One of the major issues faced by the Internet of Things is the question of security. With a new world of devices from various vendors (of varying competence) connecting together, how are things being secured? According to Jeff John Roberts at Gigaom, the answer is simple: they aren't.
Not so long ago, the question of what is and is not hackable was fairly simple - you could point out the computers and be done with it. With IoT, though, most everything becomes hackable. Fears of terror attacks and murder may be a bit dramatic, but the problem is still significant. Roberts points out a few examples:
How, for instance, are executives in charge of IT or trade secrets supposed to safeguard information when even the clothes of their employees might act as sensors? And hushing up a secret meeting between two companies will be [harder] than ever as executives and their staff wear more items — bracelets, watches, garments and so on — that transmit their location.
And even on a smaller scale, home automation will present a real security risk for individuals. Roberts' argument doesn't center on how to secure IoT, though - that's been covered. Instead, Roberts focuses on the legal reality of IoT. In other words, when security is breached, who is to blame?
The one doing the breaching is obviously to blame, but that doesn't take everything into account. For example, are companies liable for the security failures of their products? The connected nature of IoT products makes them fundamentally different from traditional Things one finds on store shelves - consumers are essentially co-owners, along with those who run (or shut down) servers and update software - so it makes sense to expect some degree of responsibility from distributors. Roberts points to past product liability scenarios - lead paint, for example - but also to the fact that liability is not currently clear:
For now, the law doesn’t treat services like Apple’s iCloud or Snapchat as defective products — even when they unexpectedly harm people by exposing their private lives to the whole internet. In the future, judges may start asking if the concept of “privacy by design” should become a safety standard, and even require internet companies to adopt the same pre-cautions as auto makers or playground designers.
It's hard to say which way the laws surrounding connected devices will go, but as IoT grows, these questions are likely to become a mainstream conversation.