Internet of Things and the Law: Legal Strategies for Smart Technologies
hmm um welcome everybody to the fifth session in this seminar series challenges for a cyber physical world I'm your host again Kaylene manueling and congratulations for making it so late in the year I know this is the time when you want to go to stuff but you either have to go to your Christmas parties or you have to finish all your work before you can go to your Christmas parties um or go on holiday so um but I don't think you'll be disappointed this is I've been um so excited to in a minute introduce our speaker for today but firstly I'd like to show my respects and knowledge the medical people who are the traditional custodians of the land on which I'm located today and to their Elders past and present and I would invite anybody who feels they would like to to do the same in the chat um I I would I am so excited to introduce Dr Guido nochella Diego who is a scholar whose own work I've been following for many years and has informed a lot of my own work um they are the associate professor of intellectual property and Privacy Law at the University of Stirling um at Sterling Dr Nola Diego leaves the IPM media law courses coordinates a fabulous research Network the Scottish law and Innovation Network um directs the just AI lab and is Deputy chair of the faculty's equity diversity and inclusion committee and also carries out reset to the Center for Research into information surveillance and privacy also called crisp um now also recently um a social Professor Diego has been um appointed as uh Global law professor at the school of law at the University of Connecticut he's also a fellow of the Nexus Center for internet Society um and the list goes on um uh Guido's main expertise is in the internet of things and I think he knows more about it than any other lawyer I know um but he also does work in artificial intelligence cloud computing Robotics and blockchain and most importantly their work is animated by the conviction that the law should be pivotal to socially just diverse and sustainable Technologies so I'm about to hand over to Guido um just to let you know that um what we'll do in terms of questions will there'll be a bit of time for questions and answers at the end but Guido has to leave dead on um 7 00 PM because he has to which is 8 A.M his time because he had to catch a train and um that questions will be through the chat which you can do anytime but we will leave the questions to the end and then I'll reflect the questions back to Guido um at the appropriate time but you can enter questions at any time in the chat um so over to Guido thank you thank you so much Killian uh I'm delighted to be here and I'm thankful obviously to you for organizing the unsw islands help for technology or innovation IE SSAT Australia for supporting um as well um I'm delighted and I'm sorry for all the very long list of things that I'm doing Etc uh I think the most important thing to say is that I am the European equivalent of Kalin uh because we are the iot people I think we are one of some of the iot people uh in the world that have been obsessed with the iot for a very long time I think we influenced each other uh in uh in many ways and hopefully we also influenced and learned uh from others um so this is my Australian uh book launch uh so I'm very very happy I had the UK book launched two or three days ago uh The Faculty of advocates in in Edinburgh and that went well so hopefully this is not going to be a a disaster um I suppose as a kind of our first uh thinking point is uh why does this talk has to do with uh Ukraine uh and tractors um well this is this was one of the things that really inspired me and and brought me to uh sort of to take a new Direction in uh in my research uh this is before the current uh War uh obviously uh in 2017 a number of of farmers Farmers around the world decided to embrace smartness they decided to um to buy new tractors smart tractors very cool tractors with uh cool displays and some cool software running in them Etc uh all of them produced by kind of the leading leader uh in the in the market that is called John Deere um and at some point uh well you know what happens with equipment like tractors very often is that they broke they break down uh that's not nothing kind of unusual uh what was unusual was that but when these Farmers tried to fix their own smart tractors they essentially they were sued by the manufacturer that that decided that independent repairs of uh their tractors would qualify as a form of copyright infringement because as I said there was a software running in the machine um and and attached to the software that was an end user license license agreement a contract that said that you can only repair uh the soft repair the software and therefore the tractor if you go to our authorized repairs and you know this was a big shock for uh for par for Farmers you know repairing your own tractor is part of your own identity uh it's just it's even more than property um so what they did was they essentially download they they hacked their own tractors using Ukrainian firmware uh so firmware that was developed by Ukrainian developers is developers in Ukraine technically speaking this solution is illegal uh so I wouldn't be authorized to publicly endorse it but I do think that as researchers as a researcher I I do find that particularly particularly fascinating and inspiring um so this is kind of a the starting point to get to thinking about the things that really excite me