It has been written by Sanskriti Koul, a third-year law student of Asian Law College, Noida

INTRODUCTION: The Internet of Things (IoT) is a network of devices which is embedded with software, connectivity and sensors; which allows them to exchange and collect data with other devices with the help of internet. Internet of thing (IoT) devices is also known as connected machines. Some of the examples of IoT devices are responsive television, fridges, connected speakers etc. Internet of things has changed the way we work and live. The early 2000s saw the arrival of IoT technology (otherwise known as the Internet of Things) and it has since hit the major leagues, giving rise to smart fridges, wearable devices, and connected vehicles. In fact, by the year 2008, the number of connected devices in existence had exceeded the number of people living on the planet. The rapid growth of IoT has also introduced various of challenges which are related to security.

LEGAL CHALLENGES:

• Data Privacy and Protection: Internet of things (IoT) devices lack the important security measures to avert data breaches. IoT devices transmit and collect vast amount of sensitive and personal data. Because of which concern regarding privacy arises. Improper IoT security can led towards botnet attacks, reputational damage, device hijacking, data breaches, network issues, financial problems, etc.

• Data Ownership: Data ownership is a very complicated issue because IoT devices can collect and store information about people. IoT devices often gather sensitive information about users, such as their location, health data, and financial information, rendering this data susceptible to hacking and other cyber threats. Even without breaches, there is a persistent risk of data being misused or shared without the user’s consent. Difficulty in authenticating users, lack of encryption, misuse and sharing are some problems which are related to data ownership.

• Security: High volume of problems are discovered regularly in IoT systems. Because of which security challenges are arising. Lack of visibility, open source code vulnerabilities, limited security integration, weak passwords, overwhelming data volume, poor testing, etc are some security issues in IoT systems. IoT and security requirements can only be accomplished with an integrated solution that delivers visibility, segmentation, and protection throughout the entire network infrastructure.

• Jurisdiction: Jurisdiction is the most crucial problem which emerge between the device producers and clients. Devices can be situated in many areas and in few cases outside the regional limits of a country. Therefore it is very important for the device producers to review the laws of the country where they are going to sell their devices to prevent problems like borderless data flow, data sovereignty and jurisdictional conflicts.

• Product Liability and Consumer Protection: Product liability is a complex issue in IoT. The product liability is a region of law wherein makers, wholesalers, providers, retailers, and other people who make items accessible to general society are considered liable for the sufferings those items cause to property and or bodily injury. The rule of strict liability is being used by Courts for the cases of product liability. Because the rule of strict liability is very consumer friendly. There are various of laws in India for the protection of consumers against product liability like the Consumer Protection Act, 1986, the Legal Metrology Act, 2009.

CASE STUDIES:

The Owlet WiFi Baby Heart Monitor Case, 2016- The Owlet WiFi Baby Heart Monitor, is a device which is used to keep an eye on the health of babies, got some complex safety concerns. A security expert, Jonathan Zdziarski, looked into how the monitor worked and found some worrying issues. He discovered that the way the monitor talks to its base station over WiFi wasn’t secure at all. This means that someone nearby could potentially peek into the data being sent, or even mess with the monitor’s functions.

Mirai Botnet Case- The Mirai botnet attack of 2016 was a massive cyber-attack that affected millions of devices connected to the Internet of Things (IoT). The attack was done by a malware named mirai. IoT devices were targeted by this malware to transform devices into bots, which could be used for DDoS (Distributed Denial of Service) attacks.

CONCLUSION: It is expected that IoT will gonna dominate our future. IoT devices can anticipate what we need or require to make our life easier. The more we will depend on IoT the risks towards our privacy and security will increase. And it is very important to address the legal challenges related to IoT. Government, consumers and businesses should work together against legal challenges of IoT. By developing industry-led standards, promoting international cooperation, and harmonizing regulation; we can establish a secure Internet of Things (IoT) environment.

References:

1.   PLUME GROUP, https://www.plumegroup.com/blog/iot-internet-of-things-and-the-legal-issues-ahead
2. CXOtoday News Desk, https://cxotoday.com/specials/data-ownership-and-privacy-in-the-iot-era-empowering-consumers-in-the-digital-world/#:~:text=IoT%20devices%20often%20gather%20sensitive,shared%20without%20the%20user’s%20consent

3. FORTINET, https://www.fortinet.com/resources/cyberglossary/iot-security

4. Shreya Malhotra, Application and legal challenges of the Internet of Things, IPLEADERS (Nov 23, 2020) https://blog.ipleaders.in/application-legal-challenges-internet-things/

5. Terry Dunlap, The 5 Worst Examples of IoT Hacking and Vulnerabilities in Recorded History, IOT FOR ALL (June 20, 2020) https://www.iotforall.com/5-worst-iot-hacking-vulnerabilities

6. MEDIUM https://medium.com/@d21dcs151/a-case-study-on-mirai-botnet-attack-of-2016-4b66630e6508