Top 5 Legal Issues in the Internet of Things, Part 5: Physical Safety

https://creativecommons.org/licenses/by/2.0/

alberto racatumba / flickr

In this series of articles on the Internet of Things, we’ve examined two ways in which IoT devices can be intentionally abused (data security, invasion of privacy), and two systemic limitations that could impede the IoT’s growth (bandwidth overload and lack of interoperability between copyrighted software).  The final topic I will address in this series–physical safety–straddles that divide, and includes both accidents and bad acts.

The prospect of accidents arises anytime we cede control of critical functions to a machine. During last winter’s record cold snap, for example, some people woke up to find that their “smart” thermostats had crashed. Apparently, “a software update introduced an incompatibility with some Wi-Fi routers that caused a increase in power consumption—and some thermostats suddenly couldn’t charge themselves fast enough.” To be sure, these sorts of things happen with any digital device.  But, as one tech writer keenly observed, ” there’s an added challenge to bringing smart devices like these into your home: A crashed phone is an annoyance. A crashed thermostat during sub-zero temperatures is a much more serious situation. That’s why companies like [this] have to reach levels of reliability and support that traditional tech companies never could.” One could imagine serious consequences stemming from the failure of various home automations, including smoke alarms, sprinklers, ovens, and more.

apple maps 2014-03-16 23.06.11By the same token, tomorrow’s self-driving cars will be responsible for cargo much more precious than we’re used to allowing robots to handle. Mapping programs today are good–incredibly good, compared to the Trip-Tiks of the past–but not infallible. They still don’t know which side of a building you need to enter from, and occasionally have no idea at all where your destination is. The infamously error-plagued launch of Apple Maps in 2012 resulted in a number of stories like this. For example, it once sent me through the mile-long Liberty Tunnel in Pittsburgh, just to tell me to turn around and come back the other way. Australian police called Apple Maps “life-threatening” after “at least six Australians [in a month were] left stranded in the desert after following directions by Apple’s mapping service.” Before we can trust our cars to drive our families from place to place, we’ll need a lot more reason for confidence that they know the way and can avoid obstacles and accidents.

And then there are the myriad ways criminals will find to manipulate flaws in IoT devices.  We’ve already discussed those who will hack into IoT devices to steal personal data. But as more people start locking their doors with internet-connected bolts–a process that is already well underway–you can bet there will be many tech-savvy burglars who attempt to pop those locks open with keystrokes instead of crowbars.

Cars, too, can be hacked.  At the 2013 DefCon conference, two security researchers demonstrated how to hack into the computers inside a 2010 Ford Escape and a 2010 Toyota Prius to take over the steering, acceleration, breaks and other important functions. And that’s just with the digital technology that was available in cars five years ago.  Imagine what could be done in today’s vehicles, let alone those designed to rely on internet signals for their steering and direction.

How far could this go?  Daniel Suarez‘s seminal techno-thriller Daemon–about a sophisticated computer program that worms its way into computers around the world and eventually spawns an entire army of connected devices–begins with the murder of a single individual using a networked booby trap. The scenarios painted in the book may be fictional, but they are far from implausible. Surely, it is only a matter of time before networked devices are used to intentionally inflict physical harm.

None of my analysis–either in this post or in this series–should be read as a screed against developing the IoT. That would be as pointless as arguing against the tides; they will arrive regardless of anyone’s opinion. But there is plenty of room for foresight and advance planning, to ensure that the network of devices that already exists and that grows more complex every day is built in an intentional, prudent manner that maximizes its utility to society and minimizes its dangers.