about about the book about the iot and uh and the law so I'm gonna in the remaining time I'm gonna um essentially give you um a sense of what I mean by iot why I think it's important uh to deal uh to deal with it I'm going to present some uh some of the consumer issues um in the iot there are many but obviously we don't have a lot a lot of time uh fortunately for you um and we're going to zoom in on some solutions to uh to the problem uh in particular the idea of the um of the commons uh there is no commonly accepted definition of of the iot uh Kalin uh you know has presented and put forward uh some uh some solutions some definitions of each objects and other other definitions I think there is you know for me it's not what I wanted to do was just to say this is what I mean by it I didn't want to say this is what everybody should Define the iot ads uh so for me I think uh so I tend I try not to refer to Smart devices as smart devices I refer to them as things uh but it's the same um so a thing is an inextricable is unescable mixture of Hardware software service digital contents and data has interconnectivity sensing and activating capabilities and interfaces the physical world um now you don't need to kind of remember all of it but I just want to kind of pick pick up a couple of points in this uh in this definition first physicality uh so the public discourse around Technologies is really dominated by uh intangible um you know AI NFD the metaverse etc etc it seems to be all about intangibles um whereas I think that there is so much more interesting stuff happening uh here in the physical world in the physical dimension of uh of innovation and the iot is about this you know it's it's about as a devices and systems that have a tangible uh tangible Dimension um obviously interconnectivity means that uh a thing will be connected to the internet but also talk to other things uh sensors I suppose it's what everybody's aware of when thinking about iot the idea you know of the different GPS and other sensors that are used to transform our physical reality in data flows essentially and actuators is maybe something that many people will not necessarily uh be aware of uh because their iot is not just about sense in the reality is also about using the data extracted from the reality to act on the physical world you know it can be something as you know something like a robot in a factory controlling some piece of Machinery or it could be just you saying you know Alexa what's the weather like uh or Alexa no maybe not Alexa Alexa turn on the lights so turn on the lights it's something that happens in the physical world thanks to uh thanks to sensors Etc um and lastly and I'm gonna shine a light on this in the next next slide this idea of an unethical mixture of Hardware software software service digital contents and data let's see what uh let's see in a second what I mean by um by that but let's keep that in mind so why is it important to to deal with it oh well because um essentially the iot is well past the hype this has happened I think without many people like maybe being aware of it realizing it the iot has happened because you know we have doubled the amount to Smart devices then we have people in the world uh iot Innovation grows nearly eight times faster than other uh than all other Technologies um the iot generates turnovers that are higher than a smaller and and some developing States um and uh you know so so that's a big deal it's happening it's it's really economically important societally important as we'll see uh in a second and I'm particularly look at uh although not exclusively smart home because my home is that most profitable segment and the market leader is Amazon which makes it for a very fun uh thing to do to take a case study approach that focuses on obviously on Amazon um so going back to this this idea of um you know of rematerialization of this mixture between Hardware software service and um and data uh as lawyers we've been sort of struggling and and reflecting for I think over um a century now uh about how do we how do we use laws that were designed for the tangible world uh how do we apply them to the intangible world uh so you know laws around for example uh products how can they COPE in the context of software that's that's one of the things that you know we've been doing for a long time now um Etc now what what's interesting the iot is the opposite is that uh things that used to be intangible like software service data digital contents become tangible because become embedded in a physical in a physical device in this sense we can say that small devices are non-binary or we could say queer because they challenge the existing binaries between good and Service Hardware and software personal and personal line of lines security cyber security Etc all the binaries upon which the law is nowadays uh built and that's you know what I call the challenges you know of the of rematerialization here uh so what the problem that we need to solve is how do laws that rely on the tangible intangible dichotomy cope with a cyber physical uh reality uh and it is a huge challenge that I try to kind of respond to uh very practically through with the book uh this is the table of contents I try to take a problem based approach sometimes I fail sometimes I succeed uh but uh like like alien and others I I don't want to start with law in abstract and then see you know what problems are in the law I want to see what problems we have in society and how the law can try and uh and