Have You Updated Your Toaster? Transatlantic Approaches to Governing the Internet of Everything

51 Pages Posted: 25 Jul 2018 Last revised: 7 Apr 2020

See all articles by Scott Shackelford

Scott Shackelford

Indiana University - Kelley School of Business - Department of Business Law; Harvard Kennedy School Belfer Center for Science & International Affairs; Center for Applied Cybersecurity Research; Stanford Center for Internet and Society; Stanford Law School

Scott O. Bradner

Harvard University

Date Written: July 4, 2018

Abstract

There is a great deal of buzz surrounding the Internet of Things (IoT), which is the notion, simply put, that nearly everything not currently connected to the Internet from gym shorts to streetlights soon will be. The rise of “smart products” such as Internet-enabled refrigerators and self-driving cars holds the promise to revolutionize business and society. To substantiate the coming wave, Samsung has announced that all of its products would be connected to the Internet by 2020. Yet it is an open question whether security can or will scale along with this increasingly crowded field, or whether a combination of perverse incentives, increasing complexity, new problems, and new impacts of old problems like “technical debt” amassing from products being rushed to market, will derail progress and exacerbate cyber insecurity. This Article investigates contemporary approaches to IoT security through an in-depth comparative case study focusing on the European Union and the United States. Particular attention is paid to the impact of the General Data Protection Regulation (GDPR) and the Network Information Security (NIS) Directive in the EU, and influence of the National Institute for Standards and Technology (NIST) Cybersecurity Framework, and other leading standards, on IoT security with a focus on mitigating the risk of politically motivated attacks. We analyze transatlantic reform proposals — including the U.S. Internet of Things (IoT) Cybersecurity Improvement Act of 2017 and the potential for a dedicated NIST Framework for IoT security given the international success of the NIST CSF — and argue for a polycentric approach to boosting IoT securing across both jurisdictions by applying lessons from major Internet governance debates.

Keywords: Cybersecurity, Internet Of Things, GDPR, NIS Directive

Suggested Citation

Shackelford, Scott J. and Bradner, Scott O., Have You Updated Your Toaster? Transatlantic Approaches to Governing the Internet of Everything (July 4, 2018). Hastings Law Journal, 2021, Kelley School of Business Research Paper No. 18-60, Available at SSRN: https://ssrn.com/abstract=3208018

Scott J. Shackelford (Contact Author)

Indiana University - Kelley School of Business - Department of Business Law ( email )

Bloomington, IN 47405
United States

Harvard Kennedy School Belfer Center for Science & International Affairs ( email )

79 JFK Street
Cambridge, MA 02138
United States

Center for Applied Cybersecurity Research ( email )

Wylie Hall 105
100 South Woodlawn
Bloomington, IN 47405
United States

Stanford Center for Internet and Society ( email )

Palo Alto, CA
United States

Stanford Law School ( email )

Stanford, CA 94305
United States

Scott O. Bradner

Harvard University ( email )

1875 Cambridge Street
Cambridge, MA 02138
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
282
Abstract Views
3,204
Rank
197,179
PlumX Metrics