The Internet of Things refers to consumer products that connect to the Internet to send and receive data – everything from fitness devices, wearables, and smart cars to connected smoke detectors, light bulbs, and refrigerators. These new products bring enormous benefits to consumers – including the ability to track and share their vital signs with care providers without having to go to a doctor’s office, turn off the burglar alarm and turn on the lights before they get home from work, and even notify them of dangerous road conditions while driving a smart car.
But what happens when the “things” can no longer connect to the Internet, or there are no longer updates or support for the “things”? A recent FTC investigation into one company’s decision to stop providing support for an IoT device illuminates some pitfalls IoT businesses should avoid in introducing and marketing these innovative products. In that case, a company acquired the marketer of a “Smart Home Hub” and then decided to shut down support for the device, thereby rendering it inoperable. Although we closed that investigation, it raises broader issues about what happens when an IoT product or service, or the updates and support for them, stops.
First, there are serious issues at play when consumers purchase products that unexpectedly stop functioning due to a unilateral decision by the company that sold it. Consumers generally expect that the things they buy will work and keep working, and that includes any technical or other support necessary for essential functioning.
Second, when a company stops providing technical support, including security updates, for an IoT device, consumers may be left with an out-of-date product that is vulnerable to critical security or privacy bugs. This could create vulnerabilities for other systems connected to these IoT devices, and put consumers’ sensitive data at risk. And if hackers can hack a smart car, pacemaker, or insulin pump, the risks are even more serious. We’ve previously raised these concerns in our report on the Internet of Things.
So, if you’re an IoT business, product designer, or marketer, this scenario should make a light bulb go on in your head. Ask yourself:
- Are you selling a device, a service, or both? What are you telling consumers you’re selling?
- Are consumers getting a fixed-term rental or subscription, or are they getting something they will own and can rely on for the life of the device?
- Would reasonable consumers expect to be able to keep using the device – and have it be fully functional – if the company, even many years later, rides off into the sunset? Would they expect the device to have an “expiration date”?
- Could consumers keep using your device in the ways they would reasonably expect based on their experience with similar devices?
- What did you tell consumers at the outset – or what would they otherwise expect – about the security you would provide for the life of the device?
IoT businesses who think through these issues are more likely to inspire confidence in their products – increasing the chances that consumers will take a shine to them. We think the future of the IoT is quite bright, and plan to monitor developments in this area to ensure that it remains so.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
- We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
- We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
- We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
- We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.