Manufacturers are building software and connectivity into your car, your oven and even your sex toys. As they do, devices that were once considered assets, boring or intensely private are falling under a different set of rules and regulations than before. Product manufacturing has a long line of regulatory and legal decisions designed to ensure the use of safe materials, reliable designs and rules governing how and when a product recall happens.
But now that we’re adding sensors and grabbing data, that world of consumer (and even manufacturing) protections isn’t enough. Now there are gaps for privacy, warranties for software and even security.
Those gaps are starting to show. For example, last year Tesla made headlines when it included a section preventing buyers of the cars from using the autonomous driving features in the service of a ridesharing service such as Lyft or Uber. The rule was disclosed in a note to drivers about an autonomous car driving update.
Granted, the note was about preventing car owners from letting the car itself pick up passengers while in autonomous mode, and is still theoretical at this point. However, it surprised Tesla owners who may not have realized buying the car meant they could only use its autonomous mode to make money for a potential Tesla ridesharing service.
Or take the case this week of Sonos updating its terms of service to gather more data from users ahead of building out integrations with smart home products like the Amazon Echo. Sonos changed some of its privacy practices to ensure it could gather certain data from its connected speakers. Users could opt out, but it meant that in the future their Sonos devices, which could have been purchased years ago, may one day “cease to function.”
Sonos customers are outraged. The idea that a company could break a device that you purchased years before simply by updating its terms of service was not something consumers have ever considered.
And therein lies the problem. At this moment, we’re turning our hardware into a platform for software and services, but we still have a mindset that because we own a physical object, we own the functionality associated with it.The Tesla and Sonos examples expose the gaps emerging around privacy (users don’t want to share their speaker data) and ownership rights (users buying a Tesla should be able to use it how they want and consumers buying a speaker expect it to work until the parts fail).
Wrapped up in these debates over the ownership models associated with connected devices (read here about the challenges associated with the right to repair John Deere tractors) is a regulatory regime that has let the tech industry off the hook when it comes to the basics of consumer protection. Under the guise of protecting innovation, the U.S. has failed to pass rules around user privacy, require basic security measures and or hold programmers liable for poorly written code.
A final challenge is that as the fights play out, they may play out behind the scenes as opposed to in public courtrooms. An appeals court last week declared that the arbitration clause found in Uber’s lengthy terms of service was valid. The judge wrotein his opinion that while not many consumers may read a lengthy set of terms and conditions on a smartphone “that is the choice the user makes …”
As someone who has downloaded an app to work a connected oven, a connected car and a connected scale can attest, it’s an irrational choice to read the terms and conditions associated with every connected device purchased. I often have to take about 40 minutes to scan through them despite being familiar with the legal phrases used.
Second, these are documents I read after I have purchased the device. If I find them offensive, I have to return the product. I could face a restocking fee or even have to call a company that delivered a connected car or washing machine to have the item returned.
Right now, the deck is stacked against the consumer in the tech world. As it invades the analog world, it’s looking increasingly likely the deck may be stacked against consumers there.
However, Joseph Jerome, policy counsel on the privacy and data team at the Center for Democracy and Technology, says he’s optimistic. He agrees that there are gaps in consumer protections that we’re going to encounter as we embrace the internet of things, but he also believes that consumers can make their voices heard. “Consumers are loud enough and vocal enough they can make things happen,” Jerome says.
He points to privacy efforts such as the General Data Protection Regulation (GDPR) in Europe as an example of what types of privacy rules we could aim for in the U.S. He’s also encouraged by some of the actions the Federal Trade Commission is taking when it comes to offering suggestions for manufacturers and through its actions against companies that treat consumers callously.
I am too, but I’d like to see a similar level of innovation in safeguarding privacy and consumer rights as I see in the efforts to build new devices and business models in the IoT.