116 B, Mittal Towers, Nariman Point, Mumbai, India

Abstract

The neoteric augmentation of technology, over the past few decades, has rendered everything and everyone a part of widely spread and deeply engrained set of networks. Interaction, being the primary basis for all possible technological developments, has transcended from the human interface into a host of other mediums, including inanimate objects. Finding its basis in this rapid surge of transfer of information, the Internet of Things (“IoT”) has emerged as a promising system. This concept builds and sustains a connection between any functioning device, through internet, constituting part of a larger network. Through assimilation and analysis of the data collected, the device or the object serves its intended purpose, at a higher efficiency. Due to the inherent complexity surrounding the functioning of IoT, the present article shall attempt to understand, in detail, what the concept further entails, its advantages, disadvantages, possible impact on the legal principles and development thereof.

Introduction To the Concept

IoT essentially stands for the merger of physical things with the erratic and ever-expanding world of internet connectivity. Every physical object, theoretically, has the ability of featuring a possible computer, with access to the internet, allowing these devices to generate, exchange and consume data with minimal human intervention It happens by the basis of being tagged, rendering the things smarter than things that are not. The distinction between things that feature computers being smarter than other run-of-the-mill objects is the ability to communicate or transfer data with/among other such similar things, seamlessly. This concept stands for revolutionising intelligent operations, advanced communication of devices/smart structures, and rendering services, basis their general magnitude. IoT, finding conception within this idea, therefore seeks to control and connect heterogenous objects, featuring ability to embed and process information, which spans everyday objects as well. Simply put, IoT is a network of physical objects (or "things") that are implanted with sensors, software, and other technologies in order to connect and exchange data with other devices and systems over the internet. Examples include smartwatches, mobile phones, devices, cars, toys, home appliances, medical instruments, cameras, etc, all connected, communicating and sharing information with others of their own type, basis stipulated protocols, in order to achieve smart reorganisation, monitoring, tracing and administration.

History of IoT

The term “IoT” was coined by Kevin Ashton in 1999, depicting how the vision for interconnected devices always existed, but it took more than a decade for the envisioned to eventuate. Although the general idea of instilling basic objects with intelligence originated in the 1990’s, lack of technology and resources made the progression of this idea extremely slow. Processors were expensive and chips needed to be smaller to enable the devices to be interconnected for the whole idea to be viable and cost effective. It was only after the introduction of RFID (Radio Frequency Identification) tags and increase in availability and access to wireless networks along with espousal of IPv6 (Internet Protocol version 6) which ensures sufficient generation of IP addresses for all devices across the board, that the implementation of this idea saw the light of day.

Industry Application

In reference to the Radio Frequency Identification (or “RFID”) gadgets, IoT has recently gained traction, with the expansion and development of the technology, making it one of the more heavily relied ideas for maximum consumer convenience, in times to come. Ideally, IoT supports and represents a situation where every plain and commonly used object is connected to the internet via a sensor, forming part of a larger network of things, which can communicate with each other to suit the user’s preferences. Building on this, IoT has evolved to proliferate in almost all segments of life. Some examples of which include but are not limited to:

  1. Retail Industry Data analysis and marketing are aligned by IoT platforms in the retail industry enabling retailers to receive real time data and understand the general pattern and preferences that subsist in the market.
  2. Manufacturing The phases of Industrial Internet of Things are connected by the IoT platform for a hawk-eye view of the entire process. Advanced IoT sensors in manufacturing plant machines or distribution centre racks, alongside data analytics and prescient displaying, can forestall deformities and downtime, augment hardware execution or performance, cut guarantee costs, support production yield and improve the over-all client experience.
  3. Healthcare and Medical Services Devices which monitor sleep, exercise and other health habits provide real time data which is captured by the IoT technology. The data so captured aids and assists in a more detailed and accurate diagnosis of individuals which in turn results in provision of better and more streamlined treatment plans. The aim is to secure patient safety and yield better outcomes.
  4. Transportation and Logistics Geo-tracking and location intelligence along with Artificial Intelligence (AI) provides more accuracy, reliability and time efficiency, which enables logistic and transportation companies to reduce their costs by real time tracking of all their connected vehicles and other assets.
  5. Government Real world day to day issues like traffic, economic development, public safety, security and engagement of citizens etc are all addressed in a better and more streamlined manner using the IoT technology.

ENABLING TECHNOLOGIES

Due to the sheer magnitude of IoT, it is clearly a global structure for the information technology discipline, enabled by various forms of services which render connectivity to the objects themselves. With the basis being internet, the wireless sensor networks, 2G/3G/4G/5G, GSM, GPRS, RFID, Wi-Fi, GPS, microcontroller, microprocessor, cloud computing, machine learning etc. are a few examples of enabling technologies that allow the application of IoT on such a large scale. These enabling technologies, for the purpose of IoT, function on three levels: acquisition of contextual information, processing of said information and privacy and security thereof. Therefore, the IoT cannot be termed a singular technology, but a mixture of hardware and software technology.