and resolve them uh and in particular I I consider um in terms of finding Solutions in the law and I try to find them in particular uh in regulation uh kind of public enforcement and private enforcement uh in kind of a consumer contract law uh but also product liability and fair commercial practices um data protection Trade Secrets uh patents competition and competition law these are the main kind of bodies that I kind of focus uh and where I find they kind of try and find the solutions to to to some of the problems that I'm going to present uh in uh in a second uh I know I don't want to be I think people say here a Negative Nancy but I find it a bit sexist so uh I don't want to be negative uh about things so I do recognize that uh the iot uh has some benefits I think the classic example is that if you have a driverless car then you can free up your time because you can read the newspaper while uh the car is driving itself um but I'm not I'm not gonna kind of go into into that a lot of lobbies of the iot already do that for me so there is no reason for me to do that I'm gonna just briefly say something about uh the consumer issues in the iot um today I'm gonna present and four of them I don't know why only three are underlined in this light but they are uh the contractual Quagmire the iot Commerce private ordering by breaking and the death of ownership uh whereas I won't have time to go into the in what I call the intern to lose uh cyborg vulnerability and the internet to personalize things so if these are things that you are interested in maybe you can ask some uh questions uh at the end um so first we can start with the contractual Quagmire um you know if you think about what happens essentially when you ask Alexa uh you know Alexa what's the weather like uh you cannot necessarily predict or Imagine That by doing so you are triggering 246 contracts um you are entering a number of terms of use terms of service privacy policy and user license agreement other are kind of guidelines usage user drills warranties licenses etc etc but simply by interacting with a very simple smart devices you are entering into a web of contracts a contractual uh Quagmire uh these contracts are incredibly hard to find I spent weeks and weeks and weeks to try and find them all I still don't think I found them all I'm sure there are some more out there and this is annoying because there is the legal section on the Amazon website so you should be able to find them all there instead only nine out of 246 are there um it's not just about being hard to find it's also about what are these contracts about you know what what do they cover it's really hard to understand because it's you know there is the Amazon device terms that uh you know in theory should be about the hardware in in reality it's about the software then they tend to Define what's service in 1000 different times sometimes a product is part of a service sometimes it's not it's really it's really difficult to understand what's the scope of these we can call them contracts uh I think depending on the jurisdictions many of them or some of them will not qualify technically speak in this contract so I will call them legals um I think it's a more it's more accurate um and then the other problem is that as lawyers it's particularly present is that often uh the contractual party is unidentified so we we don't know who who's this contract with who is behind uh behind the contract uh and that makes it very hard to for example bring a legal action against them if we don't know who they are um and often the problem is that Amazon refers to the concept of Affiliates and we know that the construction party is an affiliate but we don't know who they are because nobody tells us who the Affiliates are there is no official kind of map of these Affiliates and still to this they don't know who they are um they're also very difficult to read illegible one may say because you need a university level uh education to be able to start to understand them and I would say even with a PhD in law uh I struggle to understand them and if we just consider not all up to 146 contracts but only the 24 core legals so only those that are really more important for you uh it take it would take you 20 hours to read them they are 457 pages long so as long as a Harry Potter book so every time you say you know Alexa tell me a joke you should be reading a you know a Harry Potter long uh document with all the legals so that's obviously a a problem how do we resolve it um I mean there are many ways for example um public enforcement is one of the things to uh to consider um the con in the UK the competition markets Authority uh a couple of years ago decided to intervene in the field of cloud contracts and asked um Amazon and other providers of cloud to uh to change their contracts to make them uh fair for example one of the points was that you cannot simply uh change uh change the contracts and change the service without uh telling consumers without letting letting them leave the service if they want to it's and and other aspects So based on uh on sort of those uh that intervention of the competition markets Authority I analyzed uh not only that contract that was changed but also all the other contracts if we go back again it's not just one contract it's 246 so or the competition markets Authority intervenes only with regard to the Amazon Drive terms um that you can see at the top of this pyramid but the other contracts were remained the same with the same unfair uh terms in them so