Smart Home Technology

Legal

Overview of Smart Home Technology and the Legal Landscape

The Internet of Things (IoT) is here: Smart technologies that help make our homes' appliances and core functions like lighting more convenient and increase security and energy efficiency.

Already, smart devices are having a big effect on the way we build and renovate homes, and their impact is only going to get bigger. But with the potential for massive data collection, a gaping variance in product quality, and a dependence on software and software updates, there are some pretty important ramifications to consider.

NAHB members Stephen Embry, a partner with the law firm of Frost Brown Todd in Lexington, Ky., and Grayling Love II, product line manager at Eaton Corporation in Peachtree City, Ga., discussed these issues at a previous NAHB leadership meeting of the Construction Liability, Risk Management and Building Materials Committee:

What does the increasing use of smart technologies mean for home owners?

Two-thirds of consumers say they want a connected home. Within three years some 43 percent of home owners will likely have numerous connected devices in their homes. Soon, a home without any smart home technology will be worth less than one with smart home gadgets in it. - SE

There is a level of safety, security and convenience that consumers want, and a full smart home system is becoming a more cost effective and simpler way to provide these benefits. As more homes add some level of connected devices, home owners will need to understand emerging technologies to take advantage of the benefits of connected smart home systems and products. There is a major opportunity to provide a level of higher safety and security in a smart home system along with energy savings and automation. - GL

Why is the use of these devices exploding now?

There are two reasons: smaller devices for energy use and reduced costs. And this trend will continue. Right now, there are 6.4 to 13 billion devices in use, depending on who is guessing. If it's 13 billion, as suggested by Underwriters Laboratory (UL), that's two for every person on the planet. In 2016, these devices generated some $19 trillion in profits. By 2020, it will be an estimated $50 trillion. - SE

The major reason I see is three-fold. Consumers are more willing to adopt smart devices and smart technology to connect their homes. The second is consumers see the advantage of energy savings, security and convenience with connected devices and smart lights. The third is major companies are investing heavily in interoperability, marketing and technology that makes the connected home feel attainable. - GL

What does this all mean for builders? Why should a builder care?

Homeowners and purchasers will no doubt be asking builders more and more about smart homes and smart home devices themselves, and will expect builders to be knowledgeable. How builders answer homeowners' questions about how smart homes are is a not just an issue of customer relations, but may also carry some legal risk avoidance ramifications as well.

In fact, a builder's best protection against exposure may be what they are able tell homeowners about these devices. One challenge we have with the whole smart home technology platform, homes and IoT, however, is that there are not yet standards governing these devices. To the extent that there are some standards, they are not necessarily consistent and the law is not well developed. - SE

Homeowners are beginning to expect their homes to be smart, and they are turning to builders to add intelligence at earlier and earlier stages. To truly deliver a smart home to a customer, a builder needs to consider a number of different factors, including installing a smart home hub and devices such as a garage door, locks smart plugs, light switches, fixtures and appliances that can communicate over the the same network protocol as the smart home hub. - GL

Privacy and Security Concerns in Smart Homes

Some of these risks are presented by the hardware — the networked device itself, Embry explains. Some are presented by the software that runs them. And some are presented by the massive amounts of data generated and collected internet connected devices. So there are several concerns:

  • There are no real consensus standards governing design, manufacture or performance of these devices. UL and other bodies are just beginning to look at these things.
  • To the extent there are laws and regulations, they are being enacted by all sorts of different agencies, leaving a hodge-podge of rules with no consistent regulatory or legal direction. And there are very few cases outlining liability and how judges and juries may treat liability questions.
  • Some of these devices are poorly designed and made. Often we don't know the useful life of these devices because there is little independent product assessment of anything, including useful life. This means that there could be lots of potential failure modes that exist for a long time, with results that range from annoying to catastrophic.
  • Often there is no commitment by the developer to patch and update the software. Think about how often you must update the software of your laptops, tablets and smart phones. These updates provide security from vulnerabilities and problems that are discovered. In the case of smart devices, we often don't know how long the company plans to support a product with software security upgrades or what a consumer must do to install the upgrades.
  • Some devices are being designed and made without considering the risks of the devices being exploited or, in common parlance, hacked. This can result in devices like baby monitors or TVs being hijacked.
  • There are few installation quality controls or standards for the qualification of subcontractors installing these things. How do builders make sure they are installed correctly? How do builders satisfy their supervisory obligations? Most reported problems result from homeowners — who don't understand the security implications — trying to install devices based on limited, nonexistent or unread instructions.

