How the Internet of Things will affect the future of litigation | Law

How the Internet of Things will affect the future of litigation

OPINION: Associate Professor Michael Legg and Claire Goulding, Law Society Journal, November 2016.

The Internet of Things (‘IoT’) is the latest phase in the evolution of the internet, bringing unprecedented access and insights into people’s lives. The expression refers to a network of physical objects, devices, machines and buildings all embedded with electronics, software, sensors, and network connectivity that enables those objects to collect and communicate data. Essentially, the IoT attaches technology to existing everyday devices and then brings those devices online. In the process, ever increasing levels of personal data and information are now recorded and stored. This has an impact not just on our personal privacy, but on the information or evidence now potentially available to resolve disputes.

IoT applications

Examples of IoT applications include:

Wearables: devices that people wear that can continuously collect information e.g. fitness trackers or smart watches that collect data such as heart rate, distance travelled and calories burnt.

Building and home automation: heating and lighting systems, gas, smoke and heat detectors as well as security and surveillance systems. One example is the Nest thermostat, which records the presence of a person in specific rooms in a house and sets the temperature based on past preferences.

Smart manufacturing: this adapts domestic uses of IoT to commercial purposes and additional activities such as asset tracking, inventory monitoring and factory automation and control. Production line managers can receive IoT data from internet-connected machines on the factory floor and thereby have access to real-time information regarding the status of each machine.

Health care: applies smart manufacturing concepts to hospitals, such as drug tracking. It can also use a form of wearable to detect changes in the human body that might indicate a possible disease or physical problem such as a heart attack, or whether medication has been taken or needs to be taken, such as in treating diabetes. In August 2015, Google and Dexcom (a company that produces continuous glucose monitoring systems) announced plans to produce a dimesized, cloud-based disposable monitor that communicates the glucose values of diabetes patients in real-time, directly to parents and medical providers. Another example is the GlowCap, a ‘smart pill-bottle cap’ that contains a wireless chip which sends a patient a reminder if they have forgotten to take their medication and can send a refill request to a person’s local pharmacy.

Smart cities: utilise lighting, security and surveillance systems as well as traffic control.

Automotive: monitoring of the operation of the vehicle’s components (such as engine and tyre pressure), as well as interacting with the external environment to determine the quickest or most economical route, availability of parking, or sensors which allow for a self-driving car.

Central to the IoT is that these devices not only sense and record data, they communicate it to people or other devices so action may be taken: increasing or decreasing temperature or medication remotely, ordering preventative maintenance or communicating with emergency services. IoT takes current technology, which employs the internet further through monitoring and recording data from the natural environment, which is then communicated without a person needing to input the data. Indeed, in many situations a person may not know what data is being recorded or communicated.

IoT and discovery

IoT can create new forms of data that did not previously exist, or it can provide for the collection of existing data but more frequently or of a finer grain. The former may be illustrated by the ‘smart pill-bottle cap’ that texts or phones a patient if they forget to take the medication in the bottle. An example of the latter is a wearable device that continuously records the wearer’s heart rate. In the past, heart rate and other measures of wellbeing may only have been recorded upon a doctor’s visit. Either way, more and more data will be generated to the point that, by 2020, it has been predicted that the IoT will account for about 10 per cent of the data on earth. A host of data that could be relevant to disputes will exist, which in turn makes the data potentially discoverable.

How might IoT data be used in litigation so that it might be subject to discovery or a subpoena?

Data from cars and homes could be used to determine the location of a person. Most modern cars are equipped with GPS and, as mentioned above, there are devices that record the presence of a person in specific rooms in their home; thus a record of occupancy is created. Vehicle data could also be used to determine if an accident was due to a mechanical fault, driver error or fatigue. Data from residential and commercial buildings may be used to detect whether windows and doors were locked or opened at a particular time so as to assist in insurance claims.

More specifically, IoT could allow for a home monitoring system for elderly care which combines monitoring of medication and the patients’ vital signs with an ability to communicate so medication can be ordered when needed, and doctors or family members alerted to a health problem. If that medication is subsequently found to have side-effects, depending on dosage, the IoT data could provide proof of not only consumption of the medication but also the dose. While old prescriptions or over-the-counter purchase receipts are discarded, the data proving consumption would still exist.

