LIVE AS IF YOU WERE TO DIE TOMORROW. LEARN AS IF YOU WERE TO LIVE FOREVER (GANDHI).
Thursday, March 3, 2016
Question of the Week No. 8
The FDA has required all advertisements for
prescription drugs to list possible side effects.Should the FTC require all advertisements for
“smart devices” to list possible privacy and security risks?
I think that's an interesting concept and I had never considered the possibility of listing such risks before. That being said, I do think it's a good idea. While I don't think that listing privacy/security risks possess the same weight as letting consumers of certain pharmaceuticals know that the medicines they take may cause seizures or liver disease, I do think that listing privacy risks will start an important public debate and better inform consumers about privacy/security concerns. Many people don't think about or recognize the privacy risks associated with using the smart devices that run their every day lives and I think that if these risks were brought to the forefront of conversations about smart devices people would make more informed decisions about what personal information or data they want to give up.
I agree with Tara in the sense that I had never considered this possibility before. That being said, I also think it is a good idea. The way that I see it, the reason that certain pharmaceutical drugs have warnings is so that less-informed consumers are able to judge the risk of taking the drug, even though the risks are run by extremely quickly in an advertisement. The risks/side affects are put into public knowledge because realistically the average consumer wouldn't know about them otherwise. With the extreme advances in technology that we've had recently, I think it makes sense to include similar warnings on smart devices. As we've talked about in class, it's not unreasonable to assume that some people have a lot of personal information on their smart devices. Additionally, I don't think it would be unreasonable to assume that there are consumers out there that aren't aware that there is a possibility for this technology to be breached. For that reason, I think it makes sense to list the potential risks of smart devices in the advertisements for them.
I agree with Michael and Tara that a lot of people don't recognize that there is the potential for their smart phones to be a means to invade their privacy. That being said, I don't know how much of a difference warnings and advisement would make. I'm sure when they were first implemented and warnings were novel and unexpected people might listen to them, but after a while they would become mundane like every other warning among ads and no one would care at all. I guess I agree that there should be warnings associated with smart devices, but I do not think they would be useful.
I agree with what has been said about this topic. Specifically I agree with Tara's distinction between weight of importance between side effects and security/privacy risks. That being said, I know that I have made uninformed decisions about many things and would have been grateful for a lack of ignorance. For many people, they will stay ignorant until something negative happens or until the information is repeatedly in front of them. I think that listing the privacy/security risks at the end of smart device advertisements could allow for less ignorance and for better prevention of privacy and security breeches on the user's part.
I don’t think that these warnings would be appropriate, primarily because I don’t think that IoT devices are particularly special when it comes to privacy and security risks. IoT devices collect data, but I would argue that the data collected by services like Facebook or Google pose an equal, or even greater, threat than the data collected by IoT devices. Would you have these same warnings applied to these, and any other service that uses consumer data to facilitate its business? On the security front, I would argue that the average laptop is far less secure than a properly set up IoT device, simply because there are fewer variables to control with the latter. In addition, a laptop likely contains a larger amount of more personal data than your average IoT device, because your laptop serves a variety of uses. Would you have these same warnings tacked onto the end of laptop commercials as well? Rather than create a false sense of security surrounding these other examples by targeting the IoT, I would rather see comprehensive and widespread education about privacy and security risks.
I side with Josh on this issue, I don't believe the FTC should mandate that advertisements for smart devices contain possible privacy risks. The first problem I see is one of simple practicality. As technology continues to progress an increasing percentage of items will fall into this category, until the point at which essentially all products would require such warnings. Similarly, there will be an increasing range of possible privacy risks that producers might not anticipate, and I don't think it would be fair to hold producers liable for the ingenuity of hackers. It isn't possible to run studies for potential criminal uses of information the way one can study potential side effects. While I do understand the risks created by the internet of things, I do not believe that mandated fine-print warnings are the solution. The FTC and/or other agencies could better spend their time ensuring that proper encryption, safeguards, and access limitations are utilized across the board. It would be better to deter the possibility of data breaches than it would be to make the public, who for the most part could not create such safeguards, aware of potential dangers. While I agree that education on these issues should also be as widespread as possible, the more important issue is ensuring the technological infrastructure is as secure as possible.
