Internet-connected "smart" devices are increasingly available in the marketplace, including a growing industry of devices that monitor the human body. The authors of this report examine this emerging collection of Internet of Bodies (IoB) technologies; explore benefits, risks, and ethical implications; survey the nascent regulatory landscape; and make recommendations to balance IoB risks and rewards.

Cover: The Internet of Bodies
Read Online

The Internet of Bodies

Opportunities, Risks, and Governance

by Mary Lee, Benjamin Boudreaux, Ritika Chaturvedi, Sasha Romanosky, Bryce Downing

Download

Download eBook for Free

Full Document

FormatFile SizeNotes
PDF file 1.6 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

إنترنت الأجسام: الفرص، المخاطر، الحوكمة

Arabic language version

FormatFile SizeNotes
PDF file 2.8 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

Purchase

Purchase Print Copy

 FormatList Price Price
Add to Cart Paperback36 pages $19.00 $15.20 20% Web Discount

Research Questions

  1. What are the benefits, security and privacy risks, and ethical implications of the growing Internet of Bodies (IoB)?
  2. What is being done to regulate the IoB and the data collected by its devices?
  3. What can be done to balance the risks and rewards of the IoB?

Internet-connected "smart" devices are increasingly available in the marketplace, promising consumers and businesses improved convenience and efficiency. Within this broader Internet of Things (IoT) lies a growing industry of devices that monitor the human body and transmit the data collected via the internet. This development, which some have called the Internet of Bodies (IoB), includes an expanding array of devices that combine software, hardware, and communication capabilities to track personal health data, provide vital medical treatment, or enhance bodily comfort, function, health, or well-being. However, these devices also complicate a field already fraught with legal, regulatory, and ethical risks. The authors of this report examine this emerging collection of human body–centric and internet-connected technologies; explore benefits, security and privacy risks, and ethical implications; survey the nascent regulatory landscape for these devices and the data they collect; and make recommendations to balance IoB risks and rewards.

Key Findings

Governance of IoB devices is managed through a patchwork of state and federal agencies, nonprofit organizations, and consumer advocacy groups

  • The primary entities responsible for governance of IoB devices are the FDA and the U.S. Department of Commerce.
  • Although the FDA is making strides in cybersecurity of medical devices, many IoB devices, especially those available for consumer use, do not fall under FDA jurisdiction.
  • Federal and state officials have begun to address cybersecurity risks associated with IoB that are beyond FDA oversight, but there are few laws that mandate cybersecurity best practices.

As with IoB devices, there is no single entity that provides oversight to IoB data

  • Protection of medical information is regulated at the federal level, in part, by HIPAA.
  • The Federal Trade Commission (FTC) helps ensure data security and consumer privacy through legal actions brought by the Bureau of Consumer Protection.
  • Data brokers are largely unregulated, but some legal experts are calling for policies to protect consumers.
  • As the United States has no federal data privacy law, states have introduced a patchwork of laws and regulations that apply to residents' personal data, some of which includes IoB-related information.
  • The lack of consistency in IoB laws among states and between the state and federal level potentially enables regulatory gaps and enforcement challenges.

Recommendations

  • The U.S. Commerce Department can put foreign IoB companies on its "Entity List," preventing them from doing business with Americans, if those foreign companies are implicated in human rights violations.
  • As 5G, Wi-Fi 6, and satellite internet standards are rolled out, the federal government should be prepared for issues by funding studies and working with experts to develop security regulations.
  • It will be important to consider how to incentivize quicker phase-out of the legacy medical devices with poor cybersecurity that are already in wide use.
  • IoB developers must be more attentive to cybersecurity by integrating cybersecurity and privacy considerations from the beginning of product development.
  • Device makers should test software for vulnerabilities often and devise methods for users to patch software.
  • Congress should consider establishing federal data transparency and protection standards for data that are collected from the IoB.
  • The FTC could play a larger role to ensure that marketing claims about improved well-being or specific health treatment are backed by appropriate evidence.

Research conducted by

Funding for this report was provided by a generous grant from Jacques Dubois. The research was conducted by the Center for Global Risk and Security.

This report is part of the RAND Corporation Research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.