Law Blog Categories


Privacy and Smart Devices

Published on : 14 Dec 2020

Autonomous Machine Testimony

Smart objects have taken over our homes, workplaces and communities, and over the coming decades, the volume of legally admissible data from these devices is likely to be more. The new culture is to have voice-activated technology as digital assistants, smart appliances, and personal wearable devices. 

Lawyers may have to represent clients in cases dealing with evidence, witnesses, or contracts, all relying on immutable digital proof such as time-stamped video and audio recordings. The lawyers may need to specialize in addressing the data issues concerning the domains such as digital twins and personas, surveillance capitalism and digital privacy rights. A pivotal step is getting this information admitted as evidence. Firms need to start building expertise around the admissibility and verifiability of data collected by smart technology-enabled devices.

The Smart Home is the Nest of the Internet of Things

Network and internet-connected devices, also referred to as the Internet of Things (IoT) are creating a nervous system within what has been traditionally recognized to be the most private of spaces: the home. Fundamentally, the IoT is a system to gather and assimilate immense quantities of information that amount to private surveillance of the user's activities, preferences, and habits in his own home. This information is to optimize the function of the given object.

The first Internet of Things privacy study, a joint academic collaboration between Northeastern University and Imperial College London, examined the data-sharing activities of 81 different "smart" devices that are omnipresent today in people's homes. These included immensely popular consumer products produced by tech giants, including smart TVs, smart audio speakers and video doorbells. The teams of researchers (one in the US and one in the UK) conducted 34,586 experiments to quantify exactly much data these devices were collecting, storing and sharing.

The researchers' findings were staggering, 72 of the 81 IoT devices shared data with third-parties completely independent of the original manufacturer. Furthermore, the data that these devices transmitted went far beyond rudimentary information about the physical device being used. It included the IP addresses, specifications of the device and configurations, usage habits, and location. 

Today's economy is a surveillance economy – one that is dead set on acquiring "behavioral surplus", or the digital data generated as a by-product of human interaction with a wide variety of devices. These include, but are not limited to cell-phones, self-tracking devices, social media interfaces, and smart home devices anticipated to be a $27 billion market by 2021. As the number of devices generating digital records of usage grows exponentially, and as their records of usage tracks, not just communications but also movement, domestic habits, and even sleep patterns, this behavioral surplus can yield an elaborate account of human behavior.           

The most familiar example may be that of the location-tracking component of cell phones. Cell phones transmit a rich, comprehensive account of individuals' movements in time and space which can be monetized. So tenacious is this feature that even when location-tracking apps are switched off, and SIM cards are removed from the device, some phones continue to collect location material by enabling triangulation via local cell towers, and generating distinctive "mobility signatures."

Inside the home, digital assistants such as Siri and Alexa are capable of recording and transmitting ambient conversations; more insidiously, the development of lidar sensors, which would map both movement and behavior, is reported to be underway. 'My Friend Cayla' is an interactive toy that captures conversations between the doll and its children users, and then proceeds to transmit those conversations to the manufacturer for further uses.

The Privacy Issues inherent to these Smart Devices 

Other studies support the notion that any device connected to the Internet can be used as ad tracking devices. What really raises IoT privacy issues is how that device-divulged information and data is being employed. If it were used for personalization and customization, then that would have been understandable to a degree. For instance, information about which devices are being used to watch Netflix's streaming content might help them to optimize the quality of their streams.

However, IoT privacy experts have suggested that actual personal data "leaking" from home is being harnessed to construct sophisticated profiles of users, based on their usage habits. It is even more troubling, from a privacy perspective, that some of this data involves personally identifiable information such as exact geolocation data, social media data, and unique device information. All of this data can easily coalesce in order to deduce the identity of the user; this very data falls into a goldmine for advertisers, who strive to learn as much as they can about users so that they can optimize the relevance of the ads they issue. 

The 'Testimony' these devices issue

In March 2018, Facebook disclosed that the political consultancy, Cambridge Analytica had accessed the personal data through improper means of up to 87 million Facebook users. What was worse, Facebook failed to notify its users of the colossal breach until long after it learned about it. It received a whopping USD 5 billion sanctions from the Federal Trade Commission for its privacy failures, along with a USD 100 million fine from the US Securities Exchange Commission. 

Despite this, their privacy practices remain amorphous. To illustrate the same, some terms in the Supplemental Portal Data Policy of the 2019-released Portal smart display can be studied.

The Data Policy states that when portal's camera and microphone are on, Facebook collects camera and audio information, although it states that it does not listen to, view the contents or keep any video or audio calls on the portal.

The Data Policy further elucidates upon how this information is shared, stating that they may also share voice interactions with third-parties where we have a good faith belief that the law requires us to do so. It also states that, when independent apps, services, or integrations are used on Portal, Facebook shares information with them about the Portal device, the device name, IP address, zip code, and other information to help them provide the requested services. 

The terms of service agreements like the aforementioned one are blatantly ambiguous and bear great privacy flaws. However, a lot of consumers have rationalized that the trade-offs are worth it; while privacy may be a concern, at the end of the day, convenience reigns supreme. The promise of enhanced conveniences, as well as the reduction in household costs, is a big overriding factor that explains why consumers continue to purchase and use these devices despite privacy risks.

Having said that, when a security breach happens, the impacts are borne by device owners and wider society, and more often than not, the makers of these devices are indemnified. The regulatory oversight that privacy breaches invite and the privacy infrastructure of different jurisdictions will be explored below.

Digital Privacy in the US

In 2017, 143 million American consumers' personal information was exposed in a data breach at Equifax; in 2013, 3 billion Yahoo accounts were affected by an attack; in 2016, Deep Root Analytics accidentally leaked personal details of nearly 200 million American voters; in 2016, hackers stole the personal data of about 57 million customers and drivers from Uber Technologies Inc. Despite these record-shattering data breaches and inadequate data-protection practices, only piecemeal legislative responses have been produced at the federal level. While most Western countries have already adopted comprehensive legal protections for personal data, the United States, home to some of the most advanced tech and data companies in the world is possessive of only a patchwork of sector-specific laws and regulations that utterly fail to adequately protect data. 

The American Fourth Amendment

The Fourth Amendment of the US Constitution declares inviolate "the right of the people to be secure in their persons, houses, papers and effects." It protects against unreasonable government intrusions by establishing a certain right to privacy enforceable by the individual as against the world.

The essence of the Fourth Amendment is clearly to restrain unwarranted government action against the individual: it is the expression of the framers' intent to secure the American people from intrusion by the state, in the form of unreasonable search and seizure. However, the Court does not properly recognize how the Fourth Amendment protects digital privacy; virtual access by law enforcement threatens the security of citizens in their houses.

To know more about Autonomous Machine Testimony Click here 



Related Articles

Related Publication

  • Company Formation in Luxembourg