The Future of the Internet of Things: Utopia or Disaster?

Guest post by Mr. Leon Silver.

Leon Silver, National Practice Group leader of Gordon & Rees’ Retail & Hospitality Practice Group and a privacy law expert, hosted a seminar on Privacy and The Internet of Things on June 25 at the State Bar of Arizona annual convention at the Arizona Biltmore. He provided this recap of the discussion.

Throughout the many articles and blog posts on the topic of the Internet of Things (IoT), I’ve noticed a recurring theme. Everyone is talking about the fact that no one is talking about the privacy implications of ubiquitous connectivity and data mining through the IoT. This summer I had the opportunity to lead a panel discussion at the Arizona State Bar convention to further the conversation about privacy and security on the Internet of Things.

The panel included K Royal, Privacy Counsel at CellTrust, Inc., an attorney and compliance professional with over 20 years of experience in the legal and health-related fields; Dan Christensen, Global Group Counsel of IT, Privacy & Security at Intel Corporation; and David Bodney, partner at Ballard Spahr, LLP, a litigator focusing on media and constitutional law.

I kicked things off by posing the question of the day: “Will the Internet of Things result in a utopian future, or a dystopian future?”

I then asked the audience not to shut off in our back pockets, but to grab their phones, turn them on and make use of them to actively share the information being discussed. My intention? To spark more of the very conversations the seminar was seeking to have.

We were honored to have guest speaker Frank Jones, vice president of the Internet of Things Group and general manager of the Operations and Group Marketing Division at Intel Corporation, share his insight with the group. Mr. Jones provided an overview of the vast scope and rapid progress being made on the IoT. He explained that in today’s world, we create as much electronic data every two days as we did from the dawn of civilization up until 2003.

The IoT will help solve challenges around the globe, he explained, by driving growth and helping to solve critical problems such as illiteracy and water supply. According to Mr. Jones, this movement is already in process and actually began with the introduction of the smartphone.

Intel is committed to making this a positive movement, he said. “The core value and base of IoT will be security,” said Mr. Jones. “Without security as the foundation, nothing is possible.”

In order for IoT to progress, “cooperation across the industry is necessary.” Mr. Jones said companies that are otherwise competitors will have to join forces and create a uniform platform to make way for IoT because this is something that can’t be done alone. With security as the foundation and an established industry-wide standard, adopting IoT to generate global solutions will be a reality.

In his words, IoT is about connecting the unconnected and unleashing data to enable unprecedented transformations. IoT will touch everyone on Earth.

So how much connectivity can we bear to have in our personal life?

As ideal and exciting as IoT seems to be, the panel, the audience and I were all too aware of the dangers and risks associated with this new era of technology.

I asked if the one layer of security that manufacturers build into systems is enough to protect us. Mr. Christensen replied, “No it’s not. One layer at the base is not enough.” He explained that IoT is like turning a house with only one, easily secured window, into a glass house. Massive vulnerability will be created, resulting in a lack of control. Repurposing of information will be an issue, the quality of user consent will be crippled, and jurisdiction creep will become a serious issue. How will security policies/laws change from country to country? These are just a few of various concerns raised by Mr. Christensen.

When asked who would own our personal information in this IoT era, Mr. Bodney said this would depend on the agreement. Very much like today, “If you want to participate, you are consenting.” It is unknown, however, how the law will treat this issue when data is collected without consent and in the gray areas of a person’s reasonable expectation of privacy. The commercial and private use of drones, for example, has raised far more questions than have been answered.

Ms. Royal questioned whether you could own private personal data when each country defines “private personal data” differently. In the U.S., federal rights to privacy are for customers of certain industries (education, health, financial). Other countries, however, ascribe privacy rights on the basis of being an individual, rather than being a consumer. While most agree that health data and financial information are sensitive, nations differ as to the scope. Israel, for example defines personality as sensitive information. Australia includes membership in a professional organization as sensitive, whereas here in the U.S., you can buy a list containing that information. Some countries define arrests as sensitive (not just convictions), whereas the U.S. considers that public information.

