Legal Liability and Accountability in Information Technology (IT)

Legal liability is an entity or individual’s responsibility or obligation under the law. It occurs when an entity or a person injures or harms another party. On the other hand, accountability is the norms, processes, and structures holding the population and corporate world legally responsible or accountable for their actions and imposing penalties when any party breaks the law (Singh et al., 2018). It is vital that systemic threats to the normal order are to be corrected. Information technology regulations and laws offer a legal framework for gathering, storing, and disseminating digital information within the global marketplace. Legal professionals practicing in this jurisdiction of law represent businesses and people from various industries, helping to structure IT transactions to make the most of their client’s economic benefits while guaranteeing legal compliance (Jain et al., 2020). A practical problem addressed through legal liability and accountability laws relates to collecting and preserving IoT data.

Description of Research Area: IoT and Legal Reliability and Accountability  

IoT is an emerging information technology that presents accountability challenges. We live in the era of the “Internet of Things” (“IoT”), where computers know how we medicate, manage our homes, drive, work, shop, and play. The IoT is a concept denoting networks of smart devices connected to the internet and can gather and exchange data and information on almost every aspect of our businesses and personal lives. The IoT environment comprises computers, objects, and sensors interacting to collect data relating to their environments over network stores, which can be acted upon minus human interaction (Peyton, 2022). Imagine your refrigerator telling you when you require more milk or the thermostat-controlled remotely using an application on your mobile phone and masters your behavior patterns concerning the home climate. Networked houses that connect power outlets to TVs, security cameras, smoke detectors, and the homeowners using software applications exist, and more are coming into the online environment every day. The increased connectivity extends outside the home setting. Service professionals and workers can connect and communicate remotely with office systems and equipment through mobile devices. We also have networked cars, wearable and health technologies, smart glasses that can record or create information as one travels and communicate with the internet, and many more. Such networked technologies create fascinating information concerning users and have some degree of situational awareness (Singh et al., 2018). However, the increased connectivity increase threat to privacy and reduces the control over personal data, opening up a range of potential adverse implications due to access to personal data (Jain et al., 2020).

The connected homes presently sit at the “peak of inflated expectations,” or what is known as the hype cycle, and IoT is the primary driver for the hype (Panetta, 2017). A quick glance IoT consumer market exposes swathes of household goods having the label or prefix, intelligent or smart, on offer, traversing white goods to fittings and fixtures entrenched in the home fabrics. The assurance of IoT is greater efficiency, convenience, safety, comfort, and security in the user’s routine life. Even though the necessity of most IoT products or services might require more questions than answers, the industry’s projected growth is massive (Safonova 2020). Major IT companies such as General Electric, Cisco, Accenture, and Ericsson project billions of networked home and outside devices in the near future. The IoT particularly trades on information and data, passively and actively, with inputs incorporating sense data and spoken commands connected to such things as temperature and movement monitoring and tracking. The IoT also supports other technology and computing trends, including cloud computing, big data, and machine learning. The personal data gathered by IoT devices gets distributed to the cloud for analytics and processing (Peyton, 2022).

The trend concern linked to the diversity of IoT equipment and services centers on trust and privacy around personal data. When sensing happens in the home setting, aspects such as the pattern of behavior can be captured, and inferences concerning the occupant’s lifestyles can be made. This poses harm to privacy depending on who is capturing the data and whom they share them with (Nissenbaum 2011). Research has shown that inapt information flow between or within contexts threatens IoT users’ sense of privacy. Data gathered from IoT devices are generated from multiple sensors such as thermometers, accelerators, and microphones. Data obtained from such forms of sensors are highly precise and detailed. The granularity facilitates collecting or creating extra information through machine learning extrapolations, creating outcomes that may not be conceivable with coarser data.

The inferences can be valuable for a range of purposes. However, they can sometimes be unexpected and personal (Rajagopalan et al., 2011). For instance, organizations can adopt smart speakers to create sales pitches, but such use of inferences can force people to make unintended transactional decisions. Hence such care must be taken when applying such data collected from unsuspecting individuals. We also have smart meters created by energy companies to reduce the costs associated with servicing traditional meters. However, smart meters can collect and expose a variety of intensely personal data about people, including less obvious information concerning the television programs they watch and even how often they use devices such as washing machines (Rajagopalan et al., 2011). Different organizations, including advertisers, insurers, law enforcement agencies, and employers, like to find such information valuable. Hence, the need for care to avoid the disclosure of private information (Nissenbaum 2011).

