When Toasters Attack: A Polycentric Approach to Enhancing the ‘Security of Things’

Publication Type: 
Academic Writing
Publication Date: 
January 14, 2016

Scott Shackelford 

Indiana University - Kelley School of Business - Department of Business Law; Stanford Law School; Hoover Institution, Stanford University; Center for Applied Cybersecurity Research

Anjanette Raymond 

Indiana University - Kelley School of Business - Department of Business Law; Queen Mary University of London, School of Law; Indiana University Maurer School of Law

Rakshana Balakrishnan 

Indiana University Bloomington

Prakhar Dixit 

Indiana University Bloomington

Julianna Gjonaj 

Indiana University Bloomington

Rachith Kavi 

Indiana University Bloomington

January 14, 2016

University of Illinois Law Review, 2017, Forthcoming 

Kelley School of Business Research Paper No. 16-6


There is a great deal of buzz surrounding the Internet of Things, which is the notion, simply put, that nearly everything not currently connected to the Internet from gym shorts to streetlights soon will be. The rise of “smart products” such as Internet-enabled refrigerators and self-driving cars holds the promise to revolutionize business and society. From 2013 to 2020, Microsoft has estimated that the number of Internet-enabled devices is expected to increase from 11 to 50 billion. To substantiate the coming wave, Samsung recently announced that all of its products would be connected to the Internet by 2020. Yet there has been relatively little attention paid to how we should go about regulating this explosion in connected devices, and still less about how cybersecurity should be enhanced across them. This Article analyzes possible approaches to regulating the Internet of Things to enhance cybersecurity with a particular focus on the literature of polycentric governance as a vehicle to help marry together bottom-up and top-down regulatory modalities.
Download the paper from SSRN