Rules governing Internet of Things sparse

SAN JOSE, Calif. — With smart gadgets flooding the market and thousands more expected, the Internet of Things is emerging amid a regulatory wilderness.

The breakneck pace of this technology has far outpaced the legal system's ability to keep up with it, many experts contend. Because of legal loopholes, consumers often lack any right to control how long their data is kept, who it is shared with and what is collected about them, including such personal information as their finances, mental health, political leanings and sexual orientation.

And while ideas differ on what should be done about that, there is widespread agreement that it will be crucial to make sure the intimate details these devices gather on everyone won't be strewed willy-nilly across the web.

“I grew up reading Huxley and Orwell, and I believe we all need to be sensitive to the possibility this could go very wrong,” said Bryan Goff, a lawyer who has studied the legal issues surrounding the Internet of Things. While believing its innovations will provide innumerable benefits, he added, “this is a situation where change is going to happen — there is no stopping it. Now it's a question of doing what we can to steer that change to the best outcome possible.”

Some people are wary of government mandating rules for smart devices. That includes Roger Atkinson, president of the nonprofit Information Technology and Innovation Foundation, which is partly financed by businesses, including Google and Cisco Systems.

Because he believes gadget makers “have a lot of incentive to have a trusted relationship with the consumer,” he favors letting the industry regulate itself, adding that “it's way, way too early” to be passing new laws for the Internet of Things. “Let's let it roll out a tad and keep track if anyone is abusing it.”

Indeed, many people using such devices are perfectly happy with them, such as 81-year-old Bill Dworsky and his wife, Dorothy, 79. Their San Francisco home is outfitted with sensors made by Lively, which notify their son when they open their pill boxes or refrigerator door, for example, to indicate whether they are taking their medications and eating regularly.

“I think it's great we have this,” said Dorothy Dworsky, noting that she and her husband are getting forgetful.

Her son, Phil Dworsky, director of strategic alliances at Mountain View software firm Synopsys, added that he feels confident Lively won't misuse the information it gathers on his parents. That's because Lively voluntarily offers a privacy policy that promises to get users' consent before sharing their data with anyone and only after the information has been stripped of personally identifiable details, which he said is “important and reasonable to me.”

The primary regulatory body monitoring smart gadgets is the Federal Trade Commission. Jessica Rich, who heads the FTC's consumer protection bureau, said policing new data-gathering technologies “is my No. 1 priority.”

Nonetheless, the FTC concluded in a January report that passing new laws to specifically govern the Internet of Things “would be premature,” since the technology is still evolving. And the agency's clout is limited.

In 2002, California became the first state to require companies and others hit by data breaches to notify residents if their personal information might have been disclosed.

Last year it enacted a law restricting rented electronic devices from gathering personal consumer data when an FTC investigation discovered some rental computers were secretly spying on users. Besides surreptitiously harvesting the users' credit card information, Social Security numbers, medical records and private emails to doctors, the computers' webcams took pictures inside the users' homes, including images of them “engaged in intimate contact.”