I analyzed then the contracts where there is some sort of economic Advantage direct economic Advantage for Amazon for example in the case of prime because obviously with prime you pay a subscription so there is the incentive of money for uh for the company but then there are the majority of services that are actually in theory for free because you're paying with your personal uh data and what I found was that Amazon Drive the one that was changed as a result of the competition markets Authority inquiry was the only actually Fair contract uh Prime terms device terms the contractor were connected to paid for services they were less Fair than Amazon drive but still quite uh still quite unfair and that's that's because there was the money as an incentive when only personal data the prospect of personal data is uh the incentive like Alexa terms conditions of use then the contracts are really really quite unfair um now so moving on to the second uh the second issue in the uh that I want to present briefly today um in this is the issue of iot Commerce where where e-commerce meets essentially the iot uh so we you know imagine you enter into uh into your kitchen and all of the devices uh in your kitchen some with screens some without without screen some with there are boys controlled some that are controlled with your movement uh all of them are connected and potentially ready for you to give them orders to buy something uh so it's gonna increasingly happen that you're you're gonna buy something without even realizing it because you don't know exactly which of your devices you are interacting with if you're just you know giving orders with a blink of an eye in this I am influenced by the work of our friend Eliza uh Eliza make the problem in legal terms well there are a number of problems here in legal terms one of them is that uh in the EU but I can imagine that in Australia you have similar rules uh you have to provide certain information uh before the contract is uh is concluded and how can you provide uh and particular this information has to be legible how can you provide legible information in a context where there is no uh where there is no interface there is no display for example it's only the voice for example uh it's or it's your Smartwatch or it's so small that you cannot even read it one solution could be legal design and so the idea of in what I call interface can continuity so if the way what I put forward is that if the way that you're interacting with that device is the voice then the the device should provide information with the same interface so so through uh through sound so hi I'm your Amazon Echo I'm brought to you by Amazon EU sarl for example um obviously this would require changes uh in the law uh because the law is still very much text based focus on this concept of of legibility the third con the third issue in the in the iot is private order Dream by breaking and in this I'm influenced by Natasha tusikov it was introduced to me actually by uh Kalin the concept of private ordering is something I've been obsessed with for a very uh for a very long time essentially when we went to to law school or when we started studying law I think at least in my case what they taught me was that law was only you know the Constitution the statutes um maybe you know maybe maybe case law and even that wasn't so sure that it was actual law whereas uh the more you study the iot the more you realize that the law is also the law that is unilaterally imposed by private law makers by uh iot companies themselves uh you know through design through uh terms and conditions through private practices iot companies take advantage of legal gaps and of the slowness of the lawmaking process to impose their own rules so this is the concept of private ordering one of the manifestations of private ordering is this idea of breaking that Natasha has been uh has been working on um I don't know if if you're all familiar with the concept of break-in um it's essentially the idea that even after an iot Company sell you a smart device they retain control all over it you know through uh through end user license agreements through contracts through control over the software um Etc and this this remote control over the device post sale uh means that the manufacturer can downgrade your uh your device can remotely delete some content uh discontinued software updates determine the things uh lifespan Etc I mean the the famous case obviously is uh the deletion of Orwell's 1984 eBooks from uh users Kindle uh Kindles some years ago you know some people bought you know 1984 they wanted to read it on their on their Kindles and that some one day they woke up and in 1984 disappeared because apparently Amazon had decided that there was but because somebody had alleged some copyright infringement um and and that was quite shocking for uh for most people and now we live in a reality where everything can become like like that Kindle everything every day you can wake up and your uh smart um your smart watch uh is bricked it doesn't work anymore it's been deactivated uh remotely uh breaking includes uh planned obsolescence um so you know the fact that uh smart smart manufacturer can decide to uh to terminate your your um your device before it's natural uh sort of end uh so so this brings me to think again about Solutions um the the most famous solution to the problem plant obsolescence is the so-called right to repair uh which I think is also a big big discussion uh in uh in Australia maybe maybe Kailyn you can