Benefits Of IoT

Basis the understanding above, the IoT has the following and very practically advantageous characteristics:

  1. Ensures Interconnectivity and Services from things- From a very basic understanding, it is easily decipherable that the foundational idea behind IoT is the necessity of forming a globally connected information and communication infrastructure, for ease of access.
  2. Effective Service of Things- The interaction and amalgamation of physical and technological mediums in implementation thereof, allows for effective service rendering. By being part of a common communication channel, facilitated by easy data exchange, the objects ensure maximum efficiency in output.
  3. Automation, Control and Monitoring- Since the objects in use are connected and controlled through a digital medium, basis wireless infrastructure being the internet, the automation and control involved in the process is substantial, facilitated by machine-to-machine (or “M2M”) communication, without any semblance of human intervention. This also ensures faster and timely execution. Additionally, the system herein works on the basis of monitoring the input to ascertain best possible mode of execution and improvement with every subsequent instance. Includes sufficient possibility of self-learning as well, overall ensuring technology optimization.
  4. Improved Customer Engagement- IoT provides a cutting edge to the usual analytics present in various consumer objects with flawed accuracy, by ensuring an increased engagement with the users.
  5. Overall Benefits- Apart from the primary objective of ensuring efficiency in time, effort and use of resources in all disciplines wherein employed, IoT’s principle advantage is the enablement of effective and relevant communication between an infinite number of machines incorporated into a large-scale network. The enhanced data collection involved therein consequently poses as the basis of higher throughput, energy efficiency and reduction in waste.

Benefits of IoT can be understood through a practical example: Say, an alarm clock, which plans the time a person wakes up and prompts the shower well in advance, in order for it to be ready by the time said person steps in to freshen up. Additionally, the alarm could also control and time the coffee machine and the car, that by the time the person is ready to go to work, the coffee is ready, and the car is prepared to undertake the journey. In turn, the office lights could be controlled by the car, that while the person is 5 minutes closer to office, the room is heated well in time for the person to start the day. All the above- mentioned benefits are highlighted in the present example.

Subsisting Issues

While IoT presents itself as one of the most promising systems, as seen above, in the coming times, it comes with its own set of issues.

  1. Possibly Compromised Security- Since IoT functions on the creation of a digitally formulated and network-supported ecosystem, involving perpetually connected and communicating devices, the system is devoid of any specific security standard, apart from the one inbuilt within the individual object and its framework. This renders the users and consumers susceptible to all forms of breaches and threats. An example of occurrence of such a breach or threat could be the potential real-world consequences that would occur in the event anything was to go wrong with these devices, in the form of cyber warfare, the repercussions could be catastrophic. The interconnected devices could end up being used for spying on individuals in different countries or to control and cause negative impact on infrastructure of a nation, like dams, roadways, bridges etc.
  2. Heterogeneity of Structure- IoT system involves the interconnectivity between numerous objects, which function on and are enabled by their own network axis. However, in order to be connected, there is no uniformity of enabling networks, which also poses insurmountable issues with respect to complex accessibility, deployment, maintenance and function. The lack of flexibility within network systems restricts easy integration.
  3. Compromise on User Privacy- With the IoT system allowing detailed receipt and processing of large quantities of user data without active participation, albeit to ensure personalised output, there arise multiple doubts on the safeguards laid in place for user data privacy.
  4. Complex Compliance- Logically, considering that IoT involves a massive extent of data processing and retention, there is an impending necessity for regulatory compliance, which is imperative for implementation of said system within any commercial setting. However, the complexity of the system itself makes any semblance of compliance extremely challenging.

Legal Perspective

Having identified the basic idea behind IoT system and its functioning, it is necessary to be aware of its legal implications. The seeming gap between legislative and technological development is not an alien idea, however, the fundamental challenges present within the IoT framework can still be sufficiently covered within the existing legal structure.

