The Future of the Internet of Things: Utopia or Disaster?

Guest post by Mr. Leon Silver.

Leon Silver, National Practice Group leader of Gordon & Rees’ Retail & Hospitality Practice Group and a privacy law expert, hosted a seminar on Privacy and The Internet of Things on June 25 at the State Bar of Arizona annual convention at the Arizona Biltmore. He provided this recap of the discussion.

Throughout the many articles and blog posts on the topic of the Internet of Things (IoT), I’ve noticed a recurring theme. Everyone is talking about the fact that no one is talking about the privacy implications of ubiquitous connectivity and data mining through the IoT. This summer I had the opportunity to lead a panel discussion at the Arizona State Bar convention to further the conversation about privacy and security on the Internet of Things.

The panel included K Royal, Privacy Counsel at CellTrust, Inc., an attorney and compliance professional with over 20 years of experience in the legal and health-related fields; Dan Christensen, Global Group Counsel of IT, Privacy & Security at Intel Corporation; and David Bodney, partner at Ballard Spahr, LLP, a litigator focusing on media and constitutional law.

I kicked things off by posing the question of the day: “Will the Internet of Things result in a utopian future, or a dystopian future?”

I then asked the audience not to shut off in our back pockets, but to grab their phones, turn them on and make use of them to actively share the information being discussed. My intention? To spark more of the very conversations the seminar was seeking to have.

We were honored to have guest speaker Frank Jones, vice president of the Internet of Things Group and general manager of the Operations and Group Marketing Division at Intel Corporation, share his insight with the group. Mr. Jones provided an overview of the vast scope and rapid progress being made on the IoT. He explained that in today’s world, we create as much electronic data every two days as we did from the dawn of civilization up until 2003.

The IoT will help solve challenges around the globe, he explained, by driving growth and helping to solve critical problems such as illiteracy and water supply. According to Mr. Jones, this movement is already in process and actually began with the introduction of the smartphone.

Intel is committed to making this a positive movement, he said. “The core value and base of IoT will be security,” said Mr. Jones. “Without security as the foundation, nothing is possible.”

In order for IoT to progress, “cooperation across the industry is necessary.” Mr. Jones said companies that are otherwise competitors will have to join forces and create a uniform platform to make way for IoT because this is something that can’t be done alone. With security as the foundation and an established industry-wide standard, adopting IoT to generate global solutions will be a reality.

In his words, IoT is about connecting the unconnected and unleashing data to enable unprecedented transformations. IoT will touch everyone on Earth.

So how much connectivity can we bear to have in our personal life?

As ideal and exciting as IoT seems to be, the panel, the audience and I were all too aware of the dangers and risks associated with this new era of technology.

I asked if the one layer of security that manufacturers build into systems is enough to protect us. Mr. Christensen replied, “No it’s not. One layer at the base is not enough.” He explained that IoT is like turning a house with only one, easily secured window, into a glass house. Massive vulnerability will be created, resulting in a lack of control. Repurposing of information will be an issue, the quality of user consent will be crippled, and jurisdiction creep will become a serious issue. How will security policies/laws change from country to country? These are just a few of various concerns raised by Mr. Christensen.

When asked who would own our personal information in this IoT era, Mr. Bodney said this would depend on the agreement. Very much like today, “If you want to participate, you are consenting.” It is unknown, however, how the law will treat this issue when data is collected without consent and in the gray areas of a person’s reasonable expectation of privacy. The commercial and private use of drones, for example, has raised far more questions than have been answered.

Ms. Royal questioned whether you could own private personal data when each country defines “private personal data” differently. In the U.S., federal rights to privacy are for customers of certain industries (education, health, financial). Other countries, however, ascribe privacy rights on the basis of being an individual, rather than being a consumer. While most agree that health data and financial information are sensitive, nations differ as to the scope. Israel, for example defines personality as sensitive information. Australia includes membership in a professional organization as sensitive, whereas here in the U.S., you can buy a list containing that information. Some countries define arrests as sensitive (not just convictions), whereas the U.S. considers that public information.

So what can be done to protect personal data? Ms. Royal informed the audience that there are companies that specialize in keeping information private. She suggested that consumers read through privacy policies, find “off” switches, and disconnect devices when not in use, install security updates, opt out of Wi-Fi connectivity on devices if it isn’t important to them, and accept the fact that devices collect data or stop using them altogether.

The biggest threat, Mr. Christensen explained, remains organized crime. “Organized crime is still the biggest problem area.” These are the groups that try to get into bank accounts — hacktivists and malicious insiders.

