Here at Telefonica's Campus Party Europe tech festival in Berlin, this morning has seen some interesting sessions about privacy, with one in particular tackling the potential and risks of the internet of things.
We should already be having a widespread discussion about this subject, because the push is on, even if – as with the embedded sensors themselves – it's not visible to most people.
The talk that really grabbed me was by Joe Huser, an LA-based corporate attorney who tends to represent entrepreneurs that are trying to get their heads around the regulatory issues associated with the internet of things.
He ran through several scenarios that may or may not happen, as the world around us becomes subtly but pervasively connected — with each scenario relating to certain legal principles of data protection and privacy.
Without saying whether or not I agree with his analysis, I think it's worth looking at a few of his scenarios. It's easy to be both thrilled and scared by this stuff, but it's important that we realise this is what's happening, and give strong consideration to the consequences. This will affect all of us.
- The smart plane seat: Seats that can broadcast whether or not they're being sat on could be very useful to airlines, who want to know in real time whether they have spare capacity to sell at the very last minute. Huser linked this to the problem of a consumer's access to review and delete their data: "If you sit down and log into the computer screen in front of you and delete yourself as soon as you sit down, then that doesn't help the gate agent sell empty seats… Did you consent to the airline tracking your behaviour when you bought the ticket, or did you have to opt into the system? An opt-in system doesn't help the airline very much."
- Smart luggage: Luggage you can never lose, because it's being tracked. Again, opting in or out is the problem. "My guess is, for the first several years this luggage is available it will be the most expensive luggage on the market," Huser noted. "An argument could be that you are consenting because you had the choice to buy the old-school luggage [but] there will be a day when everyone can afford it and finding a suitcase without tracking will be difficult. Will it be on automatically? I think an opt-out regime would be better here."
- Smart pills: This is a great scenario to think through. A new breed of smart pill, with a tiny camera inside, can help diagnose bowel cancer. A woman goes to the doctor, takes the pill and checks the results when she's back at her work computer. In the US, employers have the right to monitor all email and internet use in the work environment. Does the employer get to know the diagnosis before the woman's partner does? According to Huser, the laws protecting employer's rights "would certainly have to change" to cover this sort of case.
- The smart bicycle for kids: Imagine a bike that can be tracked everywhere — like fleet management for two-wheelers. Great for parents, you might say, as they can keep an eye on where their children go. But imagine the pitfalls if that data falls into the wrong hands. In countries such as the US, the law gives stronger protection to the data produced by children, and Huser suggested that would likely extend to this type of sensor-equipped device.
- The shop that knows your worth: You walk into a high-end department store and your phone gives the management an indication of whether you're rich or not. Sounds fanciful now, and I don't fully get the mechanics behind this example, but look at the Orbitz case, where a travel site suggested pricier options to Mac users based on the assumption that they were more likely to be better off. Here, Huser noted the legal restrictions around the use of financial data, and said key factors would be the kind of consent the user gave, and the extent to which the data was personally identifying.
Some of these are pretty extreme or obscure cases, some not. The point is, the amount of data that we, our vehicles and our devices collect and generate is set to explode. What happens with that data may, in some cases, not fit with the laws we already have.
These are incredibly complex issues, and right now there are no easy answers. That's not to say regulators aren't trying to find them — in the summer of 2013, for example, the European Commission will propose new rules.
All of these uses of the internet of things have clear benefits, in terms of efficiency, health, even (in the case of smart car tracking, for example) the environment. But the flipside is risk. We shouldn't be too thrilled or scared — we should be practical and we should have our eyes open.
If we're going to get the best outcome, the internet of things needs to be the subject of a very broad and informed discussion. As soon as possible.