What happens when the sun sets on a smart product?

Share This Page

The Internet of Things refers to consumer products that connect to the Internet to send and receive data – everything from fitness devices, wearables, and smart cars to connected smoke detectors, light bulbs, and refrigerators. These new products bring enormous benefits to consumers – including the ability to track and share their vital signs with care providers without having to go to a doctor’s office, turn off the burglar alarm and turn on the lights before they get home from work, and even notify them of dangerous road conditions while driving a smart car.

But what happens when the “things” can no longer connect to the Internet, or there are no longer updates or support for the “things”? A recent FTC investigation into one company’s decision to stop providing support for an IoT device illuminates some pitfalls IoT businesses should avoid in introducing and marketing these innovative products. In that case, a company acquired the marketer of a “Smart Home Hub” and then decided to shut down support for the device, thereby rendering it inoperable. Although we closed that investigation, it raises broader issues about what happens when an IoT product or service, or the updates and support for them, stops. 

First, there are serious issues at play when consumers purchase products that unexpectedly stop functioning due to a unilateral decision by the company that sold it. Consumers generally expect that the things they buy will work and keep working, and that includes any technical or other support necessary for essential functioning.   

Second, when a company stops providing technical support, including security updates, for an IoT device, consumers may be left with an out-of-date product that is vulnerable to critical security or privacy bugs. This could create vulnerabilities for other systems connected to these IoT devices, and put consumers’ sensitive data at risk. And if hackers can hack a smart car, pacemaker, or insulin pump, the risks are even more serious. We’ve previously raised these concerns in our report on the Internet of Things.

So, if you’re an IoT business, product designer, or marketer, this scenario should make a light bulb go on in your head. Ask yourself:

  • Are you selling a device, a service, or both? What are you telling consumers you’re selling?
  • Are consumers getting a fixed-term rental or subscription, or are they getting something they will own and can rely on for the life of the device?
  • Would reasonable consumers expect to be able to keep using the device – and have it be fully functional – if the company, even many years later, rides off into the sunset? Would they expect the device to have an “expiration date”?
  • Could consumers keep using your device in the ways they would reasonably expect based on their experience with similar devices?
  • What did you tell consumers at the outset – or what would they otherwise expect – about the security you would provide for the life of the device?      

IoT businesses who think through these issues are more likely to inspire confidence in their products – increasing the chances that consumers will take a shine to them. We think the future of the IoT is quite bright, and plan to monitor developments in this area to ensure that it remains so.



Yes, they can hack anything as in your car and you get eloctrucuted and paralyzed in your vehicle as the brakes are put to test when I am not on them or hit from behind and nobody in the back of us in the vehicle as two different make and models do the exact same thing as I told the place where I bought it as it scared my children and myself for years and nobody can fund anything wrong ...yes anything is possible as it has not happened in a while as other things occur since I take MY HOLY BIBLE WITH ME <3

Thanks for calling this out. Last winter the Online Trust Alliance released the IoT Framework outlining key sustainability issues including functionality, support (patching), data ownership and other key issues. More at https://otalliance.org/IoT.

I'm not sure what you mean by, "... make a light bulb go on in your head". I'm a liberal but this entire statement strikes me as excessive Federal government over reach. If a consumer buys a device and it fails during warranty then the relevant law applies. If the devices fails after the warranty then the consumer can make a decision to have it repaired or replaced. Full stop, no need for Federal oversight. I struggle to understand why the Federal government would have an opinion on this matter. Heck, you want to "protect" (and that strikes me as a very poorly defined concept) consumers then maybe you should investigate the endless stream of vulnerabilities in software produced by Microsoft which are used as attack vectors by 1,000s hackers around the world. Focus on the big problems. Yes, IoT will be huge but both products and companies come and go and the consumer should make the decisions not the Federal government.

I like the idea of F.T.C. overseeing a lot of issues like this & shed light on the companys sincerety! Not just about making fast money & leaving the consumer in the dark!! Be HONEST & FAIR to the consumers! I have found the idea of CUSTOMER SERVICE has really taken a back seat! I dont want to even say here what i've had to put up with!! Thank God for F.T C. who looks out for the consumer! I have learned a lot from them, ex. I told somebody what i thought was happening on internet & such, he thought I needed rest! LOL! When the next day i found myself here, & exactly what I thought{knowing very little about net etc.} I pushed a button & up popped the very long large lawsuit for what i really felt!! Save to homepage for friend, yes!! He was Very Suprised!! Thanks F.T.C. for keeping companys accountable!! Peace to All! ✌✌

In this venue, FCC should take a look at companies that REQUIRE online access to fulfull their warranty. Your device/pc or net access fails, your flat screwed. AND BESIDES THAT, still large portions of the COUNTRY that don't have net access or broadband, for handling the large/slow companies websites and their upload demands.

I feel like it would be reasonable to require all cloud-based services to hold the necessary source code and any requires certificates and keys necessary to operate a "home base" server (whether or not they sell a device that ties into the service).
It should also be required that users can download any data stored by or about them in any cloud provider's service (or from a neutral 3rd party escrow).

This would prevent both orphaned IoT devices as well as customers having their data or IoT device functionality held hostage by sudden price hikes or in retaliation for a negative product review.

It might not hurt for there to be a provision for users to inspect (and potentially filter) the data collected and sent to outside servers by IoT devices they're using.

Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.