This article is written by Venkat Ramaiah Chavali, pursuing a Diploma in Business Laws for In House Counsels from LawSikho.

Introduction

IoT is an acronym, and pronounced as such ‘eye-owe-tea’. IoT or Internet of Things in a wider sense stands for everything that is connected to the internet. For example, your Wi-Fi connected laptop, your smart phone, etc. In reality the use of the term IoT is narrowed down to those things which can talk to one another through any wireless connection. The simplest example is the IR (infra-red) operated TV remote and TV. By default, all the so-called ‘smart’ appliances and gizmos we use in our daily life do come under IoT. To name a few, smart lights, smart fans, even our smart phones and TVs are IoT devices.

The IoT was born in the 1980s. It is an interesting story and in short here it is:

Some Grad students at Carnegie Mellon University, who felt lazy to trek from their workplace to Coke vending machines – only to discover that it is not stocked – connected it to the internet. They wanted to first confirm on their computers that the machine is stocked before walking down to the vending machine to purchase. This is the first internet of things! 

Since that Coke machine, everyday objects have become increasingly networked into the growing IoT. That includes everything from smart lights to wearable medical monitors and more. Just to give an idea, IoT devices often run-on microcontrollers — simple computer chips with no operating system, minimal processing power, and less than one thousandth of the memory of a typical smartphone. 

So, while all of us use IoT devices, what most of us are unaware of is the term IoT and that they all belong to the IoT family. Does not matter, by the time you finish reading this article IoT will not only become part of your common vocabulary but you would be fully sensitized to IoT.

Scope & objectives

This article topically touches on various aspects – as many bases as this short article permits – of IoT to give an overall picture to business persons and interested readers who are new to the concept or unaware of the term IoT. At places it may look like a compilation of information rather than a flowing narrative. So be it, so long as it serves the objectives. The objectives being:

• To bring to speed in these COVID-19times IoT is one thing that could facilitate and ease business working as well as make our living more livable.
• To let know that IoT is a huge business opportunity for now and future.
• To help individuals and businesses to make an informed choice by exposing them to the spectrum of IoT.

The focus being users and not developers of IoT, the subject is dealt in breadth and not in depth.

Some terms you need to know

Terms that have infiltrated and become common knowledge like Wi-Fi, Internet, Web, Bluetooth, etc., are not explained here. Only those terms are explained here which it is felt would help a better understanding of IoT, otherwise the general common understanding would suffice.

Hardware

The hardware does not refer to the nails, nuts and bolts that we buy from a HardWare shop on the street but the hardware related to computer and electronics fields like chips, PCBs (Printed Circuit Boards), electronic sensors, processors, etc. In a broader sense, though, computer hardware includes things like keyboard, screen, CPU (Central Processing Unit) etc. 

In other words, all physical things related to a computer or a system. 

Software

These are instructions that tell a computer what to do. The entire set of programs, procedures, and routines associated with the operation of a computer system are covered by the term software. The term was coined to differentiate these instructions from hardware.

Simply put, software is the programming, the code software engineers write for the system to function in a particular way. 

Embedded system

An embedded system is a mini computer system, made by combining hardware and software, to perform a specific task. It may or may not be programmable depending on the use and design. For example, embedded systems include microwave ovens, washing machines, electronic printers, electronically run parts of automobiles / industrial machines, etc.

Firmware

Firmware is something in between hardware and software, figuratively like a semisolid or gel that is neither a solid nor a liquid. Let me hasten to add that there is nothing physical about it, it is a software that allows programming the device. Firmware is like the basic input output system (BIOS) of a computer, the keyboard and screen so to speak. 

Simply firmware is the interface between us and a system (embedded or full-fledged computer). 

We have seen above that an embedded system may or may not be programmable. If it is not programmable it has no firmware. If it is, then it has firmware. Wondering why program it? Let me explain with an easy to relate example or parallel. Suppose you buy a smartphone or a sophisticated digital camera and soon after the manufacturer introduces a feature in its software which either removes a bug or enhances the capability and continues to sell at the same price, how do you feel? Don’t you develop an antagonism towards the producer and the product? You would like your gadget to be upgraded, is it not? Such an upgradation is possible only if your gadget has firmware to program it. 

Algorithm

An algorithm is a step-by-step process, like a recipe, to perform a specific task. It is a class of software programs written mostly as (mathematical) functions. 

IoT

Using the above terms, we may define IoT as “all those things with embedded systems – with or without firmware –that can be monitored, operated, or controlled wirelessly* using a certain algorithm”. 