confirm it with me later um in the UK they we introduced uh the the Eco design regulations in 2021 um that in theory they were sort of welcomed as and as providing the right to repair obviously they don't do that they only provide an obligation to make available spare parts and they don't apply to the most important of smart devices like smartphones so obviously immediately it was said that the UK's writer repair already needs repairing so the right to repair doesn't seem uh necessarily a good solution not uh yet and in general I would say a write-based approach is not a necessarily a clever solution to the problems of the uh of the iot maybe it's something we can unpack during uh through the Q a um and very I'm just gonna skip over over this because I can see that we don't have a lot of time left there are a number of different solutions to the problem um you know there is low reform there is the solutions by Design uh ethics I'm not interested in any of them I think all of them have uh intrinsic problems I'm not saying that we don't need them I think we do need them as part of the solution but as what I call tactics rather than strategies so these are all tactics but they will never resolve the problems if we don't have a more strategic approach and I think a more strategic approach approach comes from the idea of the commons um we'll see in a second what uh what I mean comments as applied to the iot I don't because I don't know exactly who is in the room I'm gonna say something very basic about the commons uh to introduce them um just in case somebody maybe is not aware of them um the the idea of the commons is traditionally associated with um with some sort of physical resources that can benefit uh a collectivity uh or a society more generally like forestries Fisheries underwater resources Etc um and whereas in recent years we we've had the recognition that our Commons is not necessarily physical it can be also intangible like knowledge as a Commons information as a common data data Commons Creative Commons digital Commons even internet has been presented as as a Commons uh one of the sort of key tenets of of this is that you know if I share an idea with with you then at the end we both are going to have an idea you're not the fact that you now have an idea is not taking it anything away from me so share in the context of the comments is something that increases value it doesn't decrease uh it doesn't decrease value um within the context of new technologies the relationship between the commons and new technology is an ambiguous relationship uh what's usually uh the case is that new technologies uh make the commons more vulnerable because to put it in hastinostrums words uh because of their ability to capture the previously uncapturable new technologies uh help you for think about um digital Rights Management uh and all the new forms of digital Rights Management that that we have but I'm not in the not so interested in that that's that's true and that's obvious what I'm more interested in is how actually new technologies in particular the iot can play a positive role in the robustness in making the comments more uh robust so the there are two meanings of the commons uh at least in my mind when we talk about new technologies in particular the iot one meaning is the idea of Open Access um so obviously uh free uh Libre uh open sir open source software open data Etc and this is not going to be uh the focus of my talk um just because there is so much more research on on that so I do need to go into that but I think I have some interesting ideas on that so if if it's something that excites you we can definitely discuss it uh during during the Q a um what I'm more interested in is the second meaning of the commons is the idea of the commons as a place for Collective resistance uh a Commons where a place where uh the society and groups can regain control over uh over tangible and intangible resources to subvert the status quo um and the classic example is the illegal occupations of theaters that had been abandoned by you know for example the city council or the legal occupations or parks that have been sold to private developers Etc again I'm going to skip the idea of the the commons as Open Access but uh if you're interested in it um we can discuss it later the only thing to keep in mind is that precisely because the iot is a mixture of an inescurable inextricable mixture of Hardware software and all the other elements if we want to have an open iot we need to open all of these elements uh so we need to obviously to have free and open source software uh open data open Hardware both Open Standards and open platforms um but let's focus on the idea of Commons as a place for Collective um resistance um I would say for me here probably the starting point is marks um marks in a way uh unveils well criticizes lock lock we as lawyers we use it especially as as teachers of law we use it a lot to explain why property exists and and by extension why intellectual property exists essentially you have a property exists because people work and by work in they produce value and therefore they have a right over the the outcome of that of that labor that's kind of the simple explanation of that and it's tenets according to lock is that individuals who fail to produce value have no claim to uh to property Marx and masks the location fiction what Marx shows is that in the 18th century Factory labor is collectively organized so if there are any property right sides that follow from labor these