< Back

Share |

There's spam in my fridge!

The 'Internet of Things' (IoT) was first coined as a concept around 1999, finally entering the Oxford Dictionary in 2013. Few would have predicted where it would take us.

February 2014

We would be missing a major hyperbole opportunity if we didn't include a few facts and figures:

  • according to Cisco, during 2008, the number of devices connected to the internet exceeded the number of people on Earth for the first time.  By the end of 2011, twenty typical households were already generating more internet traffic than the entire internet in 2008;
  • according to The Chartered Institute for IT, there are around 200 connectable devices per person on the planet today and it is estimated that by 2020, 50 billion devices will be connected to the internet (predictions vary on this figure, but let's just say all the numbers are big);  
  • Google's acquisition of the connected home technology company Nest for US$3.2billion, was its second largest ever acquisition (after Motorola);
  • a Dutch company has pioneered wireless sensors in cattle so that when one is pregnant, or ill, it sends a message to the farmer; and 
  • the BBC reported this month that a fridge has been discovered sending spam emails after a web attack.  It was one of more than 100,000 devices used in a spam campaign.

Impact on industry

GlobeSo what does all this mean for the global economy and which sectors will benefit most?  The economic benefits will touch all sectors of industry but key areas for growth certainly include:

  • smarter transportation – the most profound changes are likely to be seen in the area of logistics, for example, commuters will be able to make decisions on routes and where to park based on information their cars receive from road sensors.  There are other potential benefits though with Toyota already testing cars that talk to each other to reduce the risk of accidents;
  • smarter energy  - by 2020, it is predicted that over 60% of connected devices will be related to monitoring or delivering energy;
  • smarter manufacturing  - including real time inventory systems and pre-emptive maintenance of machines to name two benefits alone;
  • smarter payments - using NFC (near field communication) and other technology in devices;
  • smarter homes - with connected technology monitoring and controlling lighting, security systems, temperature, humidity, energy consumption, domestic appliances, watering systems, and so on; and
  • smarter healthcare - remote patient monitoring in the US is predicted to save an average of US$12,000 per patient and significantly reduce hospital-acquired diseases.


To put in context where we are today and what tomorrow may bring, it is worth looking at the evolution of the IoT:

  • In the early days we used the internet to identify objects by their static position: Google Earth and other mapping technologies were born.
  • Next we started identifying and tracking objects that move: RFID technology came to the retail and supply chain.
  • After that we enabled objects that move to tell us where they are via the internet: Apple and other brands meant we never had an excuse for losing our phones (or car keys) again.
  • Then, we enabled objects to communicate with each other: plants were able to be connected to irrigation systems and decide when to water themselves.
  • Now objects can not only talk to each other, they can communicate with the internet and make smart decisions based on information they receive (whether from a person or from another object). There are many examples of this but the most commonly quoted - perhaps trite – example, is a fridge that can work out what food its owner needs and order it for them.

Legal issues

MalletSo what are the legal issues?  The most striking and commented on are the risks posed to security and privacy by hackers being able to access and control devices and arising from people's personal data being processed by multiple devices with the potential for unauthorised access. For more on this, read our article on Privacy by design and also see our Global Data Hub's featured topic on wearable tech and privacy.

Data privacy and security are by no means the only legal issues thrown into focus by the IoT.  Others include:

  • Access to bandwidth: This technological transformation is unlikely to come without a cost - 50 billion devices connected to the internet are going to need an awful lot of bandwidth and whilst connection speeds are exactly what make the IoT a practical possibility today, at some point in the future, it is entirely possible demand will outstrip supply.  This is where the issue of net neutrality (i.e. the principle that Internet Service Providers and governments should treat all data on the internet equally) becomes critical.   If net neutrality isn't protected by law, will we see some businesses being able to buy space in priority fast lanes on the internet superhighway and causing traffic jams for others?   Legislation enshrining the principle of net neutrality into law has been proposed by the European Commission in order to stop this from happening.  The right to offer tiered services is, however, unlikely to be ruled out, provided any traffic management is transparent to users and that premium speed content does not affect the speed of ordinary traffic.  In the US, a court recently decided that rules preserving net neutrality were invalid, opening the door to a two tier internet (although this is likely to go to appeal). 
    In the same way that some people argue toll roads price regular drivers off the roads, will the connectivity pressure brought about by a truly connected world prejudice some internet users or will laws develop to rule this out? There is a long way to go in this debate at both a domestic and global level and there are other possible technological solutions to the problem. See our article on Connecting the Internet of Things for more on this.
  • Liability:  People increasingly rely on machines to communicate with each other to automate or semi-automate elements of everyday life and industrial process but what happens when the machines get it wrong?  Who's liable?  A simple case of someone providing a machine that does not behave as it should may be clear cut (the provider would be liable, probably under the contract of supply). However, where machines are not 'provided' under contracts, and are accessible by internet users generally (a good example might be traffic management technology which may be provided by local government or funded by a private organisation) the situation will be less clear.  The greatest risk may come from health devices, as (under English law) it is not lawful to limit liability for personal injury or death caused by negligence.
  • Ownership: Who owns what when devices interact with each other and collect vast amounts of data?  It's not always as straightforward as you might think to decide who owns the technology on which the IoT is founded.  It can be even trickier to sort out ownership of data.  For more on this, read our other articles this month covering patent issues and data ownership.
  • Automated contracts:  What about when machines buy and sell from each other?  Let's take a look at that fridge…

    ContractLet's assume I have programmed my fridge with my preferences, my credit card data and my account details for my favourite online supermarket. My fridge then orders my first shop for me. What terms apply to that order? In the UK, a contract is formed when person A makes an offer to another person, B, which B accepts without qualification. This is called offer and acceptance and forms the basis of English contract law. When I make an online order for food myself, my act of checking out is the offer, which is accepted by the supermarket's systems. It has long been recognised that an automated response of this kind can form a contract and so, presumably, it will also become widely accepted that the request by my fridge to its counterpart system in the supermarket will amount to an offer made on my behalf which can then be accepted by the supermarket. So if machines can make contracts, who needs lawyers?

    What about those nice consumer laws that protect me? In the UK, consumers are protected by various laws but the set that applies specifically to internet sales (or at least to sales that are remote where there is no face to face contact) are known as the Distance Selling laws. These laws require, among other things, the relevant seller to provide and communicate clearly to the buyer: the terms on which the sale is to be made; a cooling off period of 7 days (to be extended to 14 under forthcoming laws); and a follow up of certain written information once the contract is made. Will my fridge be able to understand its rights to cool off? The reality is that communication will still need to take place directly between the seller and me, probably via email, to satisfy these laws.

    Another issue is user profiling: if the IoT is to reach the potential some predict then the delivery sector will become so ultimately efficient that micro deliveries will be possible, enabling customers to order a replacement product whenever it runs out and not as part of a traditional "weekly shop". My supermarket will know exactly when I run out of something meaning they will know a lot more about my diet and preferences than they currently do. This might enable them to profile me for various reasons – perhaps to offer me competing brands, or, in relation to an affiliated health insurance business, to tailor the insurance products offered to me based on my diet and health profile. Use of personal data for user profiling already falls within the general requirements of the Data Protection Act 1998, however, under the proposed new EC Regulation users are likely to be given the right to object to such profiling.

    Lastly, what if my fridge breaks and starts placing orders I don't want, or, worse, can't afford. Apple has recently agreed to refund US$32m to US parents whose children overspent on in-app purchases. Will Tesco have similar sympathy for the owners of naughty devices? Contractually this would probably come down to my having given authority for my fridge to place orders, and having failed to apply spending controls or other measures to avoid surprises. Of course that won't be much comfort as I unpack a lorry load of broccoli florets.

Whilst these are perhaps somewhat playful questions to pose given the backdrop of far more weighty issues brought to bear by the changes we are going to see in the connected world over the next few years, they serve as examples of some of the legal areas that may develop quickly to address the challenges posed by the IoT.

Question markAll that said, as sure as the fact that Daleks can't climb stairs, every futuristic vision has its practical limitations and my recent purchase of a connected device illustrates this nicely. I am the proud owner of a shiny, German-made coffee machine that boasts SIM-based connectivity allowing me to remotely message it from my smartphone to tell it start to prepare a latte or other coffee of my choosing. This is all very well but legal issues aside, I will only be happy when those clever Germans come up with a solution to the fact that I still have to rush downstairs (phone in hand) and make sure there is a cup under the machine's spout to avoid the milk and coffee flooding my kitchen.

If you have any questions on this article please contact us.

Button on keyboard
Graham Hann

Graham Hann considers the main legal (and some practical) issues with the ever expanding Internet of Things.

"If machines can make contracts, who needs lawyers?"

"Data privacy and security are by no means the only legal issues thrown into focus by the IoT."