E-Discovery Issues Arising from the Internet of Things
Total Page:16
File Type:pdf, Size:1020Kb
E-Discovery Issues Arising from the Internet of Things H. Michael O’Brien Wilson Elser Moskowitz Edelman & Dicker LLP 1133 Westchester Ave. White Plains, New York 10604 (914) 872-7234 Michael.O’[email protected] H. Michael O’Brien is co-chair of Wilson Elser’s product liability practice and leads the firm’s “Internet of Things” (IoT) aspects of its information governance practice. With more than 30 years of experience in product liability defense, Mer. O’Brien focuses on representing U.S. and Asia-based manufacturers and distributors as national counsel in litigation, pre-suit investigations and class actions. He also advises clients on reporting obligations to the U.S. Consumer Product Safety Commission and counsels them on voluntary recall issues. E-Discovery Issues Arising from the Internet of Things Table of Contents I. Introduction ...................................................................................................................................................5 II. The Internet of Things: The Inevitable Collision with Product Liability ....................................................5 A. The Internet of Things: The Inevitable Collision with Product Liability—Part 1 ..............................5 1. What Is the Internet of Things? ......................................................................................................5 2. Primary Market Forces ...................................................................................................................5 3. Security Concerns ...........................................................................................................................6 4. The Impact on Product Liability ....................................................................................................7 5. Liability and Consequences............................................................................................................7 B. The Internet of Things and the Inevitable Collision with Product Liability Part 2: One Step Closer.......................................................................................................................................8 1. Other Threats Identified .................................................................................................................9 2. Supply Chain Considerations .......................................................................................................10 3. Lack of Standards ..........................................................................................................................11 C. The Internet of Things and the Inevitable Collision with Product Liability Part 3: Initial Contact .......................................................................................................................................12 1. Some Takeaway Considerations ...................................................................................................12 D. The Internet of Things and the Inevitable Collision with Product Liability Part 4: Government Oversight .........................................................................................................................13 1. Red Flags for Datamining.............................................................................................................13 2. Report to the President .................................................................................................................14 3. Government Action versus Self-Regulation ................................................................................14 4. The End Game ...............................................................................................................................15 E. The Internet of Things and the Inevitable Collision with Product Liability Part 5: Security and the Industrial Internet Consortium ..............................................................................15 1. Key Drivers ....................................................................................................................................16 2. Health Care and the IoT ...............................................................................................................16 3. Encryption .....................................................................................................................................17 E. Infrastructure: OT versus IT ................................................................................................................17 1. Convergence ..................................................................................................................................17 III. The Internet of Things: The Cyber Vulnerability Landscape Emerges .....................................................18 E-Discovery Issues Arising from the Internet of Things ■ O'Brien ■ 3 E-Discovery Issues Arising from the Internet of Things I. Introduction The following articles will serve as background for this session. II. The Internet of Things: The Inevitable Collision with Product Liability Originally published in Wilson Elser’s Product Liability Advocate in five parts. A. The Internet of Things: The Inevitable Collision with Product Liability— Part 1 Part 1: The IoT – Internet of Things – is undergoing a rapid development that will continue to trans- form how we interact, conduct business and live our lives. The movement toward IoT’s ubiquitous application and use does not come without risk and, while some of the consequences can be easily predicted, many will not be fully understood for some time to come. One area that will be impacted is product liability. The advent of smart devices will have far-reaching consequences for manufacturers and software developers to tech service companies, insurers and, most cer- tainly, consumers. The U.S. Federal Trade Commission (FTC) issued a report in January 2015 that highlights and forecasts these very concerns. The FTC report noted security concerns for consumers using IoT devices, such as enabling unau- thorized access and misuse of personal identification, facilitating attacks on other systems and creating safety risks. It was noted that while these risks exist on traditional computers and computer networks, they are heightened in the IoT. 1. What Is the Internet of Things? The IoT has been identified as the third wave of the Internet. Various estimates and predictions sug- gest that as many as five billion devices are connected to the Internet and there will be 25 billion more within five years. The revenue stream from the IoT is expected to exceed $300 billion. The IoT enables devices to connect to the Internet via embedded sensors built into the devices. These embedded sensors send environmental and activity information to data storage centers that in turn allow ana- lytic engines to provide feedback and control. The IoT has transformed everyday devices into smart devices connecting consumer objects and industrial equipment to the Internet, enabling information gathering and management of these devices via software to increase efficiency, enable new services, or achieve other health, safety and environmental benefits. A 2014 Goldman Sachs report identified five key IoT areas of adaption: wearables (e.g., smart bands), connected cars, connected homes, connected cities and industrial Internet (including transportation, oil & gas and health care). 2. Primary Market Forces The report identified primary market forces driving the growth of IoT, including low-cost enablers such as cheaper sensors, bandwidth and processing; smartphones and ubiquitous wireless coverage; the value proposition from revenue generation by new product cycles; and productivity and cost savings. E-Discovery Issues Arising from the Internet of Things ■ O'Brien ■ 5 More than 900 exhibitors showcased IoT technologies for the home, cars, security systems and kitchen appliances at the 2015 Consumer Electronics Show. Each day new products and services for businesses and the home are becoming IoT-connected. For the home, the primary reasons are twofold: • With IoT connectivity, the potential for energy savings derives from using IoT products during off-peak energy periods. This application already exists in many central heating and air-condi- tioning applications. Other opportunities for the programmable use of appliances include wash- ers, dryers and dishwashers in off-peak time. • The second benefit is in the area of tech services, performing a diagnostic from a remote location and either correcting the problem remotely or dispatching the service tech who will know what the problem is in advance. 3. Security Concerns The proliferation of applications for IoT devices is raising concerns with respect to the security of these devices and the purposes for which personal data collected will be used. The use of IoT technol- ogy therefore introduces a new layer of risk for these products, which raises concerns about privacy and the potential for outside interference by individuals or groups with nefarious motives. Could the vulnerability of IoT devices and products actually encourage such attacks against consum- ers? The answer is probably yes. A study released by Hewlett-Packard in 2014 found 70 percent of IoT devices are vulnerable to attack. The vulnerabilities identified in the report include password security, encryption and general lack of granular user access. In 2014, the German government’s federal office for information security (the BSI) released details of an