Yes, the FTC should need to list possible privacy and security concerns on advertisements. Like with pharmaceuticals, the vast majority of the population does not realize the inherent risks and concerns to using smart devices and won’t spend the time to look up the risks before using. This could serve as a pre-purchase disclaimer for the company as well, so that they can tell the customers if and how their data might be accessed by the company. I agree with Tara that privacy isn’t as serious as liver failure, but there are definite harms from security (or lack thereof) “side effects”, such as identity theft and public disclosure of private facts. Since there are these potential risks, it is important that consumers are aware of them and placing disclaimers on advertisements is a good way to notify consumers of these risks.
I agree with Josh and Charles in that I don't think that it makes sense for the FTC to mandate this. Its too hard to decide what should and shouldn't be listed and Facebook et. al. pose a much greater concern. I agree that fine print isn't the best solution and a better approach would be public service announcements by the government or third party non-profits. I do believe that blatant security flaws should be prevented, possibly by requiring a certain degree of testing. I think the biggest issue is how to inform users if an unexpected flaw becomes known in their device (something that cannot be addressed in the fine print).
I don't think that the FTC should require the smart devices to list the possibly privacy and security risks. I like the point that Charles brought up about running trials. The FDA can run trials for pharmaceuticals and find the potential side effects but not so with smart devices and software. I still think that it's up to the companies themselves to update and patch exploits they find or others find.
One thing that I just thought of is that the FDA classifies medical devices in three classes. Perhaps the FTC can do a similar thing. For example, Class I devices would poses low security risk, Class II would be medium, and Class III would be high risk. Thinking about this though, it would be hard to classify what devices is in what category
I don't think that these two a really comparable. The FDA are required to publicly announce side effects associated with their pharmaceuticals for the health and safety of the public. It's not that I don't think privacy is important but when it comes to pills people could actually die. I think a better comparison would be that of those fast voices or small text at the end of car commercials. Car dealership do not want to put that in their add campaign but they are required to so they can not profit off their customers ignorance. I think this should also apply to privacy concerns associated with smart devices especially when data mining is involved.
I think that's an interesting concept and I had never considered the possibility of listing such risks before. That being said, I do think it's a good idea. While I don't think that listing privacy/security risks possess the same weight as letting consumers of certain pharmaceuticals know that the medicines they take may cause seizures or liver disease, I do think that listing privacy risks will start an important public debate and better inform consumers about privacy/security concerns. Many people don't think about or recognize the privacy risks associated with using the smart devices that run their every day lives and I think that if these risks were brought to the forefront of conversations about smart devices people would make more informed decisions about what personal information or data they want to give up.
ReplyDeleteI agree with Tara in the sense that I had never considered this possibility before. That being said, I also think it is a good idea. The way that I see it, the reason that certain pharmaceutical drugs have warnings is so that less-informed consumers are able to judge the risk of taking the drug, even though the risks are run by extremely quickly in an advertisement. The risks/side affects are put into public knowledge because realistically the average consumer wouldn't know about them otherwise. With the extreme advances in technology that we've had recently, I think it makes sense to include similar warnings on smart devices. As we've talked about in class, it's not unreasonable to assume that some people have a lot of personal information on their smart devices. Additionally, I don't think it would be unreasonable to assume that there are consumers out there that aren't aware that there is a possibility for this technology to be breached. For that reason, I think it makes sense to list the potential risks of smart devices in the advertisements for them.
ReplyDeleteI agree with Michael and Tara that a lot of people don't recognize that there is the potential for their smart phones to be a means to invade their privacy. That being said, I don't know how much of a difference warnings and advisement would make. I'm sure when they were first implemented and warnings were novel and unexpected people might listen to them, but after a while they would become mundane like every other warning among ads and no one would care at all. I guess I agree that there should be warnings associated with smart devices, but I do not think they would be useful.
ReplyDeleteI agree with what has been said about this topic. Specifically I agree with Tara's distinction between weight of importance between side effects and security/privacy risks. That being said, I know that I have made uninformed decisions about many things and would have been grateful for a lack of ignorance. For many people, they will stay ignorant until something negative happens or until the information is repeatedly in front of them. I think that listing the privacy/security risks at the end of smart device advertisements could allow for less ignorance and for better prevention of privacy and security breeches on the user's part.
