Regulating the Internet of Things: First Steps Toward Managing Discrimination, Privacy, Security & Consent
78 Pages Posted: 16 Mar 2014 Last revised: 20 Aug 2014
Date Written: March 1, 2014
The consumer “Internet of Things” is suddenly reality, not science fiction. Electronic sensors are now ubiquitous in our smart phones, cars, homes, electric systems, health care devices, fitness monitors, and workplaces. These connected sensor-based devices create new types and unprecedented quantities of detailed, high-quality information about our everyday actions, habits, personalities and preferences. Much of this undoubtedly increases social welfare. For example, insurers can price automobile coverage more accurately by using sensors to measure exactly how you drive (e.g., Progressive’s SnapShot system), which should theoretically lower the overall cost of insurance. But the Internet of Things raises new and difficult questions as well. This Article shows that four inherent aspects of sensor-based technologies — the compounding effects of what computer scientists call “sensor fusion,” the near impossibility of truly de-identifying sensor data, the likelihood that Internet of Things devices will be inherently prone to security flaws, and the difficulty of meaningful consumer consent in this context — create very real discrimination, privacy, security, and consent problems. As connected, sensor-based devices tell us more and more about ourselves and each other, what discrimination — racial, economic, or otherwise — will that permit, and how should we constrain socially-obnoxious manifestations? As the Internet of Things generates ever more massive and nuanced data sets about consumer behavior, how to protect privacy? How to deal with the reality that sensors are particularly vulnerable to security risks? And how should the law treat — and how much should policy depend upon — consumer consent in a context in which true informed choice may be impossible? This Article is the first legal work to describe the new connected world we are creating, address these four interrelated problems, and propose concrete first steps for a regulatory approach to the Internet of Things.
Keywords: Internet, internet of things, privacy, discrimination, security
Suggested Citation: Suggested Citation