*Wirelessly includes all those connected by Bluetooth, RFID, 3G, 4G … apart from the internet. RFID stands for Radio Frequency Identification; it is only used in a limited way because RFID is passive (one way communication) like IR and not interactive. 

COVID-19 – work from home and IoT

Working from Home was a concept that existed prior to pandemic too but ever since the pandemic attacked the world, working from office is a no go and working from home is the norm. So much so it is now popularly called WFH for short.

The unique features of IoT enable employees of organizations to work from home. For example, medical doctors and staff can monitor their patients remotely providing wearable medical devices to patients. Similarly, production process plants can be monitored and controlled remotely using IoT devices. Actually, it helps workers working in hazardous operations to work remotely from safe precincts, thus providing safety to workers and keeping the product from likely contamination. Chemical, pharmaceutical and meat industries are a few good examples. The mindset that one must be physically present to monitor critical operations – which was the case prior remote sensing and IoT era – is now overcome with the recipe provided by IoT to confront the situation brought upon by the pandemic. 

COVID-19 – commerce and IoT

Till the 1990s people talked of ‘Purchase Departments’ in organizations and businesses. From then on, the department transformed into a ‘Supply Chain Management’ department, like Personnel has become Human Resources Department. In other words, the department instead of focusing merely on negotiating and purchasing broadened its domain to involve streamlining of a business’s supply side activities – of goods and services – to have a competitive edge by maximizing the value delivered to the customer.

Needless to say, that Covid-19 had a significant impact on the supply chains and virtually stalled the businesses. But interestingly enterprises took to IoT to sustain their businesses. The travel and movement restrictions due to the pandemic necessitated dependence on local goods and services over procuring from far and wide. The two key factors in supply chain management are data management and analysis both of which are greatly benefited from IoT. 

Arm* in 2017 sponsored what is called IoT Business Index. It was a survey to determine how the then commerce was adopting IoT; it was the time commerce just began to adopt IoT in a fledgling way. Only 18% of the executives who were interviewed then said that they believed supply chain management and logistics benefited from IoT. In 2020 – after the arrival of Covid-19 – the figure rose to 28%. These percentages are in addition to 38% who stated (both in 2017 and 2020) that data management and analysis benefited from IoT. 

Based on the IoT Business Index arrived at by the survey shows that from the year 2017 the investment on IoT by businesses increased from 62% to 82%. Moreover, 20% (one in five) of businesses grew that investment by 50% or more. A study from Juniper Research predicted that IoT platform revenues are expected to reach $66 billion in 2020, an increase of 20% from last year. 

[*Arm is a company headquartered in U.K. that develops and produces chips and device architectures to organize the performance of technology. Its processors power the innovation through Artificial Intelligence (AI)]

Role of IoT in COVID-19 & in controlling a pandemic

Do not look at IoT as lazy persons’ contraptions. It may be paradoxical, but it is the laziest who are driven by their laziness to come up with some of the most useful innovations. That was a digression, reverting to the topic, the first thing to do once there is an epidemic or a pandemic is to contain the spread and then swat it. During the initial and peaking periods of Covid-19, IoT played – and is continuing to play – a great part in assisting healthcare systems to detect and monitor virus-infected persons through intertwined networks and devices. Remember the ‘Arogya Setu’ App? How can one forget! The governments, travel and health industries relied on IoT to protect people against the spread of the pandemic. 

Let me list out what all IoT is doing and can do:

• Track the affected and caution the vulnerable – example: ‘Arogya Setu’.
• Remote monitoring of patients at home. 
• Remote tracking of persons immigrating into the country or coming from other places by air travel.
• Telehealth consultation, prescription, and treatment.
• Digital diagnostics – especially in the U.S.A.
• Use of robots to deliver food, medicine to the quarantined Covid-19 patients in the hospitals and sanitization of the utility areas. 

While at a superficial level IoT is a network of sensors, embedded systems, and wireless controllers, at a deeper and holistic level IoT is also a continuous provider of individual data on a mass scale that can be compiled, computed and analyzed in real time enabling quick response plans and action. (Recall how the News Channels were continuously bombarding us giving country wise, state wise, locality wise figures, trends, spikes of Covid-19)

In a pandemic situation, more the data in real time, more accurate would be the statistical and analytical results which means better decision making and quicker response – the two vital factors in containing and controlling a pandemic. IoT is a boon indeed in combating Covid-19 with an estimated 2,400 crore connected devices capable of collecting and transmitting data at unprecedented levels.

IoT in industry – IIoT

The IoT did not stop with permeating the homes and hospitals but it invaded many sectors in the industry too and is referred to as IIoT – Industrial IoT. It is a subject and topic by itself. It deserves a full article to do justice. 

IoT in military – IoMT

Owing to the classified (confidential) nature of Military operations only limited and general details would be available and not specifics. Nevertheless, it is not beyond one’s imagination to visualize the extent to which the military uses IoT. Mostly these ‘Military Things’ are systems to create robotic surveillance and human-wearable biometrics which are useful for practice of combat (war games) and the safety at the military bases and ammunition dumps. The IoT used in the military is referred to as IoMT.

Concerns and challenges to IoT

In the beginning the IoT devices were designed randomly and, on an ad hoc basis with a little or no thought of incorporating security protections. Subsequently, some started introducing manual update security processes like password, which is honored more in breach than observance, with the inquisitive and evil minded having a heyday.

The idea of mentioning concerns and challenges at this juncture is to let know that notwithstanding the widespread use of IoT today, it is far from organized let alone being standardized. The range of IoT is broad covering simplest things like a TV remote to sophisticated gadgets used in healthcare and industrial processes. The deadly mix of sensitivity of some of the applications to which IoT devices are deployed, the lack of attention to design integrity by designers – allowing easy unauthorized access –, and the rapid but unorganized growth in the absence of regulatory and punitive laws, tempt trouble makers to access the devices through wireless connectivity causing problems of a different nature, apart from the known ones. As a result, there are many concerns to be addressed and challenges to overcome.

CONCERNS

Some crucial concerns in relation to IoT are:

1. SECURITY AND PRIVACY: The Achilles heel of IoT is its vulnerability to security breaches. Technically anybody can access anything from anywhere. So, a robust security architecture in design is important. Any algorithm that processes proprietary and sensitive data must be secure and safe, so the data is not compromised. It is a challenge too.
2. ACCURACY OF OPERATION: In IoT sensors are used to detect and measure the required parameters. For example, the brightness or color of a smart light. The sensor performs at optimal level in the defined range of environmental conditions. When sensors are moved about or put to work in an uncongenial or fluctuating environment, they may send faulty data, or no data, vitiating or corrupting the result without the user being aware of it. It is a concern. 
3. LACK OF (INDUSTRY) STANDARDISATION: There are neither comprehensive nor cohesive guidelines for the security of IoT devices. We saw how it all started with a cola machine by a group of lazy grads! Ever since it has grown by accretion than in an organized way. And like the milk (dairy) industry in India it has grown collectively big while remaining individually small. The lack of such guidelines makes it difficult to come up with a robust and affordable protective system.
4. LACK OF LAWS AND REGULATIONS: There are no specific laws to govern or regulate IoT even in sensitive areas like healthcare. Discussed more under the heading “IoT and Legal issues”. 

CHALLENGES

Some challenges to the IoT are:

• INTERCONNECTIVITY: The value of IoT lies in making disconnected items and tools “talk” to each other. In the absence of guidelines and standardization these were designed to speak different languages – in whichever language the designer is conversant with. But when gadgets talking different languages are connected to talk to each other it results in a babble that makes no sense – gibberish. So, the least that is required is to see that they all speak a common language. Otherwise, how can you make your smartphone communicate with your smart television (in addition to its remote)? Don’t ask why I should use my phone when there is a remote? The moment your smartphone can communicate with your smart TV you are opening up new possibilities and uses, enhancing your experience without additional cost. Let me give two examples:

1. You can watch your WhatsApp video clips on the big (TV) screen.
2. You are at your office. Your aged mom at home wants to watch a special program on TV, and she does not know how to operate the TV. She calls you. You ask her to hold on and using your mobile you turn on the TV at home, select and run the channel for her to watch. She is ecstatic – Gee, magic!

So, interconnectivity increases possibilities and enhances your experience.

• TACKLING THE 3 Vs OF DATA: Most IoT devices check volume, velocity, and variety, known as the 3Vs. Naturally it leads to generation of big data. Tackling the 3Vs means finding the best fit algorithms to suit the nature of the data and the solution to be worked out.
• DATA ENCRYPTION – a security measure – is rendered difficult due to the low levels of memory and minimal processing power.

Narrow band IoT (NB-IoT)

Are you aware?

For the first time BSNL launched the world’s largest NB-IoT that provides connectivity to millions of unconnected machines, sensors and IIoT devices across the length and breadth of India.

WHAT IS NB-IoT?

It is a low power wide area (LPWA) technology. It handles small amounts of two-way data transmission in a reliable, secure, and efficient way. Its ability to connect multiple devices using existing mobile networks is a big plus.

WHY NB-IoT?

• Importantly it is secure and reliable – it is based on industry standards.
• Not only its spread covers the entire country, but its deep range penetrates indoors and underground.
• Its deployment is easy because it easily integrates into cellular networks. 
•  Its optimization allows long really long battery life – about10 years.
• The component cost is less and network service charges low.

IoT and legal issues

Technology being a double-edged sword it could be used as much for human good as for hurting them. It is no exaggeration to say that forward looking technology is developed for war abilities or so-called Defense purposes and the most advanced technology is put to perverse use by criminals. In fact, the first workable prototype of the internet came in the late 1960s with the creation of Advanced Research Projects Agency Network (ARPANET) originally funded by the U.S. department of Defense. We keep hearing of how miniaturized cameras, transmitters and receivers are used for wrong doing like illegal surveillance, blackmail and extortion, copying in examinations, etc. Most of the cybercrimes are done using the internet and we saw why IoT is an easy target.

The legal issues of IoT – civil or criminal – mostly relate to privacy, freedom of speech and expression provided by Article 19 of Fundamental Rights under the Constitution of India (the First Amendment of U.S.A), or provisions of Indian Criminal Procedure Code against unreasonable search and seizure (the Fourth Amendment of U.S.A).

The cybercrimes related to digital and Information Technology are mostly addressed under Information Technology and Cyber laws, with a few amendments to IPC and CrPC; there are no IoT related laws or regulations per se. 

We all hear day in and day out the crimes related to stalking, morphing, illegal surveillance, etc., etc., of these a sizable number is related to IoT. They have become trite. Do not intend to give more of the same here.

Rather, let us look at legal issues that could arise in the context of IoT that need answers. Firstly, there are no security standards for these devices, we have seen that. Secondly, keep in mind that there are no specific laws addressing the issues that are arising specifically in connection with IoT. So what?

So, let me highlight some issues using a wearable IoT medical device that monitors a high-risk patient with a heart-condition, as a prop. What happens and who is responsible if:

• The device fails or breaks down?
• If the internet fails?
• The service provider closes his shop (i.e., goes out of business)

Some more question that need answers associated with techno-legal issues are:

• When will the standards and laws be ready – encompassing ethical, legal and technical matters?
• How and who will monitor and ensure that any vital data security or a safety measure introduced in a new device is also incorporated in the existing devices? 
• When is a particular device to be retired or replaced? How to provide an alert to the user? In the absence of such mechanism the patient blissfully ignorant of the fact reaches his grave in a hurry earlier than almighty has intended.
• How much of ‘fool-proof’ and ‘fail-safe’ features are to be incorporated and who decides?

The good news is governments and industries started thinking on these lines and there is an active debate going on in responsible public fora. 

As for those interested in the matter:

• Australia has done some work on privacy principles related to individual’s privacy and data security through some dynamic regulations – see material under References (8)
• In addition, the ethical and legal challenges related to handling huge data on commercial motive are dealt in the reference material provided under References (9). 

Before concluding the topic how about taking a peep at a couple of interesting cases where IoT devices solved mysterious criminal cases in the U.S.A?

(I could not lay my hand on any interesting IoT involved cases in India. Doesn’t make a difference, the issues are common and both India and U.S.A are common law countries).

The case of the Wandering Corpse

It was a murder case (People of Connecticut Vs. Richard Dabate). A householder at Vernon, Connecticut, U.S.A. reported to the police that his wife returned home from a gym when he was fighting off an intruder into his house; that the intruder shot his wife, tied him up and ran off. The householder put the time of his wife returning home as not later than 9AM. During search the police discovered a fitness wearable IoT device on the person of the dead wife. From the data of the device, it was ascertained that between 9.18AM and 10.05AM on the day of her murder she was moving about at a distance of 1217 feet from the house where her corpse was found. On further interrogation and investigation, the police found out that it is a case of extra marital relationship on the part of the husband and the desire to benefit from his wife’s life insurance. The IoT fitness wearable steered the investigation in the right direction though that was never the intended purpose of the device.

The case of a Man with a Steady Heart

This is a case where a man with a heart-condition wearing a pacemaker tried to defraud an insurance company by setting his house on fire (arson) and claiming it to be an accident. His version to the investigating officer was on noticing the fire he hurriedly gathered and packed his valuables in a box and bags and defenestrated them after breaking the window glass and exited the house. So far so good and everything checked okay except that his heart was beating steadily throughout! Yes, the pacemaker – which is remotely (IoT) monitored – evidenced it. The only flaw in the story is, the cardiac experts opined that unless it is a deliberate act, it is highly improbable for the heart of a person in his condition not to show a quickening of pace. QED -meaning thus it has been demonstrated (that the man deliberately did it and was telling a story of lies). The man was tried for arson and trying to defraud the insurance company. 

(Story told by Police Lt. Jimmy Cunningham to WLWT an NBC affiliate channel (paraphrased). The man was said to be from Middletown, Ohio.)

The above two examples evidence how IoT devices help nail criminals – though the devices were meant for a different purpose altogether – who would have otherwise got acquitted on benefit of doubt in the absence of any other admissible evidence or eye witness.

IoT – future & entrepreneurial opportunities

Covid-19 has only hastened the pace of IoT growth. The future looks bright. Seized of the enormous potential on one hand and the challenges and issues of IoT on the other hand, earnest efforts started:

• to take care of weak areas in design hardware, software, and firmware to secure the devices from hacking, data stealing or hijacking the systems.
• on standardization of interfaces to facilitate interconnectivity of devices produced by various industries. Standardization is a great enabler, for example there was a time when each mobile phone manufacturer had its own dedicated phone-battery-charger making it cumbersome to carry the charger as an appendage along with the phone. With the shift (standardization) of most of the manufacturers to Mini-USB ports, this issue is taken care of and the others are forced to fall in line. 
• to frame prudent, pragmatic and dynamically adaptive laws and regulations to keep the fly-by-night operators at bay and to protect and give confidence to the end users.
• to technically marry automation with IoT that would fully throw open the doors of industry to IoT.

Once the above are in place to a hygienic level, the unorganized and mushrooming-growth of IoT would get streamlined leading to an avalanche – yet in a regulated way – of new possibilities and opportunities. 

The variety of opportunities that IoT can offer is only limited by imagination, the saying ‘if you can imagine it you can achieve it’ seems to be true with IoT. It is for the forward-looking youth of India to exploit the myriad business opportunities. Bangalore (now Bengaluru) is turning out to be the entrepreneurial capital of India, Pune, in Maharashtra is another hub.

Summary and conclusion

• The IoT refers to a system of interrelated things with wireless interconnectivity to perform a specific task. 
• A thing of IoT may refer to a cola vending machine, a medical device, a chemical plant process monitor or a simple automobile tyre-pressure-sensor that triggers an alarm if it is low or beyond the limits to alert the driver and owner.
• The possibilities of IoT are unlimited driven and limited by imagination, be it in personal life, health care, remote handling and managing of hazardous operations, working from home, detecting forest fires, or improving business efficiency/ compliance/ ease of operation. The list is endless and ever growing.
• An unintended (by developers) use of some of the IoT devices is quickly and irrefutably solving cases of crime, were it not for which the perpetrators would have got acquitted on benefit of doubt and walked free. (Read interesting IoT cases under the head ‘IoT and Legal Issues’). 
• IoT being a technology with a low-capital-entry-barrier many individual entrepreneurs jumped into the bandwagon. It has grown collectively big though individually small and is suffering from security concerns related to sensitive and proprietary data in absence of standardization.
• The onus is now on governments and industrial institutes to come up with IoT security and interoperability standards as well as laws to specifically safeguard IoT users.

There is a great opportunity for Indian youth in IoT based entrepreneurial business, comparable to what computer software and Information Technology provided in decades preceding Y2K. Reason being the main investment for IoT is the ability to design hardware and write software – our strengths. And it takes care and makes use of our weaknesses namely lack of money (not being capital-intensive and scalable), and our dyed-in-the-wool laziness.

Hope you enjoyed reading this article and learnt something about IoT; if you did, you do owe me a tea!

References

1. MIT News (MIT Edu website)
2. News and Articles in “iot for all” 
3. civils daily
4. Aeris India IoT solutions
5. Electronic Engineering Times
6. The New York Times (April 27, 2017) 
7. Articles from researchgate.net 
8. Carron, X., Bosuo, R., Maynard, S. B., & Ahmad, A. (2016). The Internet of Things and Its Impact on Individual Privacy: An Australian Privacy Principle Perspective. Computer Law & Security Review, 21(1), 4- 15
9. Baldini, G., Bottermon, M., Neisse, R., & Tallacchini, M. (2016). Ethical Design in the Internet of Things. Science and engineering ethics, 1-21

---

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skill.

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: