Imagine that you’ve just woken up in the morning. As you check your phone, the dimmable smart bulbs in your bedroom gradually increase in brightness. You ask your Echo Dot for the day’s weather and traffic information. Your commute looks unusually light today, so you get out of bed and grab your Fitbit for a quick jog. Although you may not realize it, you’ve just used four different IoT devices before you’ve even left the house!
In this article, we’re going to explain the concept of IoT and explore how these devices might impact litigation and eDiscovery. Let’s get started!
What is IoT?
The internet of things (IoT) is the name given to the connections between the internet and your smart devices. Items such as smartphones, smartwatches, the Amazon Echo, home thermostats, and live-feed doorbell cameras are all considered part of the IoT. While each of these objects performs a different function, they are all capable of transmitting data without human-to-human or human-to-computer interaction. As the public embraces this technology, the legal industry must determine how the resulting data should be handled during litigation.
The Evolution of IoT & the Law
Requesting data from IoT devices will spark privacy concerns due to the methods used for information transmission. Most IoT devices constantly and automatically transmit personal information over unencrypted channels. While the user may have consented to share their data with the manufacturer of an IoT device – they likely have not given permission to distribute that information to a third party.
Unlike familiar technologies, such as email, it can also be genuinely difficult to determine how to access IoT data. Some companies may balk at discovery requests on principle, but others simply do not have the infrastructure to process and review the requested information. In circumstances where the data is available, the justice system must determine whether it is protected by the Fourth Amendment.
In the United States v. Katz, the Supreme Court ruled that Fourth Amendment protections only apply “when a person has both a subjective expectation of privacy and that expectation is one that society recognizes as reasonable.” For example, a computer user may have a legitimate expectation of privacy in the content of email communications. This standard effectively gives the government broad powers to access IoT data, while failing to clarify how it should be handled in civil cases. As the industry moves forward, legal professionals will need to develop standard practices for handling IoT data while adhering to proportionality standards.
Thanks for reading! If you enjoyed this article, let us know on social media! Please don’t hesitate to contact us with any questions or concerns. At First Legal, we’re here for you from File Thru Trial™!