The Internet of Things (IoT) is that loose definition that describes all sort of devices that are connected to the Internet, for whatever purpose. While the topic is often the subject of derision in some technological circles (honestly, who needs an online wine bottle?), there’s no doubt that we are increasingly surrounded by smart devices, both wittingly and unwittingly. Some people have expressed concern at the potential privacy questions that arise from the data being collected by those devices, as this could be misused in ways that we have probably not even started to think about.
However, a neglected legal aspect of IoT is that it has the potential to change ownership as we know. I was made aware of this potential in a post by Cory Doctorow entitled “John Deere just told the copyright office that only corporations can own property, humans can only license it“. While I strongly disagree with the provocative headline, it is quite true that IoT in general could have much wider implications for property and our current system of ownership.
The development is not new, it actually dates back to 2015, and it deals with a a series of reports regarding a submission by truck manufacturer John Deere to the US Copyright Office, which signals a very troubling developing regarding copyright law and IoT. The US Copyright Office is constantly taking evidence form stakeholders as part of its triennial review of the DMCA provisions regarding technological protection measures. To make a long story short, US copyright law is unique in the sense that it allows for a constant revision of exceptions regarding the circumvention of technological protection measures, which would otherwise be against the law. Over the years, such practices as jailbreaking a smart phone have been allowed as a result of these exceptions.
In the aforementioned submission to the last inquiry, John Deere made claims that could have implications that go way further than a mere technicality about obscure copyright rules, and it could change ownership as we know it. The exception presented by the US Copyright Office in 2014 includes a proposed exempted class of uses, which reads:
“Proposed Class 21: This proposed class would allow circumvention of TPMs protecting computer programs that control the functioning of a motorized land vehicle, including personal automobiles, commercial motor vehicles, and agricultural machinery, for purposes of lawful diagnosis and repair, or aftermarket personalization, modification, or other improvement. Under the exemption as proposed, circumvention would be allowed when undertaken by or on behalf of the lawful owner of the vehicle.”
This is a logical proposal. As motor vehicles are increasingly operated by software, this rule would allow owners to tamper with such software for all sorts of lawful purposes, including diagnostic and improvement of the vehicle. But many car manufacturers see such modification as contrary to their business model, and claim that this tampering with the software should not be allowed. John Deere claim amongst other things that car owners are not qualified to tamper with the software, but also they categorically state that “A vehicle owner does not acquire copyrights for software in the vehicle, and cannot properly be considered an “owner” of the vehicle software”. Users are only licensing the software that operates the car. This idea may seem innocent, but its implications go way beyond mere software ownership. Modern vehicles have become so complex that they would not be able to operate properly without software as vital components are now smart, from the ignition to the operation of engine functions. If an owner owns the vehicle, but does not own the software, they really do not own a functional machine. Imagine that your car manufacturer decides to rescind the licence to the software, and if your car was online, it could send an order to stop all of its functions. We are close to this being a reality.
Several public entities and bodies have sent submissions attacking this idea. iFixit, an open source community of repair enthusiasts, reminded the US Copyright Office that what is taking place is a power grab by some manufacturers. The always astute Luis Villa writes in his submission on their behalf:
“Manufacturers are, unfortunately, taking this opportunity to prevent users from repairing or modifying the devices they have bought, from tractors5 to printers to coffee cups. They are also invoking the DMCA to justify and defend these anti-consumer behaviors.”
The Auto Care Association goes further by stating that:
“In truth, the OEM manufacturers have not deployed technological measures to protect copyrights, but to thwart competition—to prevent independent servicers and consumers from making repairs and routine maintenance. In some cases, the measures do not actually protect the software itself; in others, the measure deters replacement of the software rather than access to it.”
This is a really important discussion, particularly with the eventual rise of the self-driving car. As vehicles become smarter, the software installed in the machine is the most important part of the car, which makes the actual ownership of the physical cogs and wheels irrelevant. Vehicle ownership would then be converted into a software licence agreement between the manufacturer (or authorised distributor) and the licensee, with conditions of use set in the End User License Agreement (EULA). While it is true that for most people this would not have any real effect, imagine that manufacturers start including abusive clauses in their contracts that would allow them to simply shut down a vehicle remotely. Car owners would become car licensees with little control over their vehicles.
But what does IoT have to do with all of these? The same arguments that are being talked about here apply to all IoT devices. If you buy a smart TV, it comes with software pre-installed which makes your ownership of the set irrelevant because what matters is the EULA that you clicked when you first turned it on, as the TV will not operate without the software. All smart devices are not really truly owned, they are merely licensed because the vital part of the machine is subject to copyright protection, and as such you are not purchasing the item, you are licensing the software that makes the device operate properly.
Perhaps this is not a problem as manufacturers will behave and will not misuse the powers of shutting down devices remotely, but it does open up questions about security. If I cannot look at the software in a smart device because of copyright rules regarding technological protection measures, then it is possible that the device may be insecure. Openness in open source devices is an important element of its security, “given enough eyeballs, all bugs are shallow” as Linus’s Law says. Needless to say, I believe strongly that access to source code, the right to tinker and the right to inspect software security are more important than the ownership rights over the software, so any security and interoperability exceptions to copyright are to be welcomed.
This will probably be one of the biggest technology battlegrounds of the next few years. Stay tuned.