What should a builder tell home owners about smart devices?

As home automation systems and smart homes increase in popularity, builders are no doubt going to get asked a lot of questions and need to be careful not to give incorrect information. Homeowners will not be very happy with a builder if they discover down the road that their security camera system has been hacked, and much to their surprise and dismay, all the recordings made by the camera are now in the public domain. And, what if a homeowner calls their builder in the middle of a cold winter night with no heat and an email demanding payment of 10 bitcoins to get it turned back on?

While there haven't been many cases about smart homes yet, the ones there are seem to turn on whether flat out incorrect information was conveyed. - SE

Builders need to make sure they are informed about emerging technologies and products in this space. Homeowners are expecting their home to have voice control and some level of intelligence. Builders should have some offering to consumers, whether it is provided directly or through a third party.

As these smart locks and devices multiply in our homes, we need to understand the cybersecurity aspects of this. Can your system be hacked? How secure is your internet connection? Are your passwords safe? Builders will need to alleviate the concerns of homeowners and offer guidance. - GL

What are potential liabilities for the builder?

The biggest concern to a builder is what happens if there is a failure, either of hardware or software, and it results in actual damage and loss. Certainly, if the product is installed incorrectly or the product itself fails, the liability for that is like that of any other product — a roof or HVAC system, for example. If a builder is in a jurisdiction where they are deemed to have implicitly warranted the product, there is no real difference. But what if the failure results from faulty or unpatched software? Is software legally like a product? Is it more like a service? There is little law yet and we don't know. - SE

What are the privacy implications associated with smart home systems and devices?

Frankly, we have more and more data being generated by these devices, and with cloud computing there is more and more opportunity to aggregate and use this data. But all this data from all these other devices, may be collected and stored somewhere else with unknown quality and security controls. At the very least, homeowners should know that data is being collected from these devices and that the homeowner doesn't own or control this data. - SE

How can builders best protect themselves from the risks associated with smart homes?

Embry has five suggestions:

Use good quality products from reputable vendors. Check their insurance, and don't assume financial capability just because they are well known.

  1. Check background sources; even now there are some good ones. For example, UL is looking at these products and their certifications — as standard 2900 focuses on potential vulnerabilities, malware issues and software weaknesses. UL is also instituting programs to evaluate risks and protections that will ultimately lead to product certification and test reports. The National Association of Realtors is looking at how and what should be disclosed about smart homes when they are sold. The Consumer Technology Association and the Institute of Electrical and Electronics Engineers, among others, are also working on standards.
  2. Check your insurance and your subcontractor's insurance. Understand that if a hardware product fails, it may be treated just like any other product failure under your CGL policy. If it's a software issue, or if the harm is a data or privacy breach, your CGL may not provide coverage. Many carriers are specifically excluding this type of loss under their CGL policies. Instead, they are offering data breach and cyber policies, which can be tricky. There are no form policies, they all have different language and coverages, and you can even negotiate terms. Hire a lawyer or insurance professional who is familiar with these cyber polices and knows your needs.
  3. Vet installers carefully. Just because he or she looks like a geek and talks like one doesn't mean he or she knows any more about installation than anyone else. Be sure to read the contract if a vendor presents one. Technology vendors are notorious for trying to flip everything back on their customers with disclaimers and indemnity language. Check the installer's insurance and financial ability carefully. And shop the market.
  4. Be knowledgeable. Have information on the risks and what the homeowner should know. This in and of itself will go a long way in protecting builders from exposure. Most builders wouldn't use a pipe without knowing something about it and how it works. They wouldn't use a type of roofing system without knowing something about it. And they wouldn't hesitate to tell homeowners about these systems and the risks, especially if they were asked. - SE