The audience wanted to know if there would be a group to lobby for the protection of privacy as the IoT movement takes off, and if so, what group they should be keeping an eye on. Ms. Royal said there has been a Consumer Privacy Bill of Rights push more than once, but unfortunately, it has never fully materialized.

In response to the question whether we can expect Congress to provide legal protection to children, Mr. Bodney stated that because the pace of technology is so rapid, Congress has a tough time keeping up. By the time Congress gets around to adopting these new laws and policies, said Mr. Bodney, technology will have surpassed any legislation. Regardless, young people have a different sense of privacy than older generations, he added. “They grew up in this environment and are far more comfortable in it.” Ms. Royal added that younger generations are often referred to as “digital natives” and older generations are considered “digital immigrants.”

Mr. Christensen believes manufacturers should cater to the consumers that value privacy. He mentioned consumers must be aware, however, of the risks they take every time they get a hold of new devices. For example, as soon as customers open a new Intel device, the first thing they see when they open the box is a note that informs customers that by turning on the device, they are agreeing to Intel’s terms and conditions, including their privacy policy.

If you value your privacy, Ms. Royal suggests looking for companies that feel the same way. “Maybe one day there will be a list of companies that value privacy.”

As the seminar came to a close, I asked each panel member the same question I had asked earlier. Will the Internet of Things result in a utopian future, or a dystopian future? Each panel member responded with an optimistic, “Utopian,” although some were more “cautiously optimistic” than others.

I urge that not only lawyers, but everyone, pay attention to our personal privacy and what is being done with our personal data.

 

Disclaimer: The views expressed here are solely those of the author in his private capacity and do not in any way represent the views of TheDigitalCounselor.com, any other poster/blogger of this blog or any entity affiliated with blog posters.

Bitcoin: How will this new “currency” affect you?

The other day I was making a purchase online and listed along with the other payment options– pay pal and credit card– was bitcoin…. What’s a bitcoin?  Can you actually use this to make purchases? Is this form of payment secure? How do I get bitcoins?

What is a Bitcoin?
 

A bitcoin is a form of virtual currency that only operates in cyberspace.

A virtual currency can be defined as a type of unregulated, digital money, which is issued and usually controlled by its developers, and used and accepted among the members of a specific virtual community. In 2009, the “Bitcoin” network was launched, introducing a worldwide virtual currency.

Bitcoin permits buyers and sellers to interact anonymously to facilitate instantaneous payments for goods and services, without the involvement of a third-party such as a bank. Bitcoin may be purchased to start but you must “mine” bitcoins. Mining is a resource-intensive processes where miners use special software to solve math problems and are issued a certain number of bitcoins in exchange.  Here are a few interesting facts about Bitcoin:

  • Bitcoin is typically stored on a user’s personal computer or in cloud based accounts called “wallets.”
  • Bitcoin wallets do not meet the UCC’s definition of a deposit account as they are not maintained with a bank.
  • Bitcoin wallets are not insured by the FDIC.​
  • Bitcoin has a high likelihood for extreme value fluctuations.
  • Bitcoin is gaining popularity.
 
The Warning!
On March 11, 2014, FINRA issued an Investor Alert to caution investors of the “significant risks” of buying and speculating in bitcoin and other digital currencies, as well as the risk of fraud and cybercrime related to online bitcoin exchanges and other bitcoin-related service providers.
Specifically, the alert outlines several risks surrounding the usage of and speculating in bitcoin, including:

  • Bitcoin and other digital currencies are not legal tender and if the trust built up among individual users and businesses should vanish, bitcoin would be valueless.
  • Online exchanges that allow users to buy and sell bitcoin and digital wallet services that allow users to store bitcoin are magnets for cyberthieves.
  • Because bitcoin transactions are essentially anonymous, users must take extra care to avoid fraudsters posing as legitimate services.
  • Bitcoin has been used for illicit transactions and such activities could impact users and speculators if an online exchange or service is shut down by law enforcement.
  • Price volatility has been bitcoin’s hallmark in recent years, and there is no uniform value of bitcoin across the various exchanges.

Is bitcoin the future?
Given the variable nature of bitcoin, it’s hard to foresee the future. Many questions remain: How will state or federal legislators regulate the bitcoin system?  Will volatility and data security destroy confidence in bitcoin?  Will bitcoin emerge as a standard payment option, remain a niche product, or otherwise become less interesting, but more predictable under new regulations? Will the average consumers embrace this new currency?