ReplyDeleteI don’t think that these warnings would be appropriate, primarily because I don’t think that IoT devices are particularly special when it comes to privacy and security risks. IoT devices collect data, but I would argue that the data collected by services like Facebook or Google pose an equal, or even greater, threat than the data collected by IoT devices. Would you have these same warnings applied to these, and any other service that uses consumer data to facilitate its business? On the security front, I would argue that the average laptop is far less secure than a properly set up IoT device, simply because there are fewer variables to control with the latter. In addition, a laptop likely contains a larger amount of more personal data than your average IoT device, because your laptop serves a variety of uses. Would you have these same warnings tacked onto the end of laptop commercials as well? Rather than create a false sense of security surrounding these other examples by targeting the IoT, I would rather see comprehensive and widespread education about privacy and security risks.
ReplyDeleteI side with Josh on this issue, I don't believe the FTC should mandate that advertisements for smart devices contain possible privacy risks. The first problem I see is one of simple practicality. As technology continues to progress an increasing percentage of items will fall into this category, until the point at which essentially all products would require such warnings. Similarly, there will be an increasing range of possible privacy risks that producers might not anticipate, and I don't think it would be fair to hold producers liable for the ingenuity of hackers. It isn't possible to run studies for potential criminal uses of information the way one can study potential side effects. While I do understand the risks created by the internet of things, I do not believe that mandated fine-print warnings are the solution. The FTC and/or other agencies could better spend their time ensuring that proper encryption, safeguards, and access limitations are utilized across the board. It would be better to deter the possibility of data breaches than it would be to make the public, who for the most part could not create such safeguards, aware of potential dangers. While I agree that education on these issues should also be as widespread as possible, the more important issue is ensuring the technological infrastructure is as secure as possible.
ReplyDeleteYes, the FTC should need to list possible privacy and security concerns on advertisements. Like with pharmaceuticals, the vast majority of the population does not realize the inherent risks and concerns to using smart devices and won’t spend the time to look up the risks before using. This could serve as a pre-purchase disclaimer for the company as well, so that they can tell the customers if and how their data might be accessed by the company. I agree with Tara that privacy isn’t as serious as liver failure, but there are definite harms from security (or lack thereof) “side effects”, such as identity theft and public disclosure of private facts. Since there are these potential risks, it is important that consumers are aware of them and placing disclaimers on advertisements is a good way to notify consumers of these risks.
ReplyDeleteI agree with Josh and Charles in that I don't think that it makes sense for the FTC to mandate this. Its too hard to decide what should and shouldn't be listed and Facebook et. al. pose a much greater concern. I agree that fine print isn't the best solution and a better approach would be public service announcements by the government or third party non-profits. I do believe that blatant security flaws should be prevented, possibly by requiring a certain degree of testing. I think the biggest issue is how to inform users if an unexpected flaw becomes known in their device (something that cannot be addressed in the fine print).
ReplyDeleteI don't think that the FTC should require the smart devices to list the possibly privacy and security risks. I like the point that Charles brought up about running trials. The FDA can run trials for pharmaceuticals and find the potential side effects but not so with smart devices and software. I still think that it's up to the companies themselves to update and patch exploits they find or others find.
ReplyDeleteOne thing that I just thought of is that the FDA classifies medical devices in three classes. Perhaps the FTC can do a similar thing. For example, Class I devices would poses low security risk, Class II would be medium, and Class III would be high risk. Thinking about this though, it would be hard to classify what devices is in what category
DeleteI don't think that these two a really comparable. The FDA are required to publicly announce side effects associated with their pharmaceuticals for the health and safety of the public. It's not that I don't think privacy is important but when it comes to pills people could actually die. I think a better comparison would be that of those fast voices or small text at the end of car commercials. Car dealership do not want to put that in their add campaign but they are required to so they can not profit off their customers ignorance. I think this should also apply to privacy concerns associated with smart devices especially when data mining is involved.
ReplyDelete