83 FR 13122 - The Internet of Things and Consumer Product Hazards
CONSUMER PRODUCT SAFETY COMMISSION Federal Register Volume 83, Issue 59 (March 27, 2018)
Federal Register Volume 83, Issue 59 (March 27, 2018)
| Page Range | 13122-13124 | |
| FR Document | 2018-06067 |
[Federal Register Volume 83, Number 59 (Tuesday, March 27, 2018)] [Notices] [Pages 13122-13124] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2018-06067] ----------------------------------------------------------------------- CONSUMER PRODUCT SAFETY COMMISSION [Docket No. CPSC-2018-0007] The Internet of Things and Consumer Product Hazards AGENCY: U.S. Consumer Product Safety Commission. ACTION: Notice of public hearing and request for written comments. ----------------------------------------------------------------------- SUMMARY: The U.S. Consumer Product Safety Commission (CPSC, Commission, or we) will conduct a public hearing to receive information from all interested parties about potential safety issues and hazards associated with internet-connected consumer products. The information received from the public hearing will be used to inform future Commission risk management work. The Commission also requests written comments. DATES: The Commission hearing will begin at 10 a.m., on May 16, 2018, and will conclude the same day. The Commission hearing will also be available through a webcast, but viewers will not be able to interact with the panels and presenters through the webcast. Requests to make oral presentations and the written text of any oral presentations must be received by the Office of the Secretary not later than 5 p.m., on May 2, 2018. The Commission will accept written comments, as well, through June 15, 2018. ADDRESSES: The hearing will be in the Hearing Room, 4th Floor of the Bethesda Towers Building, 4330 East-West Highway, Bethesda, MD 20814. Requests to make oral presentations, and texts of oral presentations, should be captioned: ``The Internet of Things and Consumer Products Hazards,'' and sent by email to [email protected], or mailed or delivered to the Office of the Secretary, Consumer Product Safety Commission, 4330 East-West Highway, Bethesda, MD 20814, no later than 5 p.m. on May 2, 2018. You may submit written comments, identified by Docket No. CPSC- 2018-0007, by any of the following methods: Electronic Submissions: Submit electronic comments to the Federal eRulemaking Portal at: www.regulations.gov. Follow the instructions for submitting comments. The Commission does not accept comments submitted by electronic mail (email), except through www.regulations.gov. The Commission encourages you to submit electronic comments by using the Federal eRulemaking Portal, as described above. Written Submissions: Submit written submissions by mail/hand delivery/courier to: Office of the Secretary, Consumer Product Safety Commission, Room 820, 4330 East-West Highway, Bethesda, MD 20814; telephone (301) 504-7923. Instructions: All submissions received must include the agency name and docket number for this notice. All comments received may be posted without change, including any personal identifiers, contact information, or other personal information provided, to: www.regulations.gov. Do not submit confidential business information, trade secret information, or other sensitive or protected information that you do not want to be available to the public. If furnished at all, such information should be submitted in writing. Docket: For access to the docket to read background documents or comments received, go to: [[Page 13123]] www.regulations.gov, and insert the docket number CPSC-2018-0007, into the ``Search'' box, and follow the prompts. FOR FURTHER INFORMATION CONTACT: Patricia Adair, Director, Risk Management Group, Office of Hazard Identification and Reduction, U.S. Consumer Product Safety Commission, 4330 East-West Hwy., Room 813, Bethesda, MD 20814. Telephone: 301-504-7335; Email: [email protected]. SUPPLEMENTARY INFORMATION: I. Background There has been an increase in the number of consumer products with a connection to the internet that can transmit or receive data, upload or download operating software or firmware, or communicate with other internet-connected devices. This connected environment is commonly called ``the Internet of Things'' (IoT). This internet connectivity within and among products holds the promise of many benefits for consumers. However, internet connectivity is also capable of introducing a potential for harm (a hazard) where none existed before the connection was established. The consumer hazards that could conceivably be created by IoT devices include: Fire, burn, shock, tripping or falling, laceration, contusion, and chemical exposure. We do not consider personal data security and privacy issues that may be related to IoT devices to be consumer product hazards