 
​Should Small Business Owners Use Bitcoin?
I would caution against it if your company will not survive the associated risks and building the necessary infrastructure. Accepting bit coin will necessitate updates to refund and exchange policies, calculation of sales tax, when to lock in the rate, etc.  Additionally, users will need to monitor developing regulations and consumer perception of bitcoin.  This volatility can be hard on sellers especially small sellers that rely on every dollar to survive and thrive. 
 
The retailers and other businesses that have announced that they are accepting bitcoin as payment are not established “brand” names that perhaps have a higher risk tolerance. One exception may be Overstock.com.  The major brands may soon follow. We have seen Vegas casinos, and Congressman accepting bitcoin.  But it seems the major brands are waiting to see how legislation develops,how consumer opinion develops, if the value will stabilize, etc before dabbling in a currency that offers little to no stability. The companies using bitcoin are predominately brands that have the benefit of anonymity, are seeking publicity or have a consumer base that is actively using bitcoin and will understand the volatility. Unless you run a tech business that caters to the bitcoin-savy, use caution when exploring new payment options. Your budding company may not bounce back from a dive in the value or new regulations that may emerge. Build a strong brand and strong consumer base then consider taking risks. Bitcoin may not be going away anytime soon but asses legal/regulatory, commercial/financial, and reputational risks before deciding whether to make bitcoin a part of your business.

 

Do You Own Your Digital Media?

ReDigi is a start-up launched in October 2011 that claims to be “The World’s First Pre-Owned Digital Marketplace”. Users are asked to sign up and submit the digital music files they wish to sell. ReDigi’s system verifies the file to check that it is legitimate and then uploads it to ReDigi’s servers, where it is made available for another user to buy. While a music file on iTunes costs around US$0.99, a “pre-owned” digital music file will set consumers back about US$0.69. The premise, according to founders Larry Rudolph and John Ossenmacher, is that if a person buys digital media, they should have the right to sell it too – in the same way that physical goods like books or clothes can be resold.

Makes sense, right?!  Especially if you own the music that you download. Well music recording companies do not agree.

Is a second-hand store for legally obtained digital music and movie files legal just like stores for second-hand clothing and books? This is the question raised by a lawsuit in New York between Capitol Records LLC (EMI) and ReDigi Inc. The hearing took place on October 5, 2012. EMI has sued ReDigi’s for copyright infringement. EMI’s demands ReDigi to pay a penalty of $150,000 for each song in EMI’s catalog that was sold via the service since its launch.

EMI argues that the process of removing a file from one computer, “re-selling” it and moving it to another computer inherently involves reproduction – and unless there is a permission or license from the copyright owner, this amounts to breach of copyright. There are also concerns that there is no guarantee that all the original owner’s copies have been deleted. EMI is demanding ReDigi pay a penalty of US$150,000 for each song in its catalog that was sold through ReDigi since its launch.

ReDigi responds by saying that there is no “reproduction” involved in the process, and “there is never an instance where the music file exists in more than one place or can be accessed by more than one user”. It argues that its software is designed to prevent sellers from reinstalling a sold song to their computer. ReDigi’s key argument focuses on the US first sale doctrine, which allows owners of lawfully acquired copies of copyrighted material to re-sell that particular material without interference from the copyright owner. In Australia, the resale of physical items is largely unproblematic in terms of copyright law; however, the resale of digital material is a grey area.

There are usually terms and conditions agreed to before customers can buy files from online marketplaces. For example, iTunes’ terms and conditions do not explicitly prohibit customers from reselling their purchases.  Will music providers take it upon themselves to change these terms and conditions if this case is not decided in their favor? Are we loosing our right to actually own digital media? How long before we are merely licensing everything and paying the same rate we would’ve paid to own this media in another form? Should we cling to CDs and cassette tapes in order to have an actual ownership interest in the music and other digital media we purchase?

This decision made in the case will be far-reaching. Not only will the rights we have in music we download be forever affected, ReDigi has already announced plans to expand its business into the e-book market.  This could lead to another judicial battle between ReDigi and digital book companies (such as Amazon) over whether digital book can be resold after it has been lawfully purchased.  Ownership in digital books has already come into question in cases where Amazon has deleted consumer purchases and denied access to their account for what they call a “violation of their purchases. But what about the digital books legitimately purchased by customers? If we do not own the original there is little chance consumers will have the right of resale.

I am very interested to see how Capitol Records LLC (EMI) v. ReDigi Inc. plays out. This will have a lot of bearing on the standards set for our rights as consumers as it relates to digital media. I think whatever the decision this is the start of a very long legal battle. I hope that the ownership rights of consumers are a legitimate consideration and that a compromise can be reached that protects both the consumers and the record companies.