IoT can also be used by utilities. The ‘smart grid’ for electricity involves each device on the network being given sensors to gather data (power meters, voltage sensors, fault detectors etc) and being equipped with two-way digital communication between the device in the field and the utility’s network operations centre. In the Kilmore East Bushfire class action in the Supreme Court of Victoria, one of the main allegations surrounded the cause of a powerline failing (Matthews v AusNet Electricity Services Pty Ltd [2014] VSC 663 at [75]). IoT data may record events causing fatigue and the actions taken by the utility, which could assist in determining causation or help avoid the failure in the first place.

Similarly, a water network can use devices to ensure the quality of the drinking water. Between 1 July and 30 September 1998, increased levels of Cryptosporidium and Giardia were detected in Sydney’s water supply. As a result, Sydney Water Corporation issued a series of ‘boil water alerts’. The so-called Sydney Water Crisis of 1998 led to a government inquiry and two class actions. IoT data, in addition to generating real-time measures of water quality to allow for corrective action, would be available to prove the existence of contaminants.

Lastly, the data from wearables such as Fitbit could provide important information about a person’s wellbeing or movement or a personal injury or assault. In a criminal context, Fitbit data has been used against a person as a basis for establishing perjury. The person claimed that they had been sleeping when they were sexually assaulted. However, the Fitbit data showed that the person ‘had been awake and walking around the entire night, not sleeping as she had claimed’ (Commonwealth v Risley, Criminal Docket: CP-36-CR-0002937-2015 (Lancaster Cty., Pa., printed Nov. 16, 2015). However the availability of new data is only useful if it is accurate. A case in point is the 2016 US class action against Fitbit, Inc. over complaints that heart rate monitors sold by the company were inaccurate.

Accessing IoT data

Obtaining IoT data for litigation raises a threshold issue: who is the appropriate person or entity to request the data generated by a device; indeed who owns the data and who can access the data?

In the United States, the question has been posed in terms of who has possession, custody, or control of data in the IoT age.

In Australia a similar question would arise. The obligation to provide discovery in NSW applies to documents in the ‘possession’ of a party, but this is defined to include custody or power. Is the appropriate person/entity the user, manufacturer or retailer/provider of the device, the entity that operates the network, the entity that collects and manages the data produced by the device, or some combination of these? The entities that hold the data, if they become parties to litigation, may be required to provide discovery. Even if not a party, they may be amenable to a subpoena.

For discovery or a subpoena to be effective however, the data must be maintained and accessible. As a result, a number of further crucial questions arise: what IoT data is tracked or stored? For how long is the data retained? In what format is the data maintained and can it be extracted and exported? Answers to these questions are needed to ensure that data is not lost once obligations to provide the data arise. In some cases, due to the volume of data generated, much of it may not be stored for very long. In others, the data may exist but its identification and extraction may be complicated by issues of cost, burden and contractual issues.

Privacy and discovery

Many users of social media who found themselves in litigation were surprised to find that their social media posts or tweets that were relevant to the litigation had to be disclosed and were not able to remain private. Similarly, IoT data can be required to be disclosed regardless of privacy. Access to private records for litigation recognises the particular position of courts as an arm of the state charged with resolving disputes by reference to evidence to arrive at correct results. For example in Lowery v Insurance Australia Ltd [2015] NSWCA 303, Basten JA stated that ‘the ultimate justification for compulsory production and disclosure of information which might otherwise remain confidential, is the legitimate furtherance of judicial proceedings’.

However, the courts do have powers and procedures for limiting the disclosure of private information. Where documents or information are required to be disclosed as part of court proceedings, the party obtaining the material cannot, without leave of the court, use it for any purpose other than the litigation, at least until the material is admitted into evidence (Hearne v Street (2008) 235 CLR 125 at 154-162; [2008] HCA 36). Courts are also able to assess the need for privacy or confidentiality by weighing it against open justice, and if the former prevails, making orders to prevent the publication or disclosure of information (see, for example, Court Suppression and Non-publication Orders Act 2010 (NSW)).

Conclusion

The IoT presents myriad opportunities for new applications, products and even businesses. The court system and the resolution of disputes will be impacted as it was by email and social media. Greater amounts of potentially dispute-relevant data will exist. This may have the benefit of allowing for the determination of disputes based on objectively recorded data, rather than recollections or expert opinions. It could, however, create another round of costly and time-consuming discovery; it may also expose the private affairs of individuals, such as their whereabouts, habits and medical conditions like never before.

Article from LSJ, November 2016, Issue 28, pp.88-89.