Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday August 16 2018, @06:43AM   Printer-friendly
from the trying-to-avoid-skynet? dept.

David Rosenthal has written a blog post on how end users may be affected by tort law. Specifically, he discusses two points in The Internet of Torts raised by Rebecca Crootof:

  • Introducing the Internet of Torts, in which she describes "how IoT devices empower companies at the expense of consumers and how extant law shields industry from liability."
  • Accountability for the Internet of Torts, in which she discusses "how new products liability law and fiduciary duties could be used to rectify this new power imbalance and ensure that IoT companies are held accountable for the harms they foreseeably cause."

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2) by PiMuNu on Thursday August 16 2018, @10:09AM (8 children)

    by PiMuNu (3823) on Thursday August 16 2018, @10:09AM (#722109)

    I don't see how an IoT device is different from another service however. The assertion is that because there is a piece of kit attached (car, pacemaker, etc) the potential for issues is greater. Is that really true?

    • (Score: 3, Interesting) by Immerman on Thursday August 16 2018, @01:36PM (2 children)

      by Immerman (3985) on Thursday August 16 2018, @01:36PM (#722169)

      Absolutely, for a number of reasons - in order of increasing (immediate) severity:
      - the piece of kit gives a attackers an always-on physical foothold on your network, and usually have very poor security, making an easy "beachhead" for attackers to further compromise your network.
      - the hardware will quite often include some kind of sensors - giving the controlling company and any attackers an avenue to spy on various aspects of your real-world life.
      - the hardware controls physical devices, meaning that attackers can control them as well. For doors, that's an obvious physical security problem. For pacemakers that's an obvious survival problem. For other devices, the risks may be more subtle.

      • (Score: 2) by PiMuNu on Thursday August 16 2018, @03:06PM (1 child)

        by PiMuNu (3823) on Thursday August 16 2018, @03:06PM (#722219)

        The first two arguments apply to almost all existing domestic PCs and phones. The difference is the 3rd i.e. the "control of physical devices".

        In the article, I think that the point is different though to the one you make. The point is that if the contract that services your e.g. door lock is terminated, you can be locked in or out of your own home; or alternately your door lock can become unlocked. This can lead to serious safety issues. Also, in effect it gives the service provider leverage to say "pay up on the service contract or you lose your house" which is unfair - you aren't renting a house, you are just renting a lock (at some level the law is about fairness after all).

        • (Score: 2) by Immerman on Saturday August 18 2018, @09:09PM

          by Immerman (3985) on Saturday August 18 2018, @09:09PM (#723184)

          My understanding is that most IoT devices are FAR less secure than your average PC. Scary as that concept may be.

          Ah, yes, that's also a big danger of IoT devices.

          >at some level the law is about fairness after all
          Maybe once upon a time. Maybe. It seems to me the law, once it grew beyond simple rules of obedience, was concerned with "Justice", at least insofar as it was necessary to provide satisfaction via an uninvolved 3rd party to break the cycle of revenge, and it's socially destabilizing effects. But these days we go so far as to distinguish between justice systems and legal systems - and unfortunately our legal system in the U.S. is far more concerned with who can influence politicians most effectively than whether there's anything fair about the laws or the punishments for breaking them.

    • (Score: 2) by JoeMerchant on Thursday August 16 2018, @01:55PM (1 child)

      by JoeMerchant (3937) on Thursday August 16 2018, @01:55PM (#722176)

      Because of this, IoT devices are only controlling "playtime" things at my home, like landscape lighting and other stuff I really don't care if it malfunctions.

      They're not getting near door locks, garage door openers, my cars, etc. I wish I could keep IoT out of my voice communication devices, but that's just not possible in today's world.

      I suppose I'm still "at risk" of snooping in my network, and becoming part of an evil bot-net, but so far that doesn't appear to have happened.

      --
      🌻🌻 [google.com]
      • (Score: 1, Funny) by Anonymous Coward on Thursday August 16 2018, @08:47PM

        by Anonymous Coward on Thursday August 16 2018, @08:47PM (#722502)

        Giving money to companies that make proprietary software is just aiding them in their evil. Don't do that.

    • (Score: 2) by sjames on Thursday August 16 2018, @06:10PM (2 children)

      by sjames (2882) on Thursday August 16 2018, @06:10PM (#722388) Journal

      RTFA again! The problem is that IoT turns products, including durable goods, into services.

      IoT offers the corporation that sold it to you the ability to enforce contract terms no court of law would ever enforce.