  1. Information Technology Laws: Specifically in India, the existing legislations governing the IoT system are limited, being Information Technology Act, 2000 (“the IT Act”) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (or “the IT Rules”). Basis these, any application and implementation of IoT system would involve serious questions as to the privacy and data security. Ideally, as per the IT Law principles for sensitive personal information, explicit consent of the user is required to be taken, in order to ensure establishment of proper legal compliance in place. Although for objects with proper and readymade interface this might not be an issue, however, it deems slightly difficult in cases of more personalised IoT ecosystems present in ordinary user objects. To this extent, the IoT service provider must ensure precisely and properly drafted terms, conditions and documentation to regulate the same and avoid any possible breach under Section 72 of the IT Act, which provides for penalty for breach of confidentiality and privacy. Section 43A of the IT Act deals with the protection of data in electronic medium and states that whenever a corporate body possesses any sensitive personal data or information and is negligent in maintaining a reasonable security to protect such data, which causes wrongful loss or gain to any person, then such body corporate shall be liable to pay damages to the person(s) so affected. Further, Section 72 of the ITA, enunciates penalty for breach of the confidentiality and privacy of the data collected.
  2. Constitutional Laws:  Article 21 of the Indian Constitution confers the citizens of India with the right to privacy. Any interference with a person without their consent would amount to a violation of their fundamental right.
  3. Intellectual Property Laws: Further ahead, there may exist possible intellectual property law issues within the implementation of IoT systems. At the outset, the IoT ecosystems are possibly connected using standardised technology, which may be governed by Standard Essential Patents (or “SEPs”), making it difficult for smaller third party IoT manufacturers to implement or employ anything similar. A respite to this could be the implementation of Fair, Reasonable and Non- Discriminatory (or “FRAND”) terms. Additionally, the data created within the process of function of an IoT object, using its established system, may pose issues with respect to ownership of data, considering the large number of stakeholders involved in the process.
  4. Consumer Protection Laws: There also exist multiple issues with attribution of liability, with respect to data and the product itself. For lack of determination of ownership over data and due to the volume of information involved therein, the numerous stakeholders make the safekeeping slightly more complex than usual. Also, for the multiplicity of component involved in the IoT ecosystem, with each having distinct set of regulatory framework governing it, the determination of specific product liability is also quite difficult. However, the recent amendment to the Consumer Protection Law in India, which defines ‘product seller’ and attribution of product liability thereby, has improved matters significantly.To a certain extent, said definition attributes product liability to a certain extent upon the product seller or manufacturer, under certain clear circumstances, ensuring that the consumer is not rendered completely helpless, due to complexity.
  5. M2M Guidelines: , By use of the IoT device by a user, there is a possibility of entering into a M2M contract, by virtue of the requirements and command input. National Telecom (NT) Cell, the government body dealing with policy and regulatory aspects related to M2M communication, released a National Telecom M2M Roadmap in May 2015 to provide guidance to all the stakeholders to nurture M2M Communications. Further in 2018 DoT released a set of notification dated 16th May 2018 in order to implement restrictive features for SIM cards used only for M2M communication services and related KYC instructions.
  6. Draft IoT Policies: In 2015 MeitY came up with draft IoT policies to govern the entire space of smart connectivity and interoperability of data over the internet. The policy aimed to invigorate the creation and development of IoT based products primarily to cater to Indian needs of IoT. The major areas covered under the draft policy were agriculture, healthcare, water quality and natural disasters.
  7. Contracts Law: Including this, all the above issues may be dealt with by way of privity of e-contracts. It is, therefore, essential for the IoT developer to apprehend these issues and incorporate the same within an End User License Agreement (or “EULA”), which shall form a valid contract under the Indian Contract Act, 1872. Express provisions regarding and keeping in mind all possible legal issues, such as data privacy, ownership, security, etc., must be dealt with within the said contract

cases wherein iot devices solved the mystery:

  1. Fitness Tracker: In a very famous homicide case, according to the victim’s husband’s testimony, he was at home battling off an invader when his spouse returned from the gym at 9 a.m. The invader then murdered his wife, tied him up, and fled the property. The police raided the wife's fitness tracker. Its data showed that the wife was still moving around the house between 9:18 and 10:05 a.m., covering a distance of 1,217 feet. Following further evidence of the husband's extramarital affair and an attempt to cash in on the wife's life insurance policy, the husband was charged with murder. (Connecticut Murder Case)
  2. Smart Speaker (Alexa): In the landmark judgement of State of Arkansas v. James Bates (CR-2016-370 (Cir. Ct. Benton County, Arkansas), the case very much same as above, the court was able to track the murderer based on audio recording saved with the IoT servers of the smart speaker installed in the house.

Conclusion

IoT system has proved to be one of the most revolutionary technological developments of the 21st Century. The technological development has allowed the IoT environment to evolve at an unprecedented rate. However, the lack of awareness, legal inadequacy and sentience are major issues that still face and hinder the growth thereof. A convergent view of technology and law, keeping in mind the present impact of both on the society, are necessary to be assessed and in order to smoothen all possible challenges that exist or may arise in the future. However, it is clear that a new framework for a reasonable expectation of privacy is required considering recent technological advancements.