rights have to be Collective rights so the property should be Collective uh collectivized rather than being um individual so in a way uh what what really inspires me here is to think about to think about us as Citizens and consumers of iot devices uh it's us we are producing value we are producing value through our data uh it's not the iot company that is producing uh value if we accept that what's really valuable in the iot is mostly uh it's mostly data so in a way we are on unwitting uh and unaware workers of the new uh of the new era and as such we should have Collective rights over data and over the iot more generally now as I said traditionally the commons as a place for Collective resistance was conceived you know you know around physical resources so occupational Parks whereas we haven't seen so far the occupation of the iot or the occupation of the internet um and and for me the iot in this way provides really an unprecedented opportunity to extend the conflict from the physical world to the Cyber physical world because now you know thinking about rematerialization that I mentioned at the beginning now that those intangible resources have a tangible expression maybe this is going to inspire people to really uh to really fight for these things fight for the iot uh how do we fight there are many different ways I'm not going to mention um all of them um I mean one a classic example of collective resistance is a unionizing um and we've seen it in Italy for example where the largest and most important Trade union brought a successful action against the liberal showing that their algorithm uh was uh discriminatory uh but we've seen we know that in the US there are for example a lot of issues around unionizing especially in the Tech Community but we've seen the tech Clash uh or you know Google Google workers walking out uh organizing um you know organizing against their employers uh because they didn't want their Technologies to be used for example in uh in War contexts uh more you know we've seen other things are like things like strategic litigation class actions um or Works done by consumer groups uh but I'm more interested in community-led projects like the open iot certification Mark uh or aribada Arduino open Tech Etc and even more interesting for me uh are the nearly 2000 iot focused meetups around the world with well over 1 million and five 500 000 members many of them in the global South and in a lot of them in the southeast of Asia the groups of people that we after we meet to discuss uh and to see and to create a vision for uh for the iot I think that's where the solution uh really uh relies especially if we find sustainable ways to uh to to organize collectively and one of the things that we we've seen obviously is the the rise of data cooperativism um so and and this sort of brings brings us back to um to the right to repair not as a solution because I said right focused approach approaches that don't excite me but as a movement a lot of uh not-for-profit groups bottom up community-led groups are organized around the world to claim their right to repair their own devices and this really really is exciting I know we don't have a lot of time left so I'm just gonna say one last uh one last thing that is what what's really important is understanding that the only way that we can win this uh fight you know of you know collectively organizing to fix the iot is through alliances new alliances that maybe we're Unthinkable uh some some time ago and in this I'm inspired by the father of critical race Theory uh Derek Bell and the idea of Interest convergence you only win the fight when the interest of many different people and groups align and and that's what we're starting starting to see now for example with uh Amnesty International was you know traditionally focused on things like torture and now they've created you know amnesty Tech so the idea that you cannot fight for human rights if you don't fight uh you know for better technology or which means often against big Tech but it goes obviously Beyond uh beyond that and or the fact that last just last week uh it was the alliance for universal digital Rights was created and who created it two women-led uh women-led groups like equality now and women leading in AI uh so groups that were maybe focused on on gender now uh they go much uh you know much Beyond it so to conclude uh you know there has been a lot of work on kind of to warn people of the risks of the iot probably surveillance capitalism is the most uh known work but I think it's important to understand that it's it's not about just about previously in data protection that are really important but it's not just about that it's all it's about all of our fundamental uh rights even even more that more than that it's it's about our identity tactically there are a number of things that we can do to to fix the iot public and private enforcement law reform legal design human computer interaction a lot of different very cool things strategic litigation strategically um I think it's much more interesting to think about the commons not only as the place for you know open source and Open Access which is really good a really important uh but crucially the place for uh Collective resistance and and in in a way I do think that iot does create this unprecedented opportunity to extend the conflict from the physical to the Cyber physical world and to do that we need to find and create new alliances to to sort of occupy the iot and ultimately fix it thank you
2023-01-16 14:45