that CPSC would address. The growth of IoT-related products is a challenge for all CPSC stakeholders to address. Regulators, standards organizations, and business and consumer advocates must work collaboratively to develop a framework for best practices. To that end, the Commission will hold a public hearing for all interested parties on consumer product safety issues related to IoT. Broadly speaking, the product safety challenges of IoT products appear to fall into two main categories: 1. Prevention or elimination of hazardous conditions designed into products intentionally or without sufficient consideration, e.g., high- risk remote operation or network enabled control of products or product features. Such products function as intended on delivery with unreasonable levels of risk, or have design defects that were not considered or were disregarded before delivery. In many ways, the preventive or corrective work related to such products can be seen as traditional activity for industry and for the CPSC. However, the high rate of growth, unlimited scope of application, and limited experience with such products present new safety challenges. 2. Preventing and addressing incidents of hazardization. Hazardization is the situation created when a product that was safe when obtained by a consumer but which, when connected to a network, becomes hazardous through malicious, incorrect, or careless changes to operational code. Managing these kinds of hazards may lead industry and regulators to examine policies related to code encryption and security, authorized access to programming, and defensive measures (and countermeasures) for device software. This is a non-traditional area of product safety activity for the consumer product industry and for the CPSC. Examples of hazards created by an internet-connected product include:Remote operation: For example, the remote activation of the heating elements on a cooktop could create a fire or burn hazard. Unexpected operating conditions: For example, a product might work safely on delivery, but a software/firmware code is changed (malicious or otherwise) during subsequent network access, creating a hazard where none existed before, such as a robotic vacuum cleaner that suddenly begins operating much faster than expected. Loss of a safety function: For example, if an integrated home security and safety system fails to download a software update properly, the default condition may be to deactivate the system, resulting in disabling the smoke alarms without the consumer's knowledge. Hazard is created from an intended product feature: For example, a cooktop that might be remotely controlled could start a fire. Multiple parties can be involved in creating IoT devices. For example the hardware designer, software developer, application generator, and third party programmer who creates a useful function for the device could all be separate parties. These parties may or may not interact collaboratively, or may not even be aware of each other's activities. CPSC's authority covers the types of product hazards described above. Therefore, this hearing will not address personal data security or privacy implications of IoT devices. II. Areas for Discussion The Commission is interested in discussion about consumer product hazards enabled by an internet connection. The areas for discussion include: Do current voluntary standards and/or safety regulations address safety hazards specific to IoT-connected devices? How can IoT-connected devices be subject to safety standards (or a set of design principles) to prevent injury? What types of devices would need such controls or supervisory systems, and what type would not, if any? Who should develop such standards or create a set of design principles? Should certification to appropriate standards be required before IoT devices are allowed in the marketplace? What are the industry's best practices for predicting potential hazards caused by IoT-connected devices? What controls or supervisory systems are necessary to mitigate these potential hazards? What controls or supervisory systems are available to mitigate potential hazards caused by misuse of IoT-connected devices, such as preventing the disabling of a safety feature? What controls or supervisory systems on products are necessary to prevent injuries from unintended consequences of misinstallation, failed update, operational changes over time, or misuse of an internet connection? Have IoT-related incidents and injuries already occurred? Please describe the injury scenario and the severity of any injuries. How would IoT-related incidents be distinguished from other incidents? Are incident-collection systems set up to collect IoT- related incident data? Are there ways CPSC can collaborate with other federal agencies to address potential safety hazards related