The Internet of Things, among a handful of new technologies transforming the way we live, is also shaping up to be a ripe area for litigation. Expect to see claims around IoT security, privacy, data ownership and profit-sharing.
There will be a lot of things to sue over. Gartner, Inc. forecasts that 8.4 billion connected things will be in use worldwide in 2017, up 31 percent from 2016, and will reach 20.4 billion by 2020. Total spending on endpoints and services will reach almost $2 trillion in 2017.
What things will be connected to the internet? Your Fitbit, your refrigerator, your car and home for starters. Even, perhaps, your pacemaker. The billions of connected things will capture, generate and share data. Imagine your refrigerator knowing when you’re out of milk… and telling your smartphone… and ordering a gallon… and letting the local grocery person (robot?) into your house.
IoT devices were typically engineered more with their astonishing capabilities in mind than security. Each device is a connector in a vast web, but it won’t always be obvious which device is the weakest security link. Nor will it be clear who exactly is responsible if your privacy is breached, your medical device crashes, your data is sold or the person from whom you bought your home is still controlling your thermostat.
A lot of the IoT litigation concern will focus on the risk of bad guys hacking into internet-connected devices. UL, the 124-year-old testing and certification lab, sums the issues up in CE Pro:
- Cyber hacking is going to get much worse as the Internet of Things (IoT) expands.
- Manufacturers, integrators and end users all share in liability when a hack occurs.
- Litigation against manufacturers that do not secure their products from hacks is coming.
- The FCC is poised to call on government regulations for design of IoT equipment and networks unless the private sector acts.
UL has announced a testing and certification initiative aimed at making IoT products more secure against cyber attack. Products and systems that meet the standard would be deemed “UL 2900 compliant.”
Certification might help mitigate liability for a customer’s harm, loss or damage, writes SC Magazine. Don’t look for a label, though. A label today could be obsolete tomorrow when a new vulnerability arises.
Another legal issue will be disclosure duties. Imagine you buy a house, and it turns out there are five internet-connected things in it. And they’re all registered to the previous owner and password-protected, meaning you can’t control them. And maybe they’re tracking your behavior. Or you buy a used car and you are stuck with the previous owner’s country music preferences.
An additional disclosure issue is figuring out how everyone whose personal data is captured by a device and shared indefinitely might be notified of these facts, if required, and how that captured data could be used. No small matter.
No one thing is an island in the IoT. By design, devices are sharing data. So not surprisingly, the boundaries of data ownership are blurring. As attorney Giulio Coraggio says, we are seeing a shift from product-based business models to services with profit sharing, especially in the realm of smart factories, or Industry 4.0.
“Long negotiations are expected on who is the owner of data generated by the usage of Industry 4.0 technologies,” he writes on Technology’s Legal Edge. “Is it more relevant to keep control of data or to have it aggregated to big data in order to ultimately gain a better service?”
Finally, there is the question of parsing responsibility for infections or crashes in a mosaic of interconnected devices. “Who is to blame if [a] virus spreads to every single IoT bulb, SmartTV, security system and mobile phone on the network and beyond?” writes Jason Knott on CE Pro. “Legally, we don’t know for sure right now, but if you touched it, you could be liable for spreading it.”
Although issues that could be litigated abound, so do the business opportunities. Lawyers, governments, industry and the courts will be called upon to ensure privacy is protected, data is shared fairly and liability for problems is apportioned appropriately.
In the meantime, nothing will stop the rampant connection of things – personal, public, commercial and industrial – that fill our world.