'Tis the season. These days, you, like me, are probably bombarded by ads for IoT-based products like Google Home, Amazon's Echo and Alexa, Nest thermostats, smart locks and so on. These devices are interconnected and connected to their users – through the Internet and other IP-based networks. The Internet of Things has been around for years, and it goes far beyond the products mentioned above. It already connects billions of devices, and tens of billions more are on the way.
IoT presents incredible opportunities, but also creates new risks. We hear about cybersecurity and privacy concerns, but what about the impact of IoT on civil liability? If our devices can talk to each other and to us and can then function – and malfunction – without physical intervention by a human, who is liable when something goes wrong? The existing regimes for product liability, liability for negligence, and liability for injuries by inanimate objects / the autonomous acts of things were not developed with IoT in mind; but in the absence of specific laws and regulations, they will have to be adapted to respond.
Let's consider a few examples of how IoT-connected devices interact to understand how things can go wrong:
Certain devices, such as dishwashers, thermostats, lights, etc. can be purchased with a vendor-issued application/software that allows you to operate the device from a distance (e.g. Philips Hue LED smart bulbs). You download the software on your smartphone, connect to your device through the software, and voilà!
Other devices may not have vendor-issued software but are compatible with other devices and/or applications that you can purchase and that act as the requisite interface(s) (e.g. the tado° application and remotes can allow you to control your air-conditioning or heating devices).
Often, more than one application is involved in connecting you to your device or connecting devices. The applications communicate without your intervention. They each have their sources and their own terms and conditions with respect to liability.
Applications require updates, which in turn require user cooperation. An update, once installed, can disrupt communication between applications that could communicate before.
IoT communication requires a functioning network, but networks have their limitations and can be susceptible to failure, hacking, etc.
When an IoT-connected device causes damages, investigators will have to take into account the ways in which the device interacted and the actors involved in the chain of communication. They will have to sift through more evidence and more complex evidence than in a non-IoT matter. Preservation of evidence will involve parties that we might never previously have considered. IT expertise will likely be required.
Connecting everyday physical objects to the Internet is changing the way we live and do business. But for it to work, we will have to adapt our legal regimes of civil liability to a new reality, where complex liability issues are at stake.