices that are consistent with these practices. Market DevelopmentLeverage our role as an IoT consumer to promote a market for secure IoT technologies and the supply chains supporting those technologies._2e179a04-dd38-11e6-b92d-b91d8a99ac47D.iv.2.cSkills DevelopmentPlay an active role in 21st century skills development._2e17a378-dd38-11e6-b92d-b91d8a99ac47D.iv.2.dPlay an active role in 21st century skills development by inserting the business perspective into federal workforce policy making to support creation of quality career paths for workers, particularly in areas of emerging technologies such as IoT, to meet employer demand. Education & AwarenessIncorporate the Internet of Things into education and awareness programs._2e17a8f0-dd38-11e6-b92d-b91d8a99ac47D.iv.2.eGlobal Intellectual Property AcademyIncorporate the Internet of Things into current education and awareness programs, such as the USPTO's Global Intellectual Property Academy, which provides intellectual property training in the United States and around the worldMetricsDevelop metrics to better understand the role of IoT in the industrial value chain and its contributions to GDP, exports, and other economic measures._2e17b55c-dd38-11e6-b92d-b91d8a99ac47D.iv.2.fExplore developing metrics to better understand the role of IoT in the industrial value chain and its contributions to GDP, exports, and other economic measures. The Department will establish a definition for the digital economy and develop estimates of the domestic output, value added, and employment associated with the digital economy. GDP ResearchConduct research to improve the measurement of information and communications technology-enabled goods and services._2e17bc00-dd38-11e6-b92d-b91d8a99ac47D.iv.2.gConduct research to improve the measurement of information and communications technology-enabled goods and services (including IoT) in order to improve the estimate of GDP, particularly as it relates to the digital economy, and productivity2017-01-17https://www.ntia.doc.gov/files/ntia/publications/iot_green_paper_01122017.pdfOwenAmburOwen.Ambur@verizon.net