Internet of Things

The Internet of Things (a/k/a "IoT") is the next evolution and is making a remarkable impact on technology. Devices are now able to communicate with each other through embedded sensors that are linked by wired and wireless networks. For example, they include thermostats, automobiles, or pills that permit a physician to monitor the patient's health. Technology advancements allow networks and objects they connect to become more intelligent. The factors that are currently driving growth, include, development of smart cities, smart cars, and smart homes. In fact, some companies have predicted that in the near future more than 40 billion units will be connected to the Internet. However, there are concerns with privacy, security, and regulation.

The Internet of Things is governed by information that's stored by devices without human intervention. So, privacy may be compromised through different technologies. Also, devices may not interact well due to development on incompatible platforms (i.e., lack of interoperability). The Federal Trade Commission has issued a report that urges companies to adopt best practices to address consumer privacy and security risks.

Now, wearable technology is able to generate constant, convenient, seamless, portable, and hands-free access to electronics and computers. This technology can be used in the military, law enforcement, entertainment, and healthcare industries. However, with every benefit comes a risk (e.g., violation of privacy rights). Drones (i.e., flying robots) are being used by military and non-military persons. These flying robots (e.g., UAS/UAV) are remotely-piloted autonomous systems. They are useful for covert operations. However, adapting to new devices has not been easy for society due to concerns over privacy, security, and regulation.

In order to adapt to this evolution, the legal system must concentrate on the interaction of information technology with other industries. Our legal system must implement a uniform view to accommodate information technology. For example, remote access allows criminals to obtain access to a network that contains confidential information. Other issues with remote access, include, data privacy, protection of proprietary rights, and liability for unauthorized use of systems.

The Federal Trade Commission holds public workshops to explore consumer privacy and security issues posed by the growing connectivity of devices. The workshops focus on privacy and security issues related to connectivity for consumers-both at home (e.g., smart home appliances) and when consumers are mobile (e.g., fitness devices, personal devices, automobiles). In addition, the European Union has addressed the issues and risks (e.g., privacy, security, regulation). In March 2015, the European Commission initiated the creation of the Alliance for Internet of Things Innovation. This alliance flags the European Commission's goal to work with the interested parties to promote innovation. The alliance's objective is to develop and support dialogue and interaction among the players.

The rapid proliferation of Internet of Things (IoT) devices has prompted legislative bodies worldwide to establish regulations ensuring their security and privacy. Below is an overview of recent state, federal, and international laws related to IoT:

IoT Cybersecurity Improvement Act of 2020: This federal law mandates the National Institute of Standards and Technology (NIST) to develop minimum security standards for IoT devices owned or controlled by the federal government. The Office of Management and Budget (OMB) is responsible for issuing guidelines to federal agencies to ensure compliance with these standards.

California's IoT Security Law (SB-327): Effective January 1, 2020, California requires manufacturers of connected devices to equip them with "reasonable" security features appropriate to the nature of the device and the information it collects.

Product Security and Telecommunications Infrastructure (PSTI) Act 2022: The UK has introduced laws mandating cybersecurity standards for IoT devices, aiming to protect consumers from cyber threats and enhance national resilience against cybercrime.

Cyber Resilience Act (CRA): Proposed by the European Commission, the CRA aims to establish common cybersecurity standards for digital products and services such as IoT devices. Full enforcement is expected by 2027, with some provisions starting in 2026.

U.S. Cyber Trust Mark Initiative: Launched by the United States federal government, this voluntary labeling program helps consumers identify IoT devices that meet federal cybersecurity standards. Devices like baby monitors, home security cameras, and fitness trackers can display this label, featuring a shield logo and QR code for additional security information.

FCC's Cybersecurity Proposal: In response to cyber threats, the Federal Communications Commission (FCC) has proposed new cybersecurity requirements for telecom operators. This initiative aims to mandate basic cybersecurity measures and the development of detailed cyber risk-management plans to protect against nation-state threats.

These legislative efforts reflect a global trend toward enhancing the security and privacy of IoT devices, addressing the challenges posed by their integration into daily life. Today, web-enabled televisions, household appliances, security systems, and thermostats can be remotely controlled via smartphones. Business-related services (e.g., air conditioning, security systems, vending machines) can be monitored and managed by third parties. So, these connected services should be properly managed since they can create vulnerabilities in network security. Our law firm brings years of knowledge and experience to the latest issues. As the ever-changing technologies provide new and remarkable claims, which try out the limits of traditional laws, our clients return to us for advocacy.