Skip to main content

Download This Paper

Open PDF in Browser

Add Paper to My Library

Share:

Permalink

Using these links will ensure access to this page indefinitely

Copy URL

Legacy Switches: A Proposal to Protect Privacy, Security, Competition, and the Environment from the Internet of Things

Ohio State Law Journal, Forthcoming

59 Pages Posted: 22 Jul 2022

See all articles by Paul OhmPaul Ohm

Georgetown University Law Center

Nathaniel KimGeorgetown University, Law Center, Students

Date Written: January 1, 2022

Abstract

The Internet of Things (IoT) promises us a life of automated convenience. Bright and shiny—if cheaply made and plasticky—“smart” thermostats, doorbells, cameras, and fridges carry out the functions once performed by “dumb” equivalents but in an automated, connected, and generally “better” way. This convenience comes at a significant cost. IoT devices listen to, record, and share our behavior, habits, speech, social interactions, and location minute-by-minute, 24/7. All of this information feeds a growing surveillance economy, as this data is bought, sold, and analyzed to predict our behavior, subject us to targeted advertising, and manipulate our actions. Many cheap IoT gadgets are developed on a shoestring budget, leaving them unsecure and vulnerable to attack. Malicious actors (and their automated computer programs) target IoT devices, breaking into them to spy on their owners or enlisting them into massive botnets used to cripple websites or critical infrastructure. These problems magnify over time, as IoT vendors focus on selling the next version of the device rather than on securing the preexisting installed base.

Consumers interested in protecting themselves from these harms may decide to replace outdated devices with newer, not-quite-yet-obsolete versions. Doing this does nothing to slow the growth of the surveillance economy and may even exacerbate it, as new devices tend to listen and record more than the models they replace. And even though replacing IoT devices can temporarily forestall security harms, asking consumers to replace all of their smart devices every few years introduces different harms. It harms the environment, filling our landfills with nonbiodegradable plastic housings and circuit parts which leach toxic materials into our air, soil, and water. It forces consumers to waste time, attention, and money tending to hard-wired, infrastructural devices that in the past would have lasted for decades. It compounds the harms of inequality, as those with more disposable income and connections to electricians and contractors have access to better security and privacy than those with less.

We propose a novel, simple, and concrete solution to address all of these problems. Every IoT device manufacturer should build a switch into their device called a “legacy switch.” When the consumer flips this switch, it should disable any smart feature that contributes to security or privacy risks. A legacy switch will render a smart thermostat just a thermostat and a smart doorbell just a doorbell. The switch will disable microphones, sensors, and wireless connectivity. Any user should find it easy to use and easy to verify whether the switch has been toggled.

This Article proposes legacy switches, elaborates key implementation details for any law requiring them, and connects them to the ongoing conversation about power, privacy, and platforms. The proposal to require legacy switches should be seen as a small but meaningful step toward taming the unchecked and destructive tendencies of the new networked economy.

Keywords: Internet of Things, IoT, Smart device, Consumer, Privacy, Surveillance, Surveillance Capitalism, Informational Capitalism, Security, Information Security, Cybersecurity, Competition, Platform power, Antitrust, Environment, Design, Modularity, Friction, Desirable Inefficiency

JEL Classification: K2, K3

Suggested Citation: Suggested Citation

Ohm, Paul and Kim, Nathaniel, Legacy Switches: A Proposal to Protect Privacy, Security, Competition, and the Environment from the Internet of Things (January 1, 2022). Ohio State Law Journal, Forthcoming, Available at SSRN: https://ssrn.com/abstract=4149789

Paul Ohm (Contact Author)

Georgetown University Law Center ( email )

600 New Jersey Avenue, NW
Washington, DC 20001
United States
202-662-9685 (Phone)

Nathaniel Kim

Georgetown University, Law Center, Students ( email )

Washington, DC
United States

Download This Paper

Open PDF in Browser

Do you have a job opening that you would like to promote on SSRN?

Place Job Opening

Paper statistics

Downloads

61

Abstract Views

423

rank

485,499

PlumX Metrics

Related eJournals

• Cyberspace Law eJournal
  Follow

Cyberspace Law eJournal

Subscribe to this fee journal for more curated articles on this topic
FOLLOWERS
2,072
PAPERS
11,631
This Journal is curated by:
Peter Swire at Georgia Institute of Technology - Scheller College of Business, Jonathan L. Zittrain at Harvard Law School and Harvard Kennedy School of Government, Kalie Wertz at Harvard University - Harvard Law School

• Antitrust: Antitrust Law & Policy eJournal
  Follow

Antitrust: Antitrust Law & Policy eJournal

Subscribe to this fee journal for more curated articles on this topic
FOLLOWERS
878
PAPERS
10,329
This Journal is curated by:
John Shepard Wiley Jr. at Independent

• Information Privacy Law eJournal
  Follow

Information Privacy Law eJournal

Subscribe to this fee journal for more curated articles on this topic
FOLLOWERS
463
PAPERS
7,467
This Journal is curated by:
Daniel J. Solove at George Washington University Law School, Chris Jay Hoofnagle at University of California, Berkeley - School of Law

• Consumer Law eJournal
  Follow

Consumer Law eJournal

Subscribe to this fee journal for more curated articles on this topic
FOLLOWERS
396
PAPERS
8,695
This Journal is curated by:
Jeff Sovern at St. John's University - School of Law

• Cybersecurity, Privacy, & Networks eJournal
  Follow

Cybersecurity, Privacy, & Networks eJournal

Subscribe to this fee journal for more curated articles on this topic
FOLLOWERS
270
PAPERS
2,964

• Cybersecurity, Data Privacy & eDiscovery Law & Policy eJournal
  Follow

Cybersecurity, Data Privacy & eDiscovery Law & Policy eJournal

Subscribe to this fee journal for more curated articles on this topic
FOLLOWERS
203
PAPERS
6,001
This Journal is curated by:
Candice Hoke at Cleveland State University, Cleveland-Marshall College of Law, Brian Ray at Cleveland-Marshall College of Law, Cleveland State University

Feedback

Feedback to SSRN

Feedback (required)

Email (required)

Submit

If you need immediate assistance, call 877-SSRNHelp (877 777 6435) in the United States, or +1 212 448 2500 outside of the United States, 8:30AM to 6:00PM U.S. Eastern, Monday - Friday.

Submit a Paper

Section 508 Text Only Pages

SSRN Quick Links

• SSRN Solutions
• Research Paper Series
• Conference Papers
• Partners in Publishing
• Jobs & Announcements
• Newsletter Sign Up

SSRN Rankings

• Top Papers
• Top Authors
• Top Organizations

About SSRN

• SSRN Objectives
• Network Directors
• Presidential Letter
• Announcements
• Contact us
• FAQs

Copyright Terms and Conditions Privacy Policy

We use cookies to help provide and enhance our service and tailor content.
To learn more, visitCookie Settings. This page was processed by aws-apollo-4dc in 0.173 seconds