Top Legal Issues for the Internet of Things

published on Cybersecurity, Legal Innovation

Google chairman Eric Schmidt claims that “the Internet will disappear.” No, he wasn’t referring to the fact that you won’t be able to “like” pictures of dogs on Facebook anymore or log in to your Effacts database. He meant that the internet as we know it will become so pervasive and integrated into so many everyday objects (think fridges, watches and cars) that users will no longer notice when they are interacting with it. This phenomenon is known as the “Internet of Things” (IoT), a term for physical devices that come equipped with wireless internet connectivity. Currently, the technology is being integrated into devices at a rapid rate, while the legal world is grappling with the issues raised by the IoT, and identifying the ones which are of greatest concern.


Data Security and Privacy

Theoretically, any device that has an internet connection can be hacked. This isn’t necessarily an immediate cause for alarm, since cybercriminals usually have their eyes on large computer networks and payment collection systems. The speed at which the devices are being developed and the general lack of security protocols make these device more vulnerable. In July 2014, Hewlett-Packard published a study on the security of 10 popular IoT devices. At least 70% of the devices transmitted data over unencrypted network services and perhaps most shocking, 80% used simple passwords. One way to fill in the gap in privacy is if companies offer anti-virus software for kitchen appliances and wearable devices. In the future, households may hire digital privacy consultants to assess their collections of connected devices.

Data collection

While everyone in Western society has gotten accustomed to the fact that CCTV cameras capture their every move in public spaces, what few realize is how interconnected those cameras already are. While they can’t track down anyone from a single control center, they are accessible through internet-connected devices. Once more people make use of infrastructure enabled by the IoT, they will digitize their physical interactions. This has obvious advantages for retailers and advertisers, because they have access to a treasure trove of information about their customers they can use to send out even more targeted messages. However, users with IoT devices will leave behind such a detailed trail of data that it may be possible to trace their steps going back hours, days, or even longer in time.


Cisco predicts that there will be 25 billion devices connected to the Internet by 2015 and 50 billion by 2020. The problem will be processing all the traffic on the network simultaneously. Suppose the number of cars were to double over the next five years. What would happen? You’d be sitting in your parking spaces waiting to get on the road. Google has proposed building a new network to handle all the traffic. The practical limitations of existing networks are one of the driving forces behind the effort to provide truly global internet access over the entire planet.


Will IoT devices made by different companies be able to operate in sync or will they remain tied to their own networks and technology? Copyright law can be used to interfere with interoperability between devices. Obviously, in order for two machines to communicate, they need to reproduce, distribute and exchange code with each other. Will the owner of that code prevent the interaction from taking place? Can other devices access each other? If companies decide to keep IoT devices from communicating with each other, it will provide users with a diminished experience.

Physical Safety

There’s always a chance an accident will occur anytime humans give up control of critical functions to a machine. A smart thermostat that quits working during a cold snap results in a serious situation and unhappy customers. Companies providing IoT devices have to meet levels of support that traditional companies never could.


Despite the issues on risk management that have arrived along with the invention of the IoT, many businesses are eager to take part. The IoT will most likely lead to new security model to ensure that if suspicious activity is detected, the network can be shut down to prevent the cyberattack from spreading. In the meantime, lawyers need to brace for the IoT revolution and be prepared for questions they might not know the answer to.