Document Type



Texas Law Review




The consumer "Internet of Things" is suddenly reality, not science fiction. Electronic sensors are now ubiquitous in our smartphones, cars, homes, electric systems, health-care devices, fitness monitors, and workplaces. These connected, sensor-based devices create new types and unprecedented quantities of detailed, high-quality information about our everyday actions, habits, personalities, and preferences. Much of this undoubtedly increases social welfare. For example, insurers can price automobile coverage more accurately by using sensors to measure exactly how you drive (e.g., Progressive 's Snapshot system), which should theoretically lower the overall cost of insurance. But the Internet of Things raises new and difficult questions as well. This Article shows that four inherent aspects of sensor-based technologies-the compounding effects of what computer scientists call "sensor fusion, " the near impossibility of truly de-identifying sensor data, the likelihood that Internet of Things devices will be inherently prone to security flaws, and the difficulty of meaningful consumer consent in this context-create very real discrimination, privacy, security, and consent problems. As connected, sensor-based devices tell us more and more about ourselves and each other, what discrimination-racial, economic, or otherwise-will that permit, and how should we constrain socially obnoxious manifestations? As the Internet of Things generates ever more massive and nuanced datasets about consumer behavior, how to protect privacy ? How to deal with the reality that sensors are particularly vulnerable to security risks? How should the law treat-and how much should policy depend upon consumer consent in a context in which true informed choice may be impossible? This Article is the first legal work to describe the new connected world we are creating, address these four interrelated problems, and propose concrete first steps for a regulatory approach to the Internet of Things.