Monday December 17, 2018
Kaye Tells Whirlpool His Office's IoT Report to Be Ready Soon
Expect a separate, early report on the Internet of Thing (IoT) prior to the one being worked on by CPSC staff. This one would be from Commissioner Elliot Kaye's office. Look for it in early 2019, he told visitors from Whirlpool, who met with the five commissioners December 13.
He characterized it as a discussion opener and acknowledged that his office cannot be the source of final expertise. Indeed, he said he welcomed contrary, even oppositional, feedback. He said the impetus was his desire that sufficient urgency be given to IoT safety as well as the need of industry to better understand safety vulnerabilities. He had mentioned the project in October when discussing IoT work in the FY2019 operating plan.
The pending release of his staff's paper arose in a discussion of safety and IoT adoption. That conversation touched on issues that have become typical – safety worries about a range of issues like faulty updates but also potential benefits like recall effectiveness or product monitoring.
Nathan Mouw, director of Whirlpool's product safety team, said the monitoring aspect could be promising. Data sent from units could identify operating conditions that trigger safety investigations. He later observed, however, that how to handle such data must be sorted out. If monitoring indicates an X% chance of something happening, what response would be appropriate and when triggered?
As for a general approach, Mouw pointed to existing voluntary standards as a start. They establish the safety expectations for products, so the challenge for SDOs is ensuring both that mandates continue to be met in connected devices and that IoT adaptations do not introduce new hazards.
On recall data generally, Laura Siegrist, Whirlpool's government relations manager, pointed to a challenge manufacturers face with retailers. Who bought a product often is not information sellers are comfortable sharing for competitiveness reasons. Thus, the makers often use third parties for customer contacts. Each retailer has different demands and needs. She wondered if CPSC has a role – not to demand behavior but, for example, to recommend best practices.
On the other hand, Mouw noted the IoT potential of better recall registration rates but said traditional consumer reluctance likely would remain a challenge. Companies would need to ensure that the contact information they provide would not be used for other purposes like marketing, he said.
Kaye agreed it is a challenge, adding that single companies cannot not always effectively reassure customers about privacy. Lone bad actors can affect the reputation of an industry because consumers might not distinguish between the good and bad.
Related to Mouw's observation about using existing standards, UL staff recently told CPSCers about a strategy of setting broad IoT safety expectations to be adapted for particular standards (PSL, 11/19/18). They said the hope is that panels will initiate actions themselves but indicated willingness to prompt projects if needed.
At the November meeting, CPSC staffers told the UL visitors that the timing of their report was uncertain but that the later it comes out in FY2019, the more thorough it will be.
Commissioners added the project to the FY2019 operating plan via an amendment offered by Kaye (PSL, 10/15/18). They will identify and outline the statuses of CPSC's IoT efforts. At the October decisional meeting, Kaye urged them to go beyond the directive and to provide timelines and strategies.
Other points arising at the meeting with Kaye included: