As the use of Internet of Things becomes more prevalent, the importance of addressing present and future challenges faced by the ecosystem become more relevant. A report (pdf) by Consumer International highlights the challenges that need to be addressed, with context to present or future systems. Here are the top 10 issues around IoT that present a challenge to users, manufacturers, service providers and regulatory bodies:
- Who owns your data? Erosion of ownership: In the case of John Deere tractors vs farmers, the company claimed that “A vehicle owner does not acquire copyrights for software in the vehicle, and cannot properly be considered an ‘owner’ of the vehicle software,” when farmers modified their vehicles. John Deere said that“farmers don’t own their tractors. Because computer code snakes through the DNA of modern tractors, farmers receive an implied license for the life of the vehicle to operate the vehicle.” “A vehicle owner does not acquire copyrights for software in the vehicle, and cannot properly be considered an ‘owner’ of the vehicle software.”Cases like these underline the conflict that will arise when software distributed with hardware is necessary for its working, but is not free to be modified like owned hardware.Nikhil adds: there are startups like Farmobile which allow tractor owners to own their data.
Also read: We are data.
- Lack of transparency and clarity about data collection: As devices start linking to each other and carry out different functions, it will become more difficult to ascertain if the product is working as promised. For example, in 2013, a UK blogger discovered a default setting which said “collection of watching info” set to on, on LG smart TVs.
- Liability and responsibility issues: Identifying the failing point of a service can be hard to detect. Similarly, it can be hard to keep track of all the parties involved in data collection or providing the service. For example a fitness tracker’s data can be shared with a health insurer, a device manufacturer, third party apps, or on the social network, with the user unaware of what is shared with which provider.
- Merger of databases and data types can be a security risk: Different kinds of data will be collected from consumers, aggregated and merged, posing a high privacy risk. For example, in 2015, Samsung used its voice activated software on TVs to record private home conversations.”One of the most significant Internet of Things-related data privacy risks stems from the fact that devices are able, and indeed designed to, communicate with each other and transfer data autonomously to an external partner (such as a device manufacturer). With applications made with privative software operating in the background, it will become more difficult for individuals to see if, when and how processing takes place, and the ability for data subjects to exercise their data privacy/protection rights may therefore be substantially limited. This applies to surveillance by state actors and has implications for civil rights and freedoms, as well as relevance for what might be called ‘corporate surveillance’. “
- Security risks related to lack of upgrades: IoT devices are more or less designed without an ability to be upgraded, for example to 2015 Fiat Chrysler recall of 1.4 million vehicles to fix a vulnerability that allowed attackers to wirelessly hack the vehicle. The level of risk will be relative to the nature of the data and the device, for example, hackers caused a blackout in Ukraine leaving more than 230,000 residents in the dark. Other examples include when toymaker VTech’s connected toys were hacked exposing data of 6.4 million kids, and the case of hacked baby monitors.”For Internet of Things health applications, the ongoing collection and sharing of sensitive personal data in an interconnected and open environment raises questions for patient confidentiality in terms of revelation of sensitive details to untrusted sources.”
- Limiting usage of devices via DRM: The previous point creates another problem where software loaded on devices comes with DRM or other restrictions. Similarly the end user licensing agreement could decide how a user could use a device and what apps and software they can use on it. Such policies adopted by companies will prevent interoperability between incompatible systems, letting rights holders decide how consumers consume content or use the device.– Locked-in: Service providers can easily lock in users by limiting interoperability and making consumers stick to products made by one brand. There is also the lack of an ability to port data between content providers if users wish to change ecosystems.
– Locked-out: Locked-out is the opposite syndrome, where users have no choice but to use a particular system. Examples include the smartcard system in London that removes the option to pay by cash on inter-city bus journeys, and the UK smart meter plan to install smart meters in all households in the country by 2020 without an opt-out.
“Anti-circumvention laws prevent interoperability between incompatible systems, giving copyright holders powerful new rights to control the devices on which media can be enjoyed. This new power impedes competition and creates a monopoly for existing industry players at the expense of innovative competitors. Anyone who wants to build adjacent or compatible devices must secure the permission from the copyright holder of the media, a radical new concept for copyright.”
Potential sanctions from DRM infringements of Internet of Things devices raise significant concerns.
- Challenges of Hybrid products: Many Internet of Things products are sold as hardware with software as a service. Consumers who buy a particular piece of hardware may use it for multiple purposes, but there are significant limitations that can be put on their usage via the software, which has certain protections: the product itself is owned by the customer, but the software is licensed. From a consumers perspective, will the presence of software mean operation of the device will be subject to contract terms, which may put unexpected limitations on product use?
- Network Effects and dominance of larger players: A locked-in system “could well be one design of the Internet of Things which would not necessarily prevent, but would certainly limit, the potential of it to meet consumer directed outcomes in an open and fair way. Such a design will invariably favour large global corporations able to provide the biggest coverage of applications to consumers. These companies already hold significant influence and power, partly because they provide socially-driven services whose inherent value comes from the ‘network effect’ of having lots of people using and shaping them.For example, a search engine’s algorithm which is based on people’s previous searches or a social network whose unique selling point relies on putting the most amount of social connections in one place. The value of such services, is, as Robert Metcalfe proposed for telecoms in the 1980s “proportional to the…number of connected users of the system”111 The speed at which such a network can be achieved is significant, as successful first movers can achieve a dominant position very quickly. For Internet of Things services and businesses to thrive, they will have to gather and connect data from physical objects and people (so called data points), the more data points connected, the more valuable the insight from this data. So we can already see why it would be in businesses’ interests to exploit the network effect of Internet of Things applications.”
- Jurisdictional issues mean consumers don’t know which laws apply: The interconnected nature of devices and appliances, as well as across national borders and jurisdictions means that a range of national laws may be applicable: this can be confusing for consumers, and make it difficult for authorities to enforce laws.
- Complexity for consumers, because of interconnectedness of multiple devices: Legislation, regulation and standards relating to consumer redressal redress are ineffective at keeping pace with the digital economy. Multiple devices and platforms across jurisdictions with partnerships between multiple types of entities across jurisdictions will throw up issues of “liability, intellectual property ownership, and compliance with consumer protection regulations”.Consumers will have to manage manage security threats at multiple levels, and process a number of relationships between providers for redressal, if things go wrong, because of “The amount of contracts a consumer may enter into in an interconnected environment and the provisions they must adhere to”
General issues: Other general issues that will take time to sort out include the working out of standards for IoT, a sound regulatory framework that can work across borders and consumer protection mechanisms.