Day 1 of the ABA Internet of Things Institute: So, come to find out, the Internet of Things (“IoT”) is not the precursor to SkyNet or a rampant abuse of power by Big Brother. It is fascinating, and yes, slightly frightening. The simple fact is, the IoT is just like any other rapid advance in technology – it is power that can be used for good or ill. It provides safer cars, more productive businesses, and cleaner, more efficient energy grids. It also provides more pervasive avenues for malefactors to hack into our daily lives. But the bottom line is, the IoT is not going away, so it is imperative to understand it and implement sound security practices.
Some takeaways from Day 1:
- The IoT is a broad term for a world where everyday objects are connected, have software and are networked.
- Computer scientists predicted the IoT in the 1980’s.
- The most commonly know examples of the IoT are consumer goods like thermostats and light bulbs with sensors to monitor how many people are in a room at a given time and software to interpret that data to more efficiently allocate energy consumption.
- Consumer products are just the beginning: more necessary and beneficial uses include smart energy grids, smart water solutions, smart cities and infrastructure, autonomous cars, agricultural improvements, and medical products like medicine pumps, defribulators, and monitoring devices for the aged (which will double in population by 2050).
- We need to understand that connected devices are nothing more than computers, and computers can be programmed to do whatever you want. So yes, that smart refrigerator can be hacked to send out malicious emails.
- Because of this threat, we need to rely on sound engineering principles and strong encryption when developing IoT devices.
- Manufacturers of IoT devices need to remember that they are actually developing software and not just cool gadgets.
- Consumer protection must always be at the forefront of development.
- Computer scientists were able to convert first generation electronic voting machines into Pac-Man games.
- Industry cannot rely on Congress to legislate IoT security. We have to rely on Industry sector regulation and consumer protection laws.
- You cannot regulate what you can’t define. According to one U.S. Senator, the IoT is moving too fast, its too big, and it changes every day.
- The IoT is currently a $2 Trillion economy and will grow to $11 Trillion by 2025.
- Don’t fear autonomous cars – 95% of auto accidents are due to driver error. Autonomous vehicles will make roads safer, including not only individual vehicles, but the trucking industry as well.
- The IoT is expected to create a 10-25% savings in energy consumption and manufacturing processes for industry. Business will have to implement IoT devices to remain competitive.
- The IoT is the 4th industrial revolution and will fundamentally change organizational behavior, as well as perceptions of privacy, security, ownership and interpersonal relationships.
- Good with the Bad: the IoT will also unquestionably create difficult societal, business, and ethical problems, such as job loss or restructuring, privacy and security issues, cyber-terrorism threats, cross-border data flow issues, data ownership issues, and dangerous digital divides (access, literacy, and acceptance of IoT).
- Abuses and abusers will evolve. Bad actors will remain bad actors. The IoT will not change human behavior, but will give bad actors new tools to be bad actors.
- There will be an estimated 30 billion IoT devices by 2030.
- The raw cost of utilizing encryption is approximately 2 cents per device.
- HIPAA and HITECH require healthcare providers to encrypt patient personal health information.
- Cloud computing raises significant legal and ethical issues for every organization that uses the Internet.
- The key to safely navigating the IoT and protecting your organizational information and the information of those you serve is security by design and front end engineering.
- Cyber liability insurance is a good idea, but not the cure – coverage is not always sufficient, insurance companies may seek to deny coverage, and insurance does not fix the problems caused by a breach or recover the information lost.
- The value in the IoT is the aggregation of data that by itself is useless.
- Privacy concern and policy discussions must be viewed in context with the beneficial uses of the IoT.
- 42% of consumers believe that privacy concerns outweigh the benefits of the IoT because the focus is on the consumer products, not the societal benefits.
- IoT devices are increasingly becoming threat vectors.
- IoT devices and software that utilize the collected data could be protectable intellectual property even though the data itself is not.
One thing is certain. The IoT presents the greatest potential for human connectedness and technological advances in history while simultaneously presenting the greatest potential for security and privacy abuses. The idea of a global community where information flows freely for the betterment of humanity is an exciting one. However, we must temper that laudable goal with the stark reality that the same technology that frees us can also be used by bad actors to compromise that freedom.
In the immortal words of Peter Parker’s Uncle Ben: with great power comes great responsibility. Attorneys and other professionals specializing in information security and privacy must be at the forefront of the IoT. So too must others (traditional attorneys, healthcare providers, financial services professionals, business owners, and governmental leaders) understand the benefits and threats posed by the IoT and seek advice from people best equipped to shepherd them through this new age.
ICKES CALHOUN HOLT is a full-service, team-driven, and client focused law firm in Northeast Ohio concentrating on information security and governance. Information is the DNA of modern organizations and ICKES CALHOUN HOLT is dedicated to advising clients on how to protect its information. Please contact us to discuss establishing or improving the information governance policies for your organization.