The internet of things (internet of Things, usually referred to by its English acronym IoT) is the next great transformation of the Internet and refers to a technology based on the connection of everyday objects to the Network that starts with toys and appliances and ends in autonomous cars and smart cities. Virtually any object can be part of the IoT, including digital pills that have already been authorized in late 2017 by the United States Food and Drug Administration (FDA).
All these things exchange, aggregate and process information about their physical environment to provide value-added services to the end users. They also recognize events or changes, and such systems can react autonomously and appropriately. Its purpose is, therefore, to provide an infrastructure that overcomes the barrier between objects in the physical world and its representation in information systems.
But this reality opens urgent questions from the legal point of view. In addition to concerns regarding product safety and cybersecurity on platforms, the Internet of Things also raises a number of relevant implications for privacy and privacy, particularly and very significantly with respect to consumer devices. There is no doubt that IoT technology can improve a consumer's experience in large and small ways.
It is urgent to develop legal and technological standards that provide safe and reliable environments
For example, to maximize energy efficiency, the thermostat of each room can be controlled remotely and even adjust the temperatures by itself once you learn the preferences of its residents. But what do these companies do with the massive amounts of data they collect on their customers? Or, what kind of information do consumers provide about their privacy policies and what options do users have to decide how their data is used? And, how will companies protect their confidential information so as not to be compromised in a cyber attack? These are all issues that should be considered as this technology continues to expand its reach at an exponential rate.
For pointing out another relevant example, millions of citizens use devices and garments that record their physical activity and other health indicators. There are already insurance companies that are offering their customers a discount on the policies if they use such devices and demonstrate a healthy lifestyle, but beyond encouraging healthier behavior on the part of their insured, it is not clear in what other way Insurance companies may try to use this personal information in the future. Will it be sold for marketing purposes? Or will it also be used in a discriminatory way to determine your suitability for credit or work?
This being the case, the phenomenon that Byung-Chul Han has baptized as the society of transparency derives from all this. ICT, IoT and modern devices and hyperconnected objects naked socially. That is why it is "ingenuous the ideology of post-privacy", Which demands" in the name of transparency, a total abandonment of the private sphere in order to lead to transparent communication ". Both concepts are icon, the total symbol of the Internet of things: the communication between people, things, machines and environments that makes transparent and vulnerable what happens in their bosom, in their environment.
On the other hand, the ecosystems of the Internet of Things, created by companies from different sectors, including ICT industries but not only these, have not tried to apply open standards that propitiate competition. It can be detected, contrary to Internet traditions, that there is a resurgence of closed platform approaches as opposed to interoperability and compatibility. These models, by design or at least as a practical result, enclose users in patented ecosystems that impede competition and maximum innovation in the market.
Throughout most of the history of the Internet, anti-competitive and exclusive approaches (it is worth recalling here the closed, patented and non-interoperable systems of the 70s and 80s of the last century) have been considered contrary to innovation and were replaced by technical standards and open protocols (for example, TCP / IP and HTTP), which have driven innovation and new offers of products and services. In short, they have been the engines of the Network's success as an open and neutral network par excellence.
But many of the internet of things systems are closed and incompatible, which can serve to better control invasive surveillance, cyber attacks and digital conflicts. In front of them, open systems, which are typically developed in more participatory and inter-company approaches and that allow public verification, tend to have reinforced security features and fewer protocol vulnerabilities than patented specifications, which are closed in their development and are not open to inspection and extensive technical supervision. This is another question to be clarified.
The internet of things has already given rise to important technological advances, and as its scope expands, it has the potential to drive the next Internet revolution. The urgent challenge is finding the right balance between promoting this innovation and ensuring that security and privacy are protected while this valuable technology continues to grow.
The technological change of the IoT will require clear legal frameworks, national but above all of European and international scope, to provide legal security in the sector. These should, at least, address the following issues:
- the form of identification of the objects;
- the authority responsible for assigning the identification;
- the means to obtain the information relative to the object;
- the guarantee of information security;
- the technical standards;
- the general ethical and legal framework of rights and obligations in the IoT;
- the control mechanisms.
The difficulty will lie in the ability to develop legal standards that are flexible and innovative enough to adapt to the environment of progress and with rapidly evolving cyber threats inherent in IoT technology. Although some progress has been made in this area, mainly within the European Union (at least on paper), it remains to be seen how the recently adopted legal instruments will be applied in practice.
Finally, the legal regulation of the internet of things must be done through laws and regulatory standards, but also including public-private collaboration, and strengthening international collaboration between States and transnational actors, since the phenomena embedded in it they tend to be related to the jurisdictions of multiple States involved to regulate what happens in the networks, the crimes committed in them, as well as to prevent and punish attacks against fundamental rights, such as freedom, security, privacy or data protection
To conclude, we must also highlight the role of professionals in engineering, mathematics and computer science, among other qualified technical experts, to contribute to safety and, in turn, to privacy in the environment of Internet of Things. This is because new network architectures immune to the breakdown of security and the invasion of the privacy of people with such structural features embedded in their design will become increasingly necessary.
This implies that it is urgent to develop legal and technological standards that provide safe and reliable environments that avoid the perception of users that the use of these disruptive technologies makes them vulnerable to opportunistic people or organizations that obtain benefits by diminishing their rights.
Moisés Barrio Andrés He is a lawyer of the Council of State, Professor of Internet Law and Expert in Cyberlaw and author of the book Internet of things.