This blog is a part of the S.J. Quinney College of Law Spring semester 2016 Information Privacy Law course. This blog features a "Question of the Week" (which all students answer "yes" or "no"); a weekly "Featured Blog Topic" (where one student writes about a selected course topic on which all students comment); and a weekly "What Have I Learned" summary based on the week's readings, posts and class discussions.
Thursday, March 3, 2016
Question of the Week No. 8
The FDA has required all advertisements for
prescription drugs to list possible side effects.Should the FTC require all advertisements for
“smart devices” to list possible privacy and security risks?
Yes. It seems to me that the law is moving more toward a "full disclosure" paradigm. The FDA put in place labeling requirements regarding nutrition information for packaged food, chain restaurants and similar retail food establishments, and vending machines. As mentioned in the question, the FDA also requires companies that advertise the benefits of pharmaceuticals to also disclose the potential side effects. Since 1965, Congress has required cigarette packages to the contain the warning that "cigarette smoking may be hazardous to your health." On the other hand, in contrast to these examples, the privacy concerns associated with smart devices does not pose a threat to human health and, therefore, may not warrant the same governmental regulation that prompted the FDA and Congress to mandate these health warnings. Nevertheless, the law values a "reasonable expectation of privacy," which most people likely believe they are enjoying when using their smart devices. And, as evidenced by the examples discussed above, it seems that we, as a society, are moving in a direction that values an informed public. As such, the expansive privacy concerns (that are likely not well-known by most consumers) should also be made known to potential buyers.
No, I think that the FTC does not need to require smart devices to contain warning labels enumerating the potential privacy risks associated with the use of smart devices. I see this as being quite different from the FDA regulations on food and drug labels. The FDCA was passed in large part due to sham salesmen who would market and sell medicine like snake oil and other ineffective elixirs claiming that they would "cure" any number of ailments. Smart devices are not sold or manufactured by fraudsters and sold as something they are not. I feel that FTC resources would be better spent regulating products that make misrepresentations or are deceitful.
No, the FTC should not require manufacturers place warnings on smart devices. It seems as though things with warnings on them (i.e. drugs, alcohol, tobacco) all have the common factor that they can cause physical injury. Even warnings on plastic packaging or children’s toys seem aimed at preventing physical injuries (choking, suffocating, etc.). There are certainly risks with smart devices, but to require the FTC to put warnings on these devices opens up the door to warnings about risks other than physical harm. The fact that these devices advertise syncing up with the cloud or being accessible from cell phones hardly hides the fact that they are connected to the Internet, and therefore susceptible to the vulnerabilities associated with it.
Yes, where truth and advertising laws would require such disclosure it would be necessary. But for every advertisement it seems unnecessary. I don't think privacy and security risks need be placed on every single advertisements; however, I am not against a requiring an insert or documentation to be sold with said technology. I definitely feel strongly about false advertisements in regard to technology. For example, if by change a specific technology promised security and safety if a person used it, or even freedom that would force someone to believe that their personal privacy was protected--then having these warnings in the advertisements themselves would seem apropos in their need to warn the consumer. To me even trying to compare the duty of the FTC in comparison to the FDA doesn’t do the particular scope and growing purpose and wide variety of technology justice. I understand wearable technology can cause health risks just as in the FDA would in relationship to prescription drugs, such as studies done on cell phones and their adverse health possibilites. For that, technology should have health warning on them.
Yes. The so-called "smart devices" are becoming ubiquitous, and in a modern home, could encompass everything from an internet-connected lock on the front door, to a Nest thermostat that detencts presence, to an internet-connected smart fridge with an LCD display, internet-connected smart TVs and shopping devices like Amazon Echo with an "always on" microphones, "Hello Barbie" like smart toys for kids, an internet-connected electric car parked in the garage with a mobile app that lets the owner control charging, and so on. Given how much we rely on many of these devices, it is difficult to conceive a scenario where having any of these devices turn against us might not affect our physical surroundings in a substantial way. What if a hacker turned up the thermostat remotely, resulting in one of your pets dying of heat exhaustion, or if another hacker managed to take control of the engine control unit of your car by hacking the internet-enabled smart device installed therein, causing you to continuously accelerate all the way to an accident, or if another hacker remotely unlocked the smart lock on your front door, letting your home be robber because he also hacked your smart thermostat and knew when you were not home? Think these scenarios are farfetched? Think again: https://thehackernews.com/2015/12/internet-of-things-search-engine.html . The risks from insecure smart and IoT devices cannot be understated, and goes above and beyond minor infractions in privacy and security. Unfortunately, most people who use these devices are not aware of the extent to which such devices could be misused by bad actors, or the fundamentally insecure nature of the vast majority of communication protocols used by these devices, leaving them vulnerable to hackers. These are reasons that the FTC needs to mandate manufacturers of smart devices to list possible privacy and security risks. Since newer risks come to light each day and get exploited, the FTC could make device manufacturers incorporate a persistent QR Code printed prominently on their devices, which the consumers could scan and obtain the latest information about the privacy and security vulnerabilities in their smart devices, as well as obtain patches to update the firmware of those devices, just like they download security patches for their computers and smartphones.
No. First, I would not want the tech companies passing the cost of issuing these warnings onto me. My cell phone bill is already ridiculous. Secondly, I do not see how these warnings will be helpful to consumers. This scenario is not like warnings with cigarettes. Cigarette companies were lying to consumers and the link between smoking and cancer and other diseases is indisputable. A warning on my cell phone or on a website will make me aware of the risk but that risk is not outweighed by the likelihood of a hacker gaining access to my personal info. I would be in favor or passing legislation that requires tech companies to obtain insurance against threats such as hackers.I would also be in favor imposing a higher standard of care onto tech companies to ensure that data is being protected against third-party hackers. Although such reforms customer against my concern of the tech company passing the cost onto me, at least such a reform would have substance. A warning label is too superficial to warrant an increased cost.
