The Internet of Me, Us, It, and Those

By Paul Rosenzweig, The George Washington University Law School

Tim Sparapani, writing in Forbes magazine, postulates that the Internet of Things really comprises of four distinct groups of enabled products. He calls them the Internet of Me, the Internet of Us, the Internet of It, and the Internet of Those. How seriously do we need to think about our privacy and civil liberties?

The Internet of Me and Us are the Internet devices that collect data on discrete and identifiable individuals. Internet-enabled automatic insulin pump is an example of the Internet of Me while Nest, an architect of the thoughtful home, would be a part of the Internet of Us since it gathers information about a whole family.

An example of the Internet of It would be the new tire pressure sensor in cars—a smart-enabled Internet-connected device that tells when air pressure in one of the tires is low. And, at least on its face, that sort of device collects no cognizable information about the driver. It’s limited to an assessment of the vehicle and its safety.

This is a transcript from the video series The Surveillance State: Big Data, Freedom, and You. Watch it now, on Wondrium.

Civil Liberties

The privacy and civil liberties issues surrounding the Internet of Things seem to differ, depending on which type of Internet one is talking about. Let’s start with thinking about the Internet of Me and Us.

At least three privacy questions might be embedded in such collection systems: One: Who owns or controls the data. Two: What are their responsibilities with respect to protecting that data. And three: What might they be permitted to do with it?

Statute and Contract Law

The ownership/control question is generally established by contract or by statute. Under contract law, the provider of the device almost certainly will claim ownership of the data. As a result, Nest and Google generally consider that they can process the data about one’s thermostat more or less as they see fit.

In that event, however, they also take up the responsibility of providing security of this data.

Learn more about modern conception of privacy.

Privacy-Protective Products

Officials at the U.S. Chamber of Commerce, right across the street from the White House, were astonished to discover a few years ago that an office printer of theirs was communicating with a Chinese computer and spewing out Chinese characters.

In the same way, a Columbia University study found that tens of millions of Hewlett Packard laser printers were vulnerable to hacking. Even your cloud-based nanny-cam could be hacked.

One might ask, how is this possible? It so happens that, the manufacturers manage the data they collect in their own best interests. And some of them might not care, if say, a tire pressure data is used or misused. It doesn’t affect them.

However, it seems worth asking a more sophisticated question: Why haven’t competitive markets produced more privacy-protective products? Normally, we would expect that if, hypothetically speaking, Nest treats our data badly that another company, call it SafeNest, would spring up and promise us more privacy and security. Why hasn’t that happened yet in the Internet of Things?

The Economics of the Industry

The answer, as with many things, lies in the economics of the industry. Right now, Internet of Things manufacturers might not have sufficient economic incentive to build a better product.

Personal data is a commodity—an economic product that can be purchased in the private market. The sale of goods can have benefits for the buyer and seller. But the sale can also sometimes have effects on third parties who aren’t part of the transaction.

Third-Party Effects

The Internet of Things is rife with these third-party effects. Some of them are quite good effects. When data is collected on energy consumption of a house, for example, it will benefit others on the same network, whose energy efficiency could also be enhanced, or who’ll have more energy available for their own consumption.

Indeed, in some ways, almost every bit of data collected in any part of cyberspace adds to the overall storehouse of knowledge—theoretically lowering the costs of action.

Diversion Effect

But the collection of information also can have negative consequences. One of those goes by the name of a diversion effect. If, for example, we collect more information about health, then insurers might choose to only insure the healthy—diverting their actions into more profitable ventures and leaving gaps in the market.

A price cut for one might mean price increases for others who are not as well-connected or whose business is not so desirable.

Pricing Problem

A second negative consequence arises from a pricing problem. We want people who manufacture or market a product to take into account all of the costs of production. But they usually account only for their own costs. How, otherwise, would they calculate a profit?

Yet, in the example of a data breach in the new Internet of Things market, the brunt of the cost is more likely to fall on the consumer.

Learn more about how geolocation data is gathered.

No Accountability of the Manufacturer

Right now, speaking generally, when software fails to prevent an intrusion, or a service provider fails to interdict a malware attack—there’s no obvious mechanism through which to hold the Internet of Things’ manufacturer responsible for the costs of those failures.

In a perfect economic world, one would pay more for the Internet-connected tire gauge, and the manufacturer would build better privacy and security into it. In an imperfect world, the tire gauge is priced lower, which makes it easier to buy. But consumers experience costs in terms of lost security and privacy.

Common Questions about The Internet of Me, Us, It, and Those

Keep Reading
Internet and the Ancient Dream of Free Access to Information
The ‘How and Why’ of Surveillance in America
Looking Back—and Forward—as the Internet Turns 50