IoT
July 13, 2019

The Tricky Legalities of IoT

There's a gray area brought about by the pioneering nature of IoT, and much of it relates to legal specifics.

The Internet of Things (IoT) offers tech capabilities unlike anything people have seen before. But, there’s a gray area brought about by the pioneering nature of IoT, and much of it relates to legal specifics.

The U.S. Department of Commerce Recommends a National Strategy

In 2017, the U.S. Department of Commerce released a report that recognized the need for the U.S. government to take the lead in developing a national strategy for IoT tech.

The organization asserted that doing so could minimize privacy and security risks. Furthermore, it said this undertaking should happen in collaboration with other parties, including those from the private sector.

The conclusion was that it wasn’t feasible to leave such specifics up to the market. Another part of the report mentioned creating a working group tasked with gathering information to create the framework for a plan. This move by the Department of Commerce suggests an awareness that IoT tech represents uncharted territory.

As of now, the United States does not have a national IoT strategy. However, if one develops, the manufacturers of IoT tech will need to keep any legal ramifications of such a plan in mind when making new devices or releasing software updates for gadgets on the market.

Complex Problems in Product Liability

Legal analysts have also weighed in to point out that determining liability for an IoT gadget won’t be straightforward. Consider the example of an IoT security camera used at a business that malfunctions after hackers break into it.

The product manufacturer is a likely candidate for a lawsuit, but what about a freelance software developer who had a hand in developing the latest update, or the cybersecurity director managing the network at the business?

Further complicating things is the matter of whether a case is a civil or criminal suit. Some analysts say that, depending on the severity of the liability, there could be both civil and criminal aspects in a product liability case.

Consumers and IoT companies alike should remain aware of these complications and understand that there are no concrete answers yet. As courts rule and precedents get set, perhaps it will become easier to determine liability in instances with multiple parties potentially at fault.

Security Is Often an Afterthought for IoT Devices

One of the criticisms of IoT devices is that manufacturers are so compelled to move quickly and release items faster than their competitors that they don’t prioritize security from the beginning. Instead, they wait for consumers or security researchers to find the flaws, then they produce patches to fix them.

That’s not the case for all IoT companies, but such an assumption is already rampant within the IoT sector, and this could put companies at risk for unwarranted blame.

With that in mind, it’s a good idea for some IoT companies to have in-house legal teams. Taking care to form the best team possible is crucial, and it includes looking for people who fit with the company’s culture and bring legal expertise to the table. Then, legal teams need to spend time crafting their messages to the intended recipients, especially when those people are from the C-suite.

Legal teams can help IoT companies navigate future necessities, including building products to meet minimum standards for IoT security. Additionally, having a dedicated legal team allows manufacturers to continue to focus on product development without overshadowing or ignoring the legal side of things.

Increasing Interconnectivity Creates Enterprise-Level Risks

Another reality that creates complications with IoT legalities is that, as companies connect more and more devices to their networks, it will become more challenging to detect problems with faulty gadgets. Questions can arise, such as whether the fault is with one device or something that only becomes apparent when two devices link to each other. Plus, many companies cannot confidently state how many devices they have connected to their networks.

A study from Forescout showed some alarming conclusions after a poll of more than 600 global enterprises.

First, 77% said the increasing number of devices connected to their networks creates significant security challenges. Then, 82% admitted struggling to identify all the devices connected to their networks as well as the party responsible for securing IoT.

The interconnectivity involved makes it extraordinarily difficult to calculate damages in IoT legal cases, especially when figuring out which device caused particular adverse outcomes.

Moreover, if businesses don’t keep track of which devices they connect to networks, vulnerabilities could persist for far longer than companies realize. That possibility makes the legal waters ever murkier.

Persistent Uncertainty

This overview highlights some of the reasons why there’s such a question mark hanging over IoT legal issues. They won’t get solved quickly, but working towards ironing out the specifics is a necessary step.