WASHINGTON -- The futuristic world of self-driving cars, eyeglasses that email and trash cans that call for pickup is running into the old-fashioned pace of doing business in Washington.
Companies from Google to BMW are racing into this so-called Internet of Things. The Department of Transportation and the Federal Trade Commission are moving more deliberately, concerned that devices may be vulnerable to hacking, lead to misuse of personal data or even cause physical harm to their owners.
"If we're thinking this genie can be put back in the bottle we're fooling ourselves," Robert Enderle, principal technology analyst for the Enderle Group in San Jose, Calif., said in a phone interview.
The Internet of Things refers to technology like robotic vehicles, computing glasses and watches, and home appliances and trash cans with Web connections. It's being featured this week at the North American International Auto Show in Detroit, after generating buzz at last week's International Consumer Electronics show in Las Vegas.
The market for wireless, Internet-connected devices could create between $2.7 trillion and $6.2 trillion of economic value annually by 2025, according to the McKinsey Global Institute, a research arm for New York-based consulting firm McKinsey & Company Inc.
Cisco Systems Inc. predicts about 25 billion devices will be connected by 2015 -- up from 12.5 billion in 2010. "This is not about technology at all," CEO John Chambers said in a keynote speech at CES. "It's about how it changes peoples' lives forever."
The "dark side" of having devices connected to the Internet may involve hackers remotely taking control of appliances inside homes to create a fire or vehicles to kill people, according to Internet Identity, a computer security company based in Tacoma, Wash.
It's not science fiction. Former Vice President Dick Cheney said on CBS's "60 Minutes" program Oct. 20 the defibrillator he got in 2007 had its wireless feature disabled because he feared terrorists could use it to kill him.
Regulators and lawmakers need to write rules that clearly explain what companies are permitted to do and detail penalties for violations, a task hindered by revelations about the extent of U.S. spying programs, Enderle said.
Rules need to specify how data generated by gadgets is used and whether companies will face legal liability for security breaches, Michael Chui, a partner with the McKinsey Global Institute, said in a phone interview.
"It's impossible to not have data generated about you in the world today," he said. "Regulators have to many times balance innovation with managing various types of risk."
The BMW and Audi driverless car technology displayed in Las Vegas week come on the heels of Google Inc. having clocked about 500,000 miles (805,000 kilometers) using the Lexus RX 450h to test self-driving technology. Spokeswoman Katelin Jabbari said the Mountain View, Calif.-based company declined to comment.
While California, Florida and Nevada have authorized state agencies to establish standards for autonomous cars, the National Highway Traffic Safety Administration hasn't. It has said it decide this year whether to propose new rules, conduct additional research, or do both.
"We're encouraged by the new automated vehicle technologies being developed and implemented today, but want to ensure that motor vehicle safety is considered in the development of these advances," NHTSA Administrator David Strickland said in an emailed statement.
"As additional states consider similar legislation, our recommendations provide lawmakers with the tools they need to encourage the safe development and implementation of automated vehicle technology," he said.
The transportation department is also weighing distracted driver rules as automakers like Ford Motor Co. add entertainment and navigation systems that do everything from find music to match a driver's mood to ordering a pizza.
Several companies unveiled unmanned aerial vehicles operated by smartphones or smartwatches at CES, some versions of which can be flown in the U.S. with government permission. Amazon.com Inc. wants to deliver packages by drones and is waiting for the Federal Aviation Administration to write regulations that will allow it to do so, Mary Osako, spokeswoman for the Seattle, Washington-based company, said in an email.
"Safety will be our top priority, and our vehicles will be built with multiple redundancies and designed to commercial aviation standards," she said.
Congress mandated rules be established by September 2015 to safely integrate drones into the domestic airspace, although it isn't clear if the rules at that time will allow Amazon to proceed with package deliveries.
The FAA plans to test unmanned aircraft systems at six U.S. sites this year. The agency also must ensure drones don't crash into about 70,000 manned aircraft flights a day.
"We expect the data we get from the activity at the test sites to inform us better what safe integration will look like," FAA spokesman Les Dorr said in a phone interview.
The drone industry has been focused on defeating 42 bills introduced in state governments to restrict drone use over privacy and security concerns, said Mario Mairena, government relations manager for the Arlington, Va.-based Association for Unmanned Vehicle Systems International, which represents companies including Boeing and iRobot.
The Federal Trade Commission will make it a priority in 2014 to bring enforcement cases against companies for deceptive business practices when it comes to the Internet of Things, said Maneesha Mithal, associate director for privacy and identity protection at the agency.
"We are keeping our eyes on whether companies are making misrepresentations or injuring consumers in any way," she said in a phone interview.
The agency settled its first such case in September against Torrance, Calif.-based TRENDnet Inc. for selling Internet- connected home video cameras that were hacked due to lax security controls.
The FTC will be watching whether companies violate their privacy policies, mislead consumers or don't properly secure their devices. The agency can require a company to return money obtained from consumers through deceptive or unfair practices, subject repeat offenders to civil fines, and compel businesses to abide by privacy and security controls for as long as 20 years.
"This is an area that's still in its infancy," Mithal said. "We want companies to be thinking about privacy and security concerns in the beginning, not as an afterthought."