      Consider, you have a nice IoT thermostat. But it has some annoying quirks that you talk about in a review. So the manufacturer can just say "nad review? Looks like you're gonna sweat profusely until that review comes down!".

      No court of law would ever support a repossession because of a bad review. They certainly wouldn't allow them to enter your house to perform a repossession over a bad review. Knowing that, the company would have to back down. But not anymore. Now, with a mouse click they can literally sweat you until you cooperate.

      In the past, if you didn't pay your electric bill, it cost real money for the power company to roll a truck to go turn off your power. Because of that, they would rather accept your late payment and call it even. But if you have an IoT smart meter, your power goes off promptly at midnight.

      Leaving the theoretical, that exact sort of thing has already happened with cars. I won't elaborate there since TFA already covered it (do follow the links in TFA for details).

      In short, the natural friction provided by circumstance and reality limited just how draconian a corporate contract could afford to be, but those limits and the protection they provided are now gone. Your payment is late and so now you can't even drive to work (where you would have gotten your paycheck that would have let you make the car payment, but now you're fired instead and you may not even be at home).

      Of course, there's the case of Amazon reposessing copies of Orwell's works on the Kindle even though the buyers paid in full.

      • (Score: 2) by hendrikboom on Thursday August 16 2018, @06:43PM (1 child)

        by hendrikboom (1125) Subscriber Badge on Thursday August 16 2018, @06:43PM (#722419) Homepage Journal

        Amazon did refund the purchase price for those Orwell books.

        But I still decided to continue buying epub only, and not using a Kindle. It's not really about the money, after all.

        One guy, working on his thesis, had made extensive notes on his Kindle version of those books. When Amazon repossessed the books he was in serious trouble.

        Had he worked from a paper, non-IoT copy, Amazon would at least have had to get some kind of official, contestable order to repossess the books.

        • (Score: 0) by Anonymous Coward on Friday August 17 2018, @02:10AM

          by Anonymous Coward on Friday August 17 2018, @02:10AM (#722647)

          > One guy, working on his thesis, had made extensive notes on his Kindle version of those books. When Amazon repossessed the books he was in serious trouble.

          If the student was working without a local backup, then I have trouble feeling too sorry for him.

          Those who live by unbacked up data, die by unbacked up data. (paraphrased from a smart friend--when he first said this in the 1980s he s/data/hard-drive)

  • (Score: 1, Interesting) by Anonymous Coward on Thursday August 16 2018, @01:22PM (4 children)

    by Anonymous Coward on Thursday August 16 2018, @01:22PM (#722161)

    15. Disclaimer of Warranty.

    THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

    16. Limitation of Liability.

    IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

    • (Score: 2) by PiMuNu on Thursday August 16 2018, @03:10PM (2 children)

      by PiMuNu (3823) on Thursday August 16 2018, @03:10PM (#722223)

      It is a good point BUT there is no coercive force either. You cannot charge for GPL products, only for support of said products (for which the liability is not waived).

      • (Score: 1, Informative) by Anonymous Coward on Thursday August 16 2018, @03:18PM (1 child)

        by Anonymous Coward on Thursday August 16 2018, @03:18PM (#722231)

        The GPL does not say you can't charge for the GPL device. You can certainly charge someone for GPL software or devices with GPL firmware, you just are obligated to supply the source code when asked.

        • (Score: 2) by PiMuNu on Thursday August 16 2018, @03:48PM

          by PiMuNu (3823) on Thursday August 16 2018, @03:48PM (#722262)

          My bad, you are of course correct.

          My point was that it is possible for a sufficiently skilled person to build from source. On reflection I retract that as most people are not sufficiently skilled, so in the case of consumer devices that is not an option for the majority of users.

          I was commenting in another thread regarding the implications of hardware (IoT) vs software. That is relevant here but I won't reproduce the thread.

    • (Score: 2) by darkfeline on Thursday August 16 2018, @06:59PM

      by darkfeline (1030) on Thursday August 16 2018, @06:59PM (#722424) Homepage

      That's fine though, because you must provide the source code, so the end user is able to, if they so choose, modify the code and/or host their own version of the service. They may also distribute their change, for example a critical bug fix.

      This empowers the end user and makes the end user not dependent on the service provider.

      However, if the product and service are proprietary, then the user becomes wholly dependent on the service provider, and thus there SHOULD be a warranty and service contract.

      --
      Join the SDF Public Access UNIX System today!
(1)