Careers

Experiences

Industries

Offices

Our Firm

Pages

Our People

Updates

Practices

Warner Norcross + Judd LLP is a corporate law firm with over 230 attorneys serving clients in nine offices throughout Michigan. Among the largest law firms in Michigan, Warner works in virtually all areas of business law.

Michigan Law Firm - Warner Norcross + Judd LLP

Last week I wrote about the&nbsp;incredibly lax privacy protections used&nbsp;in most&nbsp;Internet of Things (IoT) devices, and how vulnerable they are to hacking. Users are&nbsp;allowing more and more of their health, commercial, and other data to be stored in IoT devices, and the potential of the data being hacked into and misused is&nbsp;ever-present.

contentpilot/introduction

A closely related, but distinct, concern is the data about us in these devices that we <em>don't</em> choose to put there--in other words, the capacity of IoT devices to collect information about us surreptiously.

core/paragraph

Virtually everyone in Western society is already generally aware that CCTV security cameras are watching us more or less everywhere we go in public spaces. From the grocery store to the gas station to the workplace to the stoplight, business owners and law enforcement are monitoring. What fewer people realize is just how interconnected many of those cameras already are. &nbsp;Although they aren't quite the Panopticon portrayed in many action-adventure movies and TV shows--capable of tracking down anyone, anywhere, in real time, from a single control center--the video feeds from many of these cameras are, in fact, accessible through internet-connected networks.

And if something is online, it can be hacked. It should come as little surprise that the mesh video networks run by municipalities, airports, and other public authorities often do not employ strong privacy protection, but even I was surprised to learn at last year's DefCon 22 just <a href="http://www.dailymotion.com/video/x2488ab_defcon-22-municipal-mesh-social-engineering-hackers-and-airplane-security-systems-hak5_tech" target="_blank" rel="noreferrer noopener">how easy this can be</a>. As a result, virtually anyone could be watching you through one of those public cameras.

Even the cameras we choose to set up can be made to spy on us when we don't want them to.&nbsp;In September 2013, the FTC took its first <a href="http://www.ftc.gov/news-events/press-releases/2013/09/marketer-internet-connected-home-security-video-cameras-settles" target="_blank" rel="noreferrer noopener">enforcement action</a> related to IOT-collected information. <a href="https://www.trendnet.com/?todo=home" target="_blank" rel="noreferrer noopener">TRENDnet</a>, a company that markets video cameras designed to allow consumers to monitor their homes remotely settled FTC charges that its lax security practices exposed the private lives of hundreds of consumers to public viewing online. According to the FTC, TRENDnet marketed its numerous products as being “secure” when, in fact, the cameras had faulty software that left them open to online interception. The complaint further alleged that, in January 2012, a hacker exploited this flaw and made it public, and, eventually, hackers posted links to the live feeds of nearly 700 of the cameras. The feeds displayed babies asleep in their cribs, young children playing, and adults going about their daily lives. Once TRENDnet learned of this flaw, it uploaded a software patch to its website and sought to alert its customers of the need to visit the website to update their cameras.

The ability to track individuals through the IoT doesn't stop with the sense of sight, either. Once more people are using IoT-enabled&nbsp;infrastructure, they will end up leaving the equivalent of digital fingerprints everywhere they go. Digitizing our physical interactions will create a digital record of our movements and whereabouts that had never previously existed.

For advertisers and retailers, this will be a goldmine of information just like social media was before it–a brand-new trove of personal data that can be used to send out even more precisely targeted commercial solicitations. Without doubt, those providing IOT services will not only want to recognize who we are, but also to remember where we’ve been. And just like we do online now, many users will consent to their information being collected in this manner. The convenience factor will be huge. Just like I want my webmail service to remember who I am without having to re-type my password every time, so too will I want my clothing store to remember my size, my restaurant to remember my favorite meals, my grocery store to remember the location of my favorite items, and the news feeds that I’ll see projected everywhere to remember my favorite topics.

But others will be remembering that data as well. Thanks to Edward Snowden and the NSA, the world is already aware of how much information private companies and the government collect about our emails and other online interactions. Law enforcement already does all it can to track a suspect’s physical movements, whether through cellular towers, IP addresses, or GPS trackers. With a IoT devices everywhere pinging our phones with NFC &nbsp;or BLE-type-sensors,&nbsp;merely walking down the street will leave behind so much data about our physical location that it may well become possible to create precise maps of our every step going back hours, days, or even longer.

Augmented Legality

Emerging Media and Technologies

Partner

Brian D. Wassom

Information Technology Transactions

Top 5 Legal Issues in the Internet of Things, Part 2: Data Collection and Invasion of Privacy

Warner Norcross + Judd LLP is responsible for the contents of our advertising and this website. Please read our full <a href="/privacy-policy/" aria-label="see privacy policy">privacy policy</a> available on our website. If you have any questions or comments about our website or our Privacy Policy please contact us at <a href="mailto:info@wnj.com">info@wnj.com</a> or 616.752.2000. 

Top 5 Legal Issues in the Internet of Things, Part 2: Data Collection and Invasion of Privacy

professionals