to IoT? Are there ways CPSC can collaborate with outside stakeholders to address potential safety hazards related to IoT? How can CPSC educate consumers on the proper use of IoT- connected devices? Some of the consumer hazards that could conceivably be created by IoT devices are: Fire, burn, shock, tripping or falling, laceration, contusion, and chemical exposure. Are there other hazards that could be introduced into consumer products through enabling an internet connection? For products whose remote operation could create a hazard to consumers, should internet connectivity specifically prevent remote operation? How do IoT software development methods address potential product [[Page 13124]] failures that may create hazards to consumers? What steps should be taken to prevent an internet connection from creating a hazard to consumers after a product's purchase (or lease) and installation? What role should safety standards or design guidelines play in keeping IoT devices from creating new hazards to consumers? Should these standards be voluntary or mandatory? What role should government play in keeping consumers safe regarding IoT devices? Will policies to prevent hazardization of IoT products require or benefit from strong international cooperation? How should the Commission consider responsibilities for hazards or injuries among the various contributors to an internet- connected product associated with an incident? How should the Commission consider responsibilities for hazards or injuries resulting from interdependencies between products (e.g., communications protocol between networked alarm and smart home hub)? For recalls involving IoT devices, what are different ways companies can communicate notice to consumers who own the IoT devices? III. The Hearing Through this notice, the Commission invites the public to provide information on how internet-connected products can result in hazards to consumers, and what actions the Commission can take to eliminate or mitigate those hazards. The purpose of the public hearing on IoT is to provide interested stakeholders a venue to discuss potential safety hazards created by a consumer product's connection to IoT or other network-connected devices; the types of hazards (e.g., electrical, thermal, mechanical, chemical) related to the intended, unintended, or foreseeable misuse of consumer products because of an IoT connection; current standards development; industry best practices; and the proper role of the CPSC in addressing potential safety hazards with IoT- related products. CPSC's authority covers the types of product hazards described above. Therefore, this hearing will not address personal data security or privacy implications of IoT devices. To request the opportunity to make an oral presentation, see the information under the DATES and ADDRESSES sections of this notice. Participants should limit their presentations to approximately 10 minutes, excluding time for questioning by the Commissioners. To avoid duplicate presentations, groups should designate a spokesperson, and the Commission reserves the right to limit presentation times or impose further restrictions, as necessary. Alberta E. Mills, Secretary, Consumer Product Safety Commission. [FR Doc. 2018-06067 Filed 3-26-18; 8:45 am] BILLING CODE 6355-01-P
![13122 Federal Register / Vol. 83, No. 59 / Tuesday, March 27, 2018 / Notices
Docket: For access to the docket to listed in the ADDRESSES section of this will conclude the same day. The
read background documents or notice. Commission hearing will also be
comments received, go to: The Commission invites comments on available through a webcast, but viewers
www.regulations.gov, and insert the the draft document, ‘‘Determining Age will not be able to interact with the
docket number CPSC–2018–0006, into Appropriateness of Toys.’’ Specifically, panels and presenters through the
the ‘‘Search’’ box, and follow the the Commission is seeking comments on webcast. Requests to make oral
prompts. the recommended age groups for all toys presentations and the written text of any
FOR FURTHER INFORMATION CONTACT: that have been added to or changed in oral presentations must be received by
Khalisa Phillips, Psychologist, Division the document since the last update, and the Office of the Secretary not later than
of Human Factors, U.S. Consumer on the research methodology and 5 p.m., on May 2, 2018. The
Product Safety Commission, 5 Research analyses performed in the study. See Commission will accept written
Place, Rockville, MD 20850–3213; ‘‘Draft Summary Table for Updating Age comments, as well, through June 15,
telephone: 301–987–2592; email: Determination Guidelines for Toys’’ 2018.
KPhillips@cpsc.gov. (available at https://www.cpsc.gov/s3fs-
public/Draft%20Summary% ADDRESSES: The hearing will be in the
SUPPLEMENTARY INFORMATION: The U.S.
