Our world is becoming more and more interconnected. Through our smart phones, tablets, computers, smart watches, etc., we are living online lives, where we are virtually always connected to the Internet in some way. More and more devices we are using, too, are constantly collecting and sending data. This is often referred to as the Internet of Things (IoT). In this article, we’ll explain what it is, and have a look at some examples. Then we will have a look at some legal aspects with regard to the Internet of Things.
The Wikipedia defines the Internet of things as “the network of physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these things to connect, collect and exchange data, creating opportunities for more direct integration of the physical world into computer-based systems, resulting in efficiency improvements, economic benefits, and reduced human exertions.” All of these devices are provided with unique identifiers (UIDs) and typically have the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. This also implies that they can be remotely monitored and, in many cases, controlled.
The number of IoT devices is increasing rapidly. In 2017, 8.4 billion devices were connected to the Internet, which was an increase of 31% compared to 2016. The estimations of how fast this expansion will occur vary widely: on the conservative side we find, e.g., the analyst firm Gartner who expects that by 2020 there will be over 26 billion connected devices. ZD-Net on the other hand mentions a number of 50 billion devices by 2020. Others, however, estimate this number to be much higher, even over 100 billion. Even in conservative estimations, the global market value of IoT is projected to reach $7.1 trillion by 2020.
So, what devices are connected? Basically any physical object can be transformed into an IoT device if it can be connected to the internet and controlled that way. Existing examples include coffee makers, washing machines, headphones, lamps, wearable devices, and even children’s toys. It also includes many vehicles, and even components of machines, the drill of an oil rig, or jet engines of an airplane which are filled with thousands of sensors collecting and transmitting data back to make sure it is operating efficiently. There are medical IoT devices like insulin injection pumps, pacemakers, etc. We already find IoT devices in our homes, in healthcare, transportation, information technology and energy infrastructure.
It should not come as a surprise that this proliferation of connected devices raises several legal issues.
A first set of issues has to do with privacy and data protection. In the EU, e.g., the GDPR applies and suppliers of IoT devices must make sure they are GDPR compliant, which isn’t always obvious. The GDPR does not only apply to the collecting and storing of data, but also to what is done with the data. Users have to consent, e.g., to those data being used for data mining.
As second set of issues has to do with security and cybercrimes. Each new device becomes a new potential target for hackers and criminals. The US Federal Trade Commission (FTC) published a report in which it expressed security concerns that connected devices could, e.g., be used for enabling unauthorized access, for misuse of personal identification, and for expediting attacks on others systems. The simple truth is that the Internet of Things opens the door to a whole new range of cybercrimes, where criminals use IoT devices for extortion, for sabotage (e.g. interfering with energy), for assault, etc. In a recent hacking contest, e.g., hackers demonstrated – with permission – how they were able to take control of a driverless car within minutes.
A third set of issues has to do with eDiscovery, including eDiscovery in criminal investigations. IoT devices collect data which could be relevant as evidence in legal cases. There already are cases where the whereabouts of a person were confirmed or contradicted by the GPS systems in their car, phone or smart watch. There are cases where personal Assistants like Siri, Alexa, or Cortana, e.g., who constantly record what is being said, provided relevant evidence. A case that made headlines some months ago involved a possible homicide investigation, where an Amazon Echo (Alexa) device exonerated a suspect by confirming his alibi. (Noteworthy, too, in that case was that Amazon initially refused to hand over any data when it was requested by law enforcement, but agreed to do so when its customer asked them to hand over the data as it could – and eventually would – confirm his alibi).
In short, the Internet of Things opens the doors to plenty of new opportunities which in turn raise plenty of legal issues. For lawyers, that probably is a good thing.