Yes. It seems to me that the law is moving more toward a "full disclosure" paradigm. The FDA put in place labeling requirements regarding nutrition information for packaged food, chain restaurants and similar retail food establishments, and vending machines. As mentioned in the question, the FDA also requires companies that advertise the benefits of pharmaceuticals to also disclose the potential side effects. Since 1965, Congress has required cigarette packages to the contain the warning that "cigarette smoking may be hazardous to your health."
ReplyDeleteOn the other hand, in contrast to these examples, the privacy concerns associated with smart devices does not pose a threat to human health and, therefore, may not warrant the same governmental regulation that prompted the FDA and Congress to mandate these health warnings.
Nevertheless, the law values a "reasonable expectation of privacy," which most people likely believe they are enjoying when using their smart devices. And, as evidenced by the examples discussed above, it seems that we, as a society, are moving in a direction that values an informed public. As such, the expansive privacy concerns (that are likely not well-known by most consumers) should also be made known to potential buyers.
No, I think that the FTC does not need to require smart devices to contain warning labels enumerating the potential privacy risks associated with the use of smart devices. I see this as being quite different from the FDA regulations on food and drug labels. The FDCA was passed in large part due to sham salesmen who would market and sell medicine like snake oil and other ineffective elixirs claiming that they would "cure" any number of ailments.
ReplyDeleteSmart devices are not sold or manufactured by fraudsters and sold as something they are not. I feel that FTC resources would be better spent regulating products that make misrepresentations or are deceitful.
No, the FTC should not require manufacturers place warnings on smart devices. It seems as though things with warnings on them (i.e. drugs, alcohol, tobacco) all have the common factor that they can cause physical injury. Even warnings on plastic packaging or children’s toys seem aimed at preventing physical injuries (choking, suffocating, etc.). There are certainly risks with smart devices, but to require the FTC to put warnings on these devices opens up the door to warnings about risks other than physical harm. The fact that these devices advertise syncing up with the cloud or being accessible from cell phones hardly hides the fact that they are connected to the Internet, and therefore susceptible to the vulnerabilities associated with it.
ReplyDeleteYes, where truth and advertising laws would require such disclosure it would be necessary. But for every advertisement it seems unnecessary. I don't think privacy and security risks need be placed on every single advertisements; however, I am not against a requiring an insert or documentation to be sold with said technology. I definitely feel strongly about false advertisements in regard to technology. For example, if by change a specific technology promised security and safety if a person used it, or even freedom that would force someone to believe that their personal privacy was protected--then having these warnings in the advertisements themselves would seem apropos in their need to warn the consumer. To me even trying to compare the duty of the FTC in comparison to the FDA doesn’t do the particular scope and growing purpose and wide variety of technology justice. I understand wearable technology can cause health risks just as in the FDA would in relationship to prescription drugs, such as studies done on cell phones and their adverse health possibilites. For that, technology should have health warning on them.
ReplyDeleteYes. The so-called "smart devices" are becoming ubiquitous, and in a modern home, could encompass everything from an internet-connected lock on the front door, to a Nest thermostat that detencts presence, to an internet-connected smart fridge with an LCD display, internet-connected smart TVs and shopping devices like Amazon Echo with an "always on" microphones, "Hello Barbie" like smart toys for kids, an internet-connected electric car parked in the garage with a mobile app that lets the owner control charging, and so on. Given how much we rely on many of these devices, it is difficult to conceive a scenario where having any of these devices turn against us might not affect our physical surroundings in a substantial way. What if a hacker turned up the thermostat remotely, resulting in one of your pets dying of heat exhaustion, or if another hacker managed to take control of the engine control unit of your car by hacking the internet-enabled smart device installed therein, causing you to continuously accelerate all the way to an accident, or if another hacker remotely unlocked the smart lock on your front door, letting your home be robber because he also hacked your smart thermostat and knew when you were not home? Think these scenarios are farfetched? Think again: https://thehackernews.com/2015/12/internet-of-things-search-engine.html . The risks from insecure smart and IoT devices cannot be understated, and goes above and beyond minor infractions in privacy and security. Unfortunately, most people who use these devices are not aware of the extent to which such devices could be misused by bad actors, or the fundamentally insecure nature of the vast majority of communication protocols used by these devices, leaving them vulnerable to hackers. These are reasons that the FTC needs to mandate manufacturers of smart devices to list possible privacy and security risks. Since newer risks come to light each day and get exploited, the FTC could make device manufacturers incorporate a persistent QR Code printed prominently on their devices, which the consumers could scan and obtain the latest information about the privacy and security vulnerabilities in their smart devices, as well as obtain patches to update the firmware of those devices, just like they download security patches for their computers and smartphones.
ReplyDeleteNo. First, I would not want the tech companies passing the cost of issuing these warnings onto me. My cell phone bill is already ridiculous. Secondly, I do not see how these warnings will be helpful to consumers. This scenario is not like warnings with cigarettes. Cigarette companies were lying to consumers and the link between smoking and cancer and other diseases is indisputable. A warning on my cell phone or on a website will make me aware of the risk but that risk is not outweighed by the likelihood of a hacker gaining access to my personal info. I would be in favor or passing legislation that requires tech companies to obtain insurance against threats such as hackers.I would also be in favor imposing a higher standard of care onto tech companies to ensure that data is being protected against third-party hackers. Although such reforms customer against my concern of the tech company passing the cost onto me, at least such a reform would have substance. A warning label is too superficial to warrant an increased cost.
ReplyDelete