20Spreadsheet%20for%20Updating% Hearing Room, 4th Floor of the Bethesda
Consumer Product Safety Commission Towers Building, 4330 East-West
(CPSC) staff,1 with input from the Child 20Age%20Determination%
20Guidelines%20for%20Toys. Highway, Bethesda, MD 20814.
and Family Research Section staff at the Requests to make oral presentations,
National Institute of Child Health and xlsx?uQIGW9pCK4nDRnWBjiYUyUaMG
99bNQAH) for a list of all toys and and texts of oral presentations, should
Human Development (NICHD) within be captioned: ‘‘The Internet of Things
the National Institutes of Health (NIH), respective age recommendations; and
‘‘CPSC Toy Guidelines: Research and Consumer Products Hazards,’’ and
has revised the current (2002) Age sent by email to cpsc-os@cpsc.gov, or
Determination Guidelines: Relating Document’’ (available at https://
www.cpsc.gov/s3fs-public/Draft% mailed or delivered to the Office of the
Children’s Ages to Toy Characteristics
20Research%20Document%20for% Secretary, Consumer Product Safety
and Play Behavior, based on a literature
20Updating%20Age% Commission, 4330 East-West Highway,
review, parent toy survey, and
20Determination%20Guidelines% Bethesda, MD 20814, no later than 5
observational study of children from
20for%20Toys.pdf?0ap6_dYUWpkLn. p.m. on May 2, 2018.
multiple age groups playing with select
toys. The draft revised guidance Bqc.S2qXpJJnr3Ll3N) for a summary of You may submit written comments,
document, Guidelines for Determining research methods and analyses identified by Docket No. CPSC–2018–
Age Appropriateness of Toys, addresses performed in the study. Comments 0007, by any of the following methods:
toys that have come onto the market should be submitted by June 11, 2018. Electronic Submissions: Submit
since the last update and provides Information on how to submit electronic comments to the Federal
changes to the recommended age group comments can be found in the eRulemaking Portal at:
for certain classic toys. Many toy-related ADDRESSES section of this notice.
www.regulations.gov. Follow the
injuries could be prevented by age- Alberta E. Mills, instructions for submitting comments.
labeling products for the age group for Secretary, Consumer Product Safety The Commission does not accept
whom they are intended. Providing the Commission. comments submitted by electronic mail
consumer product toy industry with [FR Doc. 2018–06066 Filed 3–26–18; 8:45 am] (email), except through
better age-grading guidance, and www.regulations.gov. The Commission
BILLING CODE 6355–01–P
describing how these principles can be encourages you to submit electronic
applied to their products, can help comments by using the Federal
reduce product-related incidents and CONSUMER PRODUCT SAFETY eRulemaking Portal, as described above.
reduce costly compliance and COMMISSION
enforcement actions. Written Submissions: Submit written
The draft guidance document is [Docket No. CPSC–2018–0007] submissions by mail/hand delivery/
intended for CPSC staff, industry courier to: Office of the Secretary,
stakeholders, third party testing The Internet of Things and Consumer Consumer Product Safety Commission,
laboratories, and manufacturers in the Product Hazards Room 820, 4330 East-West Highway,
consumer product toy sector. The draft Bethesda, MD 20814; telephone (301)
AGENCY: U.S. Consumer Product Safety
guidance can be tailored to meet the 504–7923.
Commission.
needs of a particular toy, recognizing ACTION: Notice of public hearing and Instructions: All submissions received
that not all guidance applies to all request for written comments. must include the agency name and
products. The draft guidance document docket number for this notice. All
is not a rule and does not establish SUMMARY: The U.S. Consumer Product comments received may be posted
legally enforceable responsibilities. Safety Commission (CPSC, Commission, without change, including any personal
The draft guidance document is or we) will conduct a public hearing to identifiers, contact information, or other
available on the Commission’s website receive information from all interested personal information provided, to:
at: https://www.cpsc.gov/s3fs-public/ parties about potential safety issues and www.regulations.gov. Do not submit
DRAFT%20Age%20Determination% hazards associated with internet- confidential business information, trade
20Guidelines%20for%20Toys. connected consumer products. The secret information, or other sensitive or
pdf?xc38j_e7mgBIBA.wPVonS_Q0_ information received from the public protected information that you do not
amozie on DSK30RV082PROD with NOTICES
MN3fYHz, and from the Commission’s hearing will be used to inform future want to be available to the public. If
Office of the Secretary, at the location Commission risk management work. furnished at all, such information
The Commission also requests written should be submitted in writing.
