Some humans create art, some create problems for other humans and some humans even create other humans. All humans create data.
Work tasks become data. Messages are data. Questions turn into Google searches, begetting more data.
Listening to music, watching shows and reading articles equate to data, data and data. On occasion, people take breaks from creating data, usually to go someplace else to create more data — this, too, is now data.
Through sensors and other electronic devices detected and logged human movements use them to manipulate their surroundings. A man walks into a room and the lights flicker on, a woman approaches her car and the doors unlock, shoppers enter a mall and digital coupons appear on their iPhone screens.
This integration of digital connectivity into the physical world creates what is known as the Internet of Things, or IoT, a network through which devices communicate and share data with one another. It can be used to design intuitive homes, more efficient offices and smarter retail spaces.
At the same, IoT also creates more points of vulnerability for the systems that connect to it. As an emergent technology, this has led to some troubling growing pains.
“It’s like the wild west because there is no law yet,” Nick Melillo, a partner at the law firm Baker Hostetler, said. “We’re all trying to figure out how this Internet of Things and the protections that go along with it fit together.”
Optimizing properties through IoT is a relatively new phenomenon in the world of real estate but the risks are already evident.
In early 2017, hackers gained access to the door lock system at a four-star Austrian hotel and used it to prevent the hotel from issuing new keys, effectively holding the building ransom until the owners shelled out $1,600 worth of bitcoin. Four years earlier, an Iranian took control of the sluice gate of a river dam in Westchester County by hacking into it through a nearby cellular modem.
“Once you get in, you’re in,” Melillo said. “If you can get in through a weaker portion of the system you have access to everything. You can do things to be annoying, like make the temperature 10 degrees colder, or devious by locking people in elevators. These hackers will do whatever it takes to hold a place for ransom.”
As of 2015, there were 71.2 million IoT sensors deployed worldwide, according to a 2016 report from Deloitte. That number is expected to close in on 450 million by the end of this year before swelling to more than 1.3 billion by 2020.
Melillo said many large commercial tenants are demanding “smart-ready” spaces with fiber optics and conduits that sensors can be connected to. Most office sensors are fairly benign as they anonymously track the movement of bodies through a given space to generate data that enables companies to adjust their operations appropriately.
“You can put a sensor on anything,” he said. “You can put it on my chair, you can put it on my desk, you can put it on my mouse, you can put it in a conference room to see how many people use it in a given month.
“A lot of companies are using the internet of things and taking that data to make sure their space is being used most effectively,” he continued, “not only in existing spaces but possibly for future spaces.”
This data can also be used in real time, to trigger instant environmental changes in temperature, air circulation or lighting.
Retailers are using IoT in stores and shopping centers to monitor how consumers interact with their physical spaces and, in some instances, use their smartphones as conduits for sharing more information.
Specifically, some spaces have receivers that, when pinged by a device’s cellular signal, will direct a message to be sent to that device with an advertisement.
Brian Taff, president of the retail brokerage Streetsense, said these devices aren’t being used to identify individual shoppers so much as how that shopper interacts with their surroundings.
“It might not be that it knows who I am, it just might be it knows how long I’m here,” Taff said. “It might be that it knows when I walk into the store I have a tendency to go to the right instead of the left, there’s a lot of stuff that deals with movement through space and the connectedness with space — picking products up and putting products down — a lot of that exists.”
There is no IoT law on the books in the U.S., Melillo said, but the Federal Trade Commission is the de facto regulator of the technology through its unfair business practices jurisdiction.
The FTC has cracked down on a few companies for violations, accusing the electronics company D-Link of failing to secure consumer information shared through its networks and suing the television maker Vizio for collecting information on its customers’ viewing habits without notifying them. However, there have been no landmark cases against employers or building owners.
Still, Melillo’s firm has put together its own best-practices guidelines to help clients stay ahead of the curve. In addition to maintaining security systems with appropriate accesses, he said it’s important that employers shore up the downstream protections for information shared with third parties.
He also warned the data collection should be kept to a minimum whenever possible and encouraged the destruction of data that’s no longer needed. He also said it’s good to get the consent of the parties being monitored.
“Where practicable,” Melillo said, “inform consumers/tenant/occupants and allow them to decide if and how their data will be collected and used.”