by David Horrigan
on January 08, 2019
Cyber Security & Data Privacy
Editor's Note: This article appeared originally as an article in Legaltech News.
In the Era of the Internet of Things, we’ve become (at least somewhat) comfortable with our refrigerators knowing more about us than we know about ourselves and our Apple watches transmitting our every movement.
The Internet of Things has even made it into the courtroom in cases such as the hot tub saga of Amazon Echo’s Alexa in State v. Bates and an unfortunate wife’s Fitbit in State v. Dabate.
But the Internet of Bodies?
Yes, that’s right. It’s gone beyond the mere snooping of a smart TV. Data discovery has entered a new realm, and our bodies are the platform.
A January 5 program at the Annual Meeting of the Association of American Law Schools (AALS) in New Orleans entitled, The Internet of Bodies: Cyborgs and the Law, discussed the legal, regulatory, and societal impact of this living and breathing platform for data discovery.
First things first: What is the Internet of Bodies?
“The Internet of Bodies refers to the legal and policy implications of using the human body as a technology platform,” said Northeastern University law professor Andrea Matwyshyn, who serves also as co-director of Northeastern’s Center for Law, Innovation, and Creativity (CLIC).
“In brief, the Internet of Things (IoT) is moving onto and inside the human body, becoming the Internet of Bodies (IoB),” Matwyshyn added.
Joining Matwyshyn on the AALS panel were moderator Christina Mulligan, professor of law and vice dean at Brooklyn Law School; Nancy Kim, professor at California Western School of Law; and Robert Heverly, associate professor at Albany Law School. Elizabeth Rowe, professor of law and director of the intellectual property law program at the University of Florida Levin College of Law, assisted in the development of the program.
The Internet of Bodies is not merely a theoretical discussion of what might happen in the future. It’s happening already.
Former U.S. Vice President Dick Cheney revealed in 2013 that his physicians ordered the wireless capabilities of his heart implant disabled out of concern for potential assassin hackers, and in 2017, the U.S. Food and Drug Administration recalled almost half a million pacemakers over security issues requiring a firmware update.
It’s not just former vice presidents and heart patients becoming part of the Internet of Bodies. Northeastern’s Matwyshyn notes that so-called “smart pills” with sensors can report back health data from your stomach to smartphones, and a self-tuning brain implant is being tested to treat Alzheimer’s and Parkinson’s.
So, what’s not to like?
“We are attaching everything to the Internet whether we need to or not,” Matwyshyn said, calling it the “Better with Bacon” problem: as bacon has become a popular condiment in restaurants, chefs are putting it on everything from drinks to cupcakes.
“It’s great if you love bacon, but not if you’re a vegetarian or if you just don’t like bacon. It’s not a bonus,” Matwyshyn added.
Matwyshyn’s bacon analogy raises interesting questions: Do we really need to connect everything to the Internet? Do the data privacy and data protection risks outweigh the benefits?
The Northeastern Law professor divides these IoB devices into three generations: 1) “body external” devices, such as Fitbits and Apple watches, 2) “body internal” devices, including Internet-connected pacemakers, cochlear implants, and digital pills, and 3) “body embedded” devices, hardwired technology where the human brain and external devices meld, where a human body has a real time connection to a remote machine with live updates.
A Wisconsin company, Three Square Market, made headlines in 2017—including an appearance on The Today Show—when the company microchipped its employees, not unlike what veterinarians do with the family pet.
Not surprisingly, the company touted the benefits of implanting microchips under the skin of employees, including being able to wave one’s hand at a door instead of having to carry a badge or use a password.
CNBC reported that 50 of Three Square Market’s 80 employees volunteered to have the microchips implanted under their skin, and they even had a so-called chip party, where the radio frequency identification (RFID) microchips—about the size of a grain of rice—were injected into the employees.
However, where the employees really “volunteers”?
California Western’s Kim noted that consent is an important issue for the Internet of Bodies and that it’s an especially challenging issue when the IoB involve employees—who depend on their employers for a paycheck.
In addition, she thinks that having the chip party was a really bad idea.
“I think it impedes the consent condition of voluntariness. They should not have had a chip party on their premises. It shouldn’t be onsite where everyone knows who got chipped and who didn’t. It’s coercive in its nature even if it’s not a mandatory requirement,” Kim said.
Albany Law’s Heverly believes that—although the difference between the Internet of Things and the Internet of Bodies may be just skin deep—it’s still important.
“There’s a significant portion of the law that respects the layer of skin that we have as pretty important. In some cases, you can get a fingerprint, but you can’t get a blood test. Why? Because you have to go inside the body to get that blood test,” Heverly said.
Attorney Craig Ball, an adjunct professor at the University of Texas School of Law and a court-appointed special master on electronically stored information (ESI) matters, questions whether we’re really making a giant leap in the move from the Internet of Things to the Internet of Bodies.
Ball, who lectures frequently on legal issues related to the Internet of Things, notes that—whether it’s wearables, smart devices, our ubiquitous mobile phones—our IoT devices are tracking our every move.
“Is being tracked by the phone in your hand or the watch on your wrist really that much different than being tracked by a device right next to your watch or your phone that just happens to be under your skin?” Ball asks.
There are some compelling arguments to be made in favor of the Internet of Bodies.
For anyone who has ever forgotten to bring a badge to the office or forgotten a password, it’s probably an appealing idea to think one could merely wave one’s hand to open a secure door or operate a vending machine without cash or a credit card.
In this utopian paradise of the IoB, no one would ever have to punch a time clock because IoB devices under your skin or reads of your retina could let employers know you’re in the building.
In addition, some argue that IoB devices could save the life of a patient who is unconscious or suffering from dementia by giving medical teams vital information when the patient can’t communicate.
But, at what cost?
There’s a fairly substantial creepiness factor here—bordering on an Orwellian nightmare—as everything one does is tracked and recorded. Illinois, Texas, and Washington State have passed biometric information protection laws to address the data privacy and data protection issues.
Heverly notes that legal issues abound, including product liability, various other torts, and even bankruptcy and debtor-creditor issues. He pondered repo agents coming to repossess the embedded Internet of Bodies devices of those unable to pay their IoB bills.
Matwyshyn went a step further in calling for caution with IoT and IoB when she said, “The Internet of Things is becoming a weapon against both consumers and national security.”
But, wouldn’t it be great to live in that badgeless paradise without passwords?
David Horrigan is discovery counsel and legal education director at Relativity. A former reporter and assistant editor at The National Law Journal and analyst and counsel at 451 Research, he serves also on the Editorial Advisory Board of Legaltech News.
Uncivil Procedure Podcast Episode 4: Math & Science in the Law
Murder, Data Privacy, and the Internet of Things
IoT Data: Objective, Consistent, and Pervasive