1 This document was prepared under the
comments. Docket: For access to the docket to
direction of CPSC staff and has not been reviewed
and does not necessarily reflect the views of the DATES: The Commission hearing will read background documents or
Commission. begin at 10 a.m., on May 16, 2018, and comments received, go to:
VerDate Sep<11>2014 18:07 Mar 26, 2018 Jkt 244001 PO 00000 Frm 00004 Fmt 4703 Sfmt 4703 E:\FR\FM\27MRN1.SGM 27MRN1](https://thefederalregister.org/doc/83_FR_13181/page/1.svg)
![13124 Federal Register / Vol. 83, No. 59 / Tuesday, March 27, 2018 / Notices
failures that may create hazards to by the Commissioners. To avoid should be sent to Ms. Jasmeet Seehra,
consumers? duplicate presentations, groups should DoD Desk Officer, at Oira_submission@
• What steps should be taken to designate a spokesperson, and the omb.eop.gov. Please identify the
prevent an internet connection from Commission reserves the right to limit proposed information collection by DoD
creating a hazard to consumers after a presentation times or impose further Desk Officer and the Docket ID number
product’s purchase (or lease) and restrictions, as necessary. and title of the information collection
installation?
Alberta E. Mills, You may also submit comments,
• What role should safety standards
Secretary, Consumer Product Safety identified by docket number and title,
or design guidelines play in keeping IoT
Commission. by the following method:
devices from creating new hazards to
[FR Doc. 2018–06067 Filed 3–26–18; 8:45 am] Federal eRulemaking Portal: http://
consumers? Should these standards be
BILLING CODE 6355–01–P www.regulations.gov. Follow the
voluntary or mandatory?
• What role should government play instructions for submitting comments.
in keeping consumers safe regarding IoT DoD Clearance Officer: Mr. Frederick
devices? DEPARTMENT OF DEFENSE
C. Licari.
• Will policies to prevent
hazardization of IoT products require or Defense Acquisition Regulations Written requests for copies of the
benefit from strong international System information collection proposal should
cooperation? be sent to Mr. Licari at: WHS/ESD
[Docket Number DARS–2018–0002; OMB
• How should the Commission Control Number 0704–0483] Directives Division, 4800 Mark Center
consider responsibilities for hazards or Drive, 2nd Floor, East Tower, Suite
injuries among the various contributors Submission for OMB Review; 03F09, Alexandria, VA 22350–3100.
to an internet-connected product Comment Request
Jennifer L. Hawes,
associated with an incident?
• How should the Commission AGENCY: Defense Acquisition Regulatory Control Officer, Defense
consider responsibilities for hazards or Regulations System, Department of Acquisition Regulations System.
injuries resulting from Defense (DoD). [FR Doc. 2018–06078 Filed 3–26–18; 8:45 am]
interdependencies between products ACTION: Notice. BILLING CODE 5001–06–P
(e.g., communications protocol between
networked alarm and smart home hub)? SUMMARY: The Defense Acquisition
• For recalls involving IoT devices, Regulations System has submitted to DEPARTMENT OF DEFENSE
what are different ways companies can OMB for clearance, the following
communicate notice to consumers who proposal for collection of information Office of the Secretary
own the IoT devices? under the provisions of the Paperwork
Reduction Act.
III. The Hearing [Transmittal No. 17–20]
DATES: Consideration will be given to all
Through this notice, the Commission comments received by April 26, 2018. Arms Sales Notification
invites the public to provide SUPPLEMENTARY INFORMATION:
information on how internet-connected Title, Associated Forms and OMB AGENCY: Defense Security Cooperation
products can result in hazards to Number: Defense Federal Acquisition Agency, Department of Defense.
consumers, and what actions the Regulation Supplement (DFARS),
Commission can take to eliminate or Independent Research and Development ACTION: Arms sales notice.
mitigate those hazards. The purpose of Technical Descriptions; OMB Control
the public hearing on IoT is to provide Number 0704–0483. SUMMARY: The Department of Defense is
interested stakeholders a venue to Affected Public: Businesses or other publishing the unclassified text of an
discuss potential safety hazards created for-profit and not-for-profit institutions. arms sales notification.
by a consumer product’s connection to Respondent’s Obligation: Required to FOR FURTHER INFORMATION CONTACT:
IoT or other network-connected devices; obtain or retain benefits. Pamela Young, (703) 697–9107,
the types of hazards (e.g., electrical, Type of Request: Revision of a
pamela.a.young14.civ@mail.mil or
thermal, mechanical, chemical) related currently approved collection.
Kathy Valadez, (703) 697–9217,
to the intended, unintended, or Reporting Frequency: On occasion.
foreseeable misuse of consumer kathy.a.valadez.civ@mail.mil; DSCA/
Number of Respondents: 77.
products because of an IoT connection; DSA–RAN.
Responses per Respondent: 87.
current standards development; Annual Responses: 6,699. SUPPLEMENTARY INFORMATION: This
industry best practices; and the proper Average Burden per Response: .5 36(b)(1) arms sales notification is
role of the CPSC in addressing potential hours. published to fulfill the requirements of
safety hazards with IoT-related Annual Burden Hours: 3,350. section 155 of Public Law 104–164
products. CPSC’s authority covers the Needs and Uses: DFARS 231.205–18 dated July 21, 1996. The following is a
types of product hazards described requires contractors to report copy of a letter to the Speaker of the
above. Therefore, this hearing will not independent research and development House of Representatives, Transmittal
address personal data security or projects to DTIC using the DTIC’s online 17–20 with attached Policy Justification
amozie on DSK30RV082PROD with NOTICES
privacy implications of IoT devices. IR&D database. The inputs must be and Sensitivity of Technology.
To request the opportunity to make an updated at least annually and when the
Dated: March 22, 2018.
oral presentation, see the information project is completed.
under the DATES and ADDRESSES sections OMB Desk Officer: Ms. Jasmeet Shelly Finke,
of this notice. Participants should limit Seehra. Alternate OSD Federal Register Liaison
their presentations to approximately 10 Comments and recommendations on Officer, Department of Defense.
minutes, excluding time for questioning the proposed information collection BILLING CODE 5001–06–P
VerDate Sep<11>2014 18:07 Mar 26, 2018 Jkt 244001 PO 00000 Frm 00006 Fmt 4703 Sfmt 4703 E:\FR\FM\27MRN1.SGM 27MRN1](https://thefederalregister.org/doc/83_FR_13181/page/3.svg)
Document Created: 2018-03-27 01:26:33
Document Modified: 2018-03-27 01:26:33
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice of public hearing and request for written comments. | |
| Dates | The Commission hearing will begin at 10 a.m., on May 16, 2018, and will conclude the same day. The Commission hearing will also be available through a webcast, but viewers will not be able to interact with the panels and presenters through the webcast. Requests to make oral presentations and the written text of any oral presentations must be received by the Office of the Secretary not later than 5 p.m., on May 2, 2018. The Commission will accept written comments, as well, through June 15, 2018. | |
| Contact | Patricia Adair, Director, Risk Management Group, Office of Hazard Identification and Reduction, U.S. Consumer Product Safety Commission, 4330 East-West Hwy., Room 813, Bethesda, MD 20814. Telephone: 301-504-7335; Email: [email protected] | |
| FR Citation | 83 FR 13122 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR