The Internet of Things (“IoT”) is here, and we seem to be going all in. We are trying to put a microchip in nearly every object that is not nailed down and even a few that are. Soon, your cars, toasters, toys, and even your underwear will be wired up to make your lives better. The general thought seems to be that “Internet connectivity makes good objects great.” While the IoT might be incredibly useful, we should proceed carefully. Objects are not necessarily better simply because they are connected to the Internet. Often, the Internet can make objects worse and users worse-off. Digital technologies can be hacked. Each new camera, microphone, and sensor adds another vector for attack and another point of surveillance in our everyday lives. The problem is that privacy and data security law have failed to recognize some “things” are more dangerous than others as part of the IoT. Some objects, like coffee pots and dolls, can last long after the standard life-cycle of software. Meanwhile cheap, disposable objects, like baby wipes, might not be worth outfitting with the most secure hardware and software. Yet they all are part of the network. This essay argues that the nature of the “thing” in the IoT should play a more prominent role in privacy and data security law. The decision to wire up an object should be coupled with responsibilities to make sure its users are protected. Only then, can we trust the Internet of Heirlooms and Disposable Things.
Download the paper from SSRN.