The Internet of Things – the next big thing…. Or perhaps the current big thing, who is to say. As we move from the limitations of IPv4 to the apparent unlimitedness of IPv6 (didn’t we think IPv4 was unlimited), we are told of the boundless opportunities which the move to the Internet of Things will bring. Of course, we have already seen some of the apparent benefits of this new all-connected world. Whether one considers the opportunities to have one’s scales tweet today’s weight on the Internet, or for the fridge to lock one out on the basis that the scales have decided that you are overweight and don’t ‘need’ that cream bun, are ‘benefits’ I leave it to others to judge; the fact is that we are living in an ever connected world.
Perhaps having everything connected to the grid would be helpful, after all you could, when leaving the office, turn on the heating in your flat, have the oven heat up the plates in anticipation of the arrival of the ready meal and get that warm soothing bath run ready for your arrival; and all from the touchpad of your ever present smart phone.
Security Risks
All this information is not without its risks; if data is being gathered as to when you are home, that might be of use to those who would wish to visit your property when you are out; insurance companies might be interested in knowing that you don’t live on healthy salads as you suggested but on ready meals and takeaways from the local ‘Eat all you can’ bumper eatery. Data has a value and the possibilities of the growth of that data set should give us all concerns. Then again, as we have seen, it is not the case that net-connected devices have always been designed with security in mind; all too often designers have been too concerned with meeting that deadline or that budget to give proper attention to security issues and, after devices are in the wild, user apathy means that few will ever be updated.
We have already seen examples in real life of hackers breaking into networks through the weak link of net-connected light bulbs; or of hackers taking control of Internet connected toilets and similar. Whilst these examples may appear mildly amusing at first sight, there is a serious point – namely that poorly applied security applied to an Internet of Things, can act as an attack vector in relation to the system to which it is connected. Yes, it is possible to prevent such attacks, but this article is not to advise on security processes, but rather to consider some potential legal aspects.
Data Risks
What about the data protection considerations; the Computer Misuse Act; RIPA? After all, as data controller / processor you will have obligations in relation to such data, and the lack of control may put you in breach. At the simplest level, the fact that your devices are feeding data back to some central hub may be leaking information about what you are doing; where you are; where you go. Smart data metering, something on which the UK government has apparently set great store, can itself provide vast amounts of information as to your activities; when you run the bath or the shower, indicates when you are home (or not) when the heating is on indicates your movements, the lack of usage may indicate a holiday etc.. Is this data we want to share? Do we have a choice? An article in a newspaper I have to hand suggests that smart metering might save consumers £40 pa by showing them where they waste power; of course, a smart meter will cost hundreds of pounds to install, and the apparent savings are not guaranteed, so I leave it to you to decide who the beneficiaries of this data gathering might be.
It has been said that whenever you don’t pay for a product, you are the product and in the case of data collection that is undoubtedly true.
Net Benefit?
Will having us all connected to the net be of benefit, or will it merely serve to exacerbate the disparity between the digital haves and the digital have-nots; how will we as society deal with those who, for reasons of cost choice or ability are unable, unwilling or simply choose not to avail themselves of the opportunities afforded by this new digital age; it is already increasingly difficult for the citizen to interact with the state or its emanations – including utilities – without some form of digital presence. Will the growing Internet of Things speed this rush towards disengagement?
Are our light bulbs spying on us? …. Yet?
There are many things that computers can perhaps do better than we can; for many simple arithmetic seems to be a lost art and perhaps the joy of pub quizzes will be lost to a generation for whom nothing needs to be known as it can always be found on Google or Wikipedia.
It has been suggested that computers cannot make mistakes; or perhaps more accurately that to err is human but to screw it up completely one needs a computer. Either way a computer is not, at least in the present state of artificial intelligence, capable of true rational thought in the human sense – or even in the sense of the Turing test. There are however situations where the logic of a computer can lead to a better, less subjective approach to data gathering and response; an unbiased response to environmental conditions. One of those areas may (and I hasten to say ‘may’) be driving.
Self-driving Cars
Computerised self-driving cars are no longer solely the subject of the Jetsons or of iRobot; the appearance both of concept vehicles and the sight of the Google self-driving car means that perhaps the world of ‘driverless’ vehicles is nearer than we might have thought. For the lawyer, this provides endless opportunities for analyses and comparisons and for consideration of the legal issues which might arise.
Certainly, computerised cars may provide a safer driving (and pedestrian / cycling) experience; computerised cars are not (one hopes) distracted by the sight of an alluring shop window, a pretty girl/boy or a passing friend; hopefully a computerised car will not be multi-tasking with car radios, Sat-Navs and bags of sweets. Does this mean that the computerised car is inherently less problematic from a legal perspective?
I suppose that the lawyer response has to be ‘not necessarily’. Even in such US states that have permitted driverless cars on their roads, the vehicles still require to have a steering wheel – although its utility is somewhat unclear; perhaps it is on the same basis as having someone walking in front with a red flag – an inability to let go of traditional concerns.
Of course a driverless car can be much safer than a human operated vehicle; leaving aside external distractions as indicated or even disruption from passengers, a fully computerised connected car can be spatially aware of everything going on around it and can adapt its behaviour to anticipate problems before they occur. That does, necessarily, require a high level of take up of the technology as a spatially aware vehicle can only be fully aware of other spatially aware entities in this Internet of Things. How is it to deal with non-connected vehicles? With pedestrians? Children? Where are the legal demarcation lines to be drawn for liability?
As we all know, computers are not always perfect, otherwise we would not have monthly patches from Microsoft and exploits and hacks by those engaged in nefarious activities. Where is the liability to lie? I would suggest that that present total exclusion of liability for anything, ever, by software vendors (licensors?) may not be acceptable in this brave new Internet of Things. Where is the liability to lie for damage caused by a self-driving car? Is it the owner; the ‘driver'(?); the manufacturer; the software provider; the manufacturer of the smart sensors which give the car its brain, or some other mechanical / technical feature or is liability to be statutorily restricted in order to encourage technological progress – and are we as a society happy with that determination?
If the self-driving car has a manual override function, does that make us less or more safe? Does the liability paradigm shift depending whether or not the driver(?) pressed the ‘override’ button? What if he didn’t? or couldn’t? or did? or delayed? At what stage are we to decide that perhaps we know better? Are we to be exempted from liability if we get / got it wrong?
Will We Enjoy the Ride?
As we move further into the Internet of Things, away from the twitter-connected scales and the Internet toaster towards something which is an integral part of our lives, these are issues we need to debate and determine as a society if we are to write the rules and not leave it to disparate commercial interests to determine our fate through click-through licences (or less).
I remain concerned that those we entrust to make such rules may not be the best placed to determine such matters, but on the other hand, I am unsure who is. In the meantime, I shall sit back and enjoy the flight on what is undoubtedly a computer flown plane……
David Flint is Senior Partner at MacRoberts: df@macroberts.com