So what can be done to protect personal data? Ms. Royal informed the audience that there are companies that specialize in keeping information private. She suggested that consumers read through privacy policies, find “off” switches, and disconnect devices when not in use, install security updates, opt out of Wi-Fi connectivity on devices if it isn’t important to them, and accept the fact that devices collect data or stop using them altogether.

The biggest threat, Mr. Christensen explained, remains organized crime. “Organized crime is still the biggest problem area.” These are the groups that try to get into bank accounts — hacktivists and malicious insiders.

The audience wanted to know if there would be a group to lobby for the protection of privacy as the IoT movement takes off, and if so, what group they should be keeping an eye on. Ms. Royal said there has been a Consumer Privacy Bill of Rights push more than once, but unfortunately, it has never fully materialized.

In response to the question whether we can expect Congress to provide legal protection to children, Mr. Bodney stated that because the pace of technology is so rapid, Congress has a tough time keeping up. By the time Congress gets around to adopting these new laws and policies, said Mr. Bodney, technology will have surpassed any legislation. Regardless, young people have a different sense of privacy than older generations, he added. “They grew up in this environment and are far more comfortable in it.” Ms. Royal added that younger generations are often referred to as “digital natives” and older generations are considered “digital immigrants.”

Mr. Christensen believes manufacturers should cater to the consumers that value privacy. He mentioned consumers must be aware, however, of the risks they take every time they get a hold of new devices. For example, as soon as customers open a new Intel device, the first thing they see when they open the box is a note that informs customers that by turning on the device, they are agreeing to Intel’s terms and conditions, including their privacy policy.

If you value your privacy, Ms. Royal suggests looking for companies that feel the same way. “Maybe one day there will be a list of companies that value privacy.”

As the seminar came to a close, I asked each panel member the same question I had asked earlier. Will the Internet of Things result in a utopian future, or a dystopian future? Each panel member responded with an optimistic, “Utopian,” although some were more “cautiously optimistic” than others.

I urge that not only lawyers, but everyone, pay attention to our personal privacy and what is being done with our personal data.

 

Disclaimer: The views expressed here are solely those of the author in his private capacity and do not in any way represent the views of TheDigitalCounselor.com, any other poster/blogger of this blog or any entity affiliated with blog posters.

SCOTUS rules that police need a warrant to search cell phones

As we become more reliant on our devices, they collect more data on us, much of which is extremely private. Access to this data has been a point of contention for some time. The Supreme Court’s decision to hear Riley v. California presented an opportunity to draw clear boundary for police in the area of personal privacy.   Privacy groups have been advocating for requirements on how and when cell phone data can be accessed and used by the government since that decision. On June 25, 2014,the Supreme Court announced a win for personal privacy by deciding that a warrantless search of a suspect’s cellphone data incident to arrest is unconstitutional.

Case Highlights

  • “Modern cell phones are not just another technological convenience. With all they contain and all they may reveal, they hold for many Americans ‘the privacies of life.’”
  • The Court observed that modern phones are mini-computers that perform multiple functions and hold immense amount of personal data, and were themselves inconceivable when the Court had originally permitted police to search individuals incident to arrest.
  • The Court acknowledged that searching a cell phone can potentially expose more information to the government than a search of an individual’s house, given the amount of data typical phones can store. The fact “that technology now allows an individual to carry such information in his hand does not make the information any less worthy of . . . protection.”
  • The Court makes clear that “Privacy comes at a cost,” and that the warrant requirement is “an important working part of our machinery of government” that must be respected.
  • The Exception: Although the Court dismissed all of the arguments that were presented for justification of a warrantless search they did say that in “exigent” circumstances like prevention of a terrorist plot or finding a missing child, that police are able to proceed without a warrant. However, after such a warrantless seizure, a court would still have to “examine whether an emergency justified a warrantless search in each particular case.”

Bottom line

From now on, your phone should not be searched just because you have been arrested. Officers must have a warrant to search your phone, aside from a narrow exception.

What’s Next

This case will play a major role in the already contentious debate surrounding personal privacy. It will be interesting to hear how this changes the application of Fourth Amendment protections to searches and seizures of all computers.