Furthermore, a study has shown that the IoT sectors lack harmonized standards for developing devices in a manner that effectively focuses on data protection issues. Developing a trusting relationship with consumers is critical in the emerging IoT infrastructures due to growing consciousness that IoT devices leak user data and can as well be hacked (Panetta, 2017). Every device manufacturer collects user information using their own designed methods. The analytic platforms collecting and aggregating IoT also operate in a similar manner. Besides, the collection or perseveration of data on the IoT may not be achieved without significant efforts, which come at a cost. The object manufacturers do not build them purposefully to make data collection and preservation easy (Panetta, 2017). As such, it is challenging to develop standard processes for data collection, preservation, reviewing, and generation of information from a wide range of IoT objects through the APIs or build data monitoring and reporting features. It is also challenging to collect, aggregate, and standardize data from various wearable devices such as glasses to form big data metrics (Safonova, 2020). Against these backgrounds and challenges, this study identifies the practical need to develop robust legal liability and accountability in the IoT.

One of the potential legal liability and accountability areas that will increase the quality of risk assessment and mitigation strategies is focusing on the design and code of IoT. This comes from the fundamental nature of IoT, in that the code itself is a law. Therefore, regulating IoT would be logically done at the code level using ex-ante transparency. Ex-ante transparency is a situation where the design and implementation of technology are described to the regulatory authority before it can be launched. Such a regulatory approach has generally been under-implemented because they are expensive, and providing ex-ante transparency is a sophisticated process (Singh et al., 2018). Therefore, regulating IoT at the code level using an ex-ante transparency approach is practical for complex and highly distributed technologies such as the IoT in this context. Nevertheless, other approaches would be logical for less complex and fairly non-distributed technologies, which included adopting strict liability relations specifically focused on a highly specialized IoT activity. For instance, the IoT legal systems may focus on the harm caused by technology and overlook common product liabilities such as fault or intentions of the technology (Singh et al., 2018). A good case is autonomous cars, where several IoT systems interact with the driver to facilitate the autonomy of the car. The driver is obviously insured against human negligence when driving; it is plausible to say they have transferred their obligations to the operators of the autonomous car, and as such the liabilities for any accidents that would occur are legally straightforward (Singh et al., 2018).While that sounds convincing of security and responsibility features of the autonomous cars, they might not assume immediate social acceptance until they provide ex-ante transparency about how autonomous cars make driving decisions before they have been launched into production or later before launching in the market

Related Technologies to IoT

The IoT incorporates and interacts with a range of technologies, with the main ones including artificial intelligence, cloud computing, and network technologies as described in the following section.

 Artificial intelligence (AI)

AI is a component of computer science concerned with developing computer technologies that perform tasks that often need human intelligence, including decision-making, transcription, speech, and object identification, among others. The most current forms of AI technologies operate on deep neutral data that uses a massive amount of data to operate and learn. Data gathered by IoT devices can be adopted and manipulated by AI, which offers IoT devices various functionalities in information processing (Yarlagadda, 2018).

Cloud Computing

Cloud computing denotes computer networks remotely used. It comprises infrastructures, software, and platforms delivered on-demand to users. Cloud computing services include data processing, storage, delivery, and operation of applications. IoT devices rely significantly on cloud computing services such as data storage and processing. Data gathered by the IoT devices are processed and stored on cloud platforms. Cloud platforms offer scalability, high processing and storage power for IoT devices, and ease of accessibility of the data from various IoT technology devices (Takano, Mejia, & Kajikawa, 2016).

Network Technologies

IoT devices are interconnected to private networks and the internet for their operations. Office, home, and wearable devices connect to networks through short-range technologies, including WIFI, Ethernet, or Bluetooth. The larger industrial IoT systems used by farms and cities adopt more extended range technologies, including satellite and cellular networks. Currently, there is the development to replace the 4G with 5G, which is expected to allow many IoT devices to be connected to networks simultaneously. Tracking the devices’ location will also be possible with relatively higher accuracy and precision (Di Taranto et al., 2014).

Future Trends in IoT Technology

The growing IoT is connecting devices to different sensor applications and other IoT devices to support human efficiency both in the office and at home, automating most of the processes in homes and businesses. More are still expected in the IoT technology as technology companies and engineers continue to discover new applications and develop infrastructure fundamental to supporting more efficient IoT networks. Some of the expected future trends in the sector include:

Growth in IoT Cybersecurity Concerns

Internet-connected technologies are growing rapidly and increased use cases and users for the devices. However, as the IoT technologies are developing exponentially, there is also the growing concern over how users and their devices can be protected from cyber threats. Researchers believe that the attack surface will continue to grow as the number of users of IoT devices increases. IoT firms will be forced to bear responsibility for cybersecurity threats upfront. The IoT market is currently in a defining phase, and many people are using IoT devices connected to the internet. The problem arises when many users keep downloading applications to their mobile phones to control most devices, minus even reading and understanding terms and conditions. Besides, making IoT devices’ users have also given out their passwords minus understanding their storage destination and protection mechanisms, and they also do not check for security updates (Yarlagadda, 2018).

It is anticipated that in the future, most governments will demand IoT device manufacturers to state up-front the duration their devices will take receiving security updates and maintenance. Countries like the UK have already started working on such laws, cognizant of interconnected security risks posed by IoT devices, and the US and other countries might follow suit. Other researchers also believe that it is time we begin thinking of IoT devices and technologies as citizens, holding them liable and accountable for similar authorization and security requirements as humans. Kuzlu, Fair, and Guler (2021) also argue that security issues can no longer be a second thought prioritized by another third party after connectivity and data analytics in the IoT. Businesses should begin considering the things in the IoT as first-class citizens, liable and accountable for harms and damages they cause to others. First-class citizenship implies that the non-human entity is assigned all the conventional human attributes and must authenticate and register, have relationships, and their access allowed or revoked. However, this still seems hectic for a “thing,” as they cannot enter passwords or usernames, think for themselves, or answer timely prompts (Kuzlu, Fair, & Guler, 2021). Scientists are working around the clock for such innovations and, if achieved, will present a significant opportunity to develop a secure network of IoT devices operating together securely.

5G Internet Will Accelerate More IoT Opportunities

Ultra-low latency and hyper-connectivity are critical to power the rapid growth of IoT solutions. 5G internet is cited as among the developments that will accelerate the spread and accessibility of IoT solutions. Many cellular companies and other device manufacturers are currently working extensively to incorporate 5G internet technology in their portfolios to promote the development of IoT solutions. Hu et al. (2015) explain that with the commercial 5G internet technology live already, its next wave of development is likely to allow more firms to digitize with more reliability, flexibility, mobility, and security, which will see an increase in new IoT application cases and efficiencies. The 5G technology is likely to accelerate the feasibility of distributing a huge number of small IoT devices. The devices may produce less traffics and revenues each, but they will generate massive value for every bit of data in the aggregate. With the widespread adaptability, it will be more possible to distribute 5G to remote facilities and rural areas more rapidly than with the previous 1, 2, 3, and 4Gs (Kuzlu, Fair, & Guler, 2021).

High Growth for Cellular IoT

Cellular IoT technology is expected to experience accelerated growth going forward. The technology facilitates device connectivity using mobile networks. Researchers project a nearly over 100% growth in cellular IoT technology, with the market value rising to $61 billion in 2026 from $31 billion in 2022. Researchers have cited 5G network and cellular low-power wide-area (LPWA) developments as the accelerating technologies for this growth. LPWA technologies such as the LTE for Machines or narrowband IoT will also experience rapid growth during the projected period (Yarlagadda, 2018). Besides, a low cost of hardware and connectivity is also anticipated, which will also boost IoT adoption for remote monitoring in areas such as manufacturing and agriculture. 5G internet is still more expensive than 4G, and its implementation is still a case-by-case. The value of 5G is likely to increase alongside the implementation as more IoT devices grow.

Shortages of Chip Will Continue to Complicate IoT Development

The development and prospect of IoT are not entirely rose-colored, cellular IoT and metaverse application notwithstanding. It is estimated that shortages of the chip are likely to hamper IoT market growth by a significant percentage of between 10% and 15% by the end of 2022. The chips that power most IoT devices remain scarce compared to high-end chips from Nvidia and Intel (Peyton, 2022). The shortage impact IoT-powered connected devices ranging from single domestic appliances to large industrial products. Most IoT devices adopt low-end chip configurations such as 4-bit and 8-bit microcontrollers, with lower processing demand and less expensive. Study shows that the demand for such lower-end chipsets will continue to surpass the supply in the future (Yarlagadda, 2018).

IoT to Accelerate the Metaverse

IoT is likely to play a critical part in the metaverse, connecting the physical and virtual worlds. The virtual exemplification of the physical devices significantly depends on IoT data. Different forms of IoT-power digital twins are expected to dominate the metaverse. For instance, IoT and technological developments, including quantum computing and synthetic data, will impact the metaverse and restructure the business landscape in the process altogether. The real world is already programmable, as seen through IoT operational technologies. From a bigger picture, IoT and several other technologies are progressing towards Web 3.0, with two critical capabilities. The internet of ownership and the internet of place. The latter offers an interoperable digital space for collaborative and shared experiences, while the former adopts a distributed blockchain ledger for users to create more secure and reliable (Peyton, 2022).  IoT is positioned to play an interlinking block in development.

Companies Involved in IoT Technologies

In the era of hyper-connectivity, the IoT is a booming industry with several innovators providing hardware and software for literally everything from smart cars and homes to manufacturing and medical devices. The industry is projected to play around $1 to $3 trillion by 2025 in revenues because of the shift towards IoT-powered applications, services, and platforms, instead of just mere connectivity. Some of the most popular companies in the industry include a) Spectrum, dealing in mobile phones, IT, and software; b) RingCentral, dealing in cloud computing, mobile, and communication technologies; c) AlertMedia, dealing in healthcare and communication technologies; d) Superpedestrian, dealing in transportation, robotic, and hardware technologies (Peyton, 2022). The list is endless.

IoT Technology Regulatory and Legal Issues

The IoT comprises physical devices interconnected and takes inputs from humans through satellite and mobile networks and over the internet. The IoT technology raises regulatory and legal problems, particularly in security and privacy. IoT networks’ security significantly relies on services offered, authenticity, integrity, confidentiality, data transmitted or stored, and availability. The technology’s network security is of significant regulatory concern due to cybersecurity threats targeting most IoT devices at an alarming rate in recent years. The IoT infrastructure is characterized by a high degree of interoperability and autonomy; hence, its ecosystem is only as secure as the weakest link within the system (Matey, 2021). There are high risks to the systems’ infrastructure, including electrical grids systems, which raises a significant security concern. Therefore, the first security issue is to establish who is responsible and accountable for securing the IoT networks and consequently liable in the event of a breach. The present self-regulatory systems are progressively being substituted by state striking securing implementation requirements on most IoT device manufacturers, characterized by due diligence responsibilities being left on the side of the manufacturers. The IoT devices mostly lack cybersecurity capabilities. Hence, manufacturers need to help their customers mitigate cyber threats by offering essential cybersecurity functionality and availing cybersecurity-related information the customers may require (Takano, Mejia, & Kajikawa, 2016).

Governments globally are also beginning to focus on the rapid growth of IoT technology and the cyber threats it presents with new regulations taking shape. The US National Institute of Standards and Technology (NIST) issued an IoT Device Manufacturers guiding principle, Foundational Cybersecurity Activities, which include: a) addressing route cause of security issue; b) increasing monitoring; c) adopting network segmentation; d) developing threat response policy; e) understand when to engage a third party. The Foundational Cybersecurity Activities are designed to help IoT device manufacturers reduce cybersecurity-related requirements by their customers, hence minimizing the incidence rate and severity of IoT devices’ attacks or compromises performed through compromised devices (Matey, 2021). Similarly, EU Telecommunications Standards Institute (ETSI) has adopted a Cyber Security technical specification guide, outlining security guidelines to protect consumers of the IoT products and services. However, adopting data-protection guidelines on IoT networks and systems still proves challenging as almost all forms of data can become categorized as personal data, and regulations controlling sensitive data categories are broad in application. However, most data and privacy protection guidelines in different jurisdictions tend to align with OECD Privacy Guidelines or the EU’s General Data Protection Regulation (GDPR) (Singh et al., 2018) as the reference guidelines.

Global Implications of IoT Developments, Legal Liability, and Accountability

The global implicates of IoT on businesses, governments, and citizens is significant, ranging from helping states increase access to education in remote, underserved societies, reduce healthcare costs and enhance the quality of life, minimizing carbon footprint, and improving manufacturing and transportation efficiencies. IoT is impacting several industries globally creatively. Today it is not only computers connected to the internet, but a world of opportunities have opened, ranging from healthcare, emerging industries, agricultural usage, and even financial planning. IoT has significantly influenced modern innovations, including smart homes and cities, intelligent wearables, and global businesses, creating new levels of convenience and increasing a myriad of opportunities for innovation. Besides, with the growth of low-cost production and manufacturing micro-controllers and sensors, industries globally are now adopting IoT in manufacturing, support-related tasks, and operations (Takano,  Mejia, & Kajikawa, 2016). It has improved areas such as network and quality control, asset management, reduced equipment maintenance and manufacturing costs, and reduced delivery time.

IoT has also enabled global industries to better access data concerning geographic and socio-economic profiles by applying connected devices. This increased media consumption and helped companies to collect and analyze data on market trends and workforce in a shorter timeframe. The IoT has improved the modern work setting. Modern offices increasingly rely on connected devices, including biometric scanners, lighting, and air conditioners, all of which make the work environments conducive to the employees while minimizing energy expenditure (Chang, Tu, & Huang, 2021). The same applies to smart home features, including smart windows that can open and close based on pre-programmed time, reducing the need for air conditioning and artificial lighting. The IoT is also influencing the development of smart factories, which will increase production output using the least number of workforce. However, this development is still in its infancy stage. Researchers have projected that intelligent factories will attain US$ 275.89 billion in 2026. The highly intelligent units are characterized by low energy expenditure, which will significantly increase industry profits in the developed world (Chang, Tu, & Huang, 2021). The IoT touches almost every facet of the global sphere with one goal: to make the world the most efficient place.