New Zealand Law Society · Cyber Law Conference – April 2016 – Clive Elliott QC

The “Internet of Things” represents a real paradigm shift:

The internet of things is here. Few revolutionary technologies have created new value pools, displaced incumbents, changed lives, liquefied industries, andmade a trillion dollar economic impact. That is, until the internet of things (IoT) sprang to life.1

Technology research company Gartner predicts, that by 2020 there will be 26 billion smart interconnected devices in the world. Each object and individual will have a unique identifier. This enables data to be transmitted automatically over a network but without necessarily requiring any human to human or human to computer involvement.

The World Intellectual Property Organisation (WIPO) points out2 that the area of wearable technology includes new innovative areas such as wearable computers or devices; augmented reality (AR); and virtual reality (VR), all of which is manifested in a new trend known as the ‘quantified self’; described by Deloitte as a ‘mass niche’ sector that generated approximately $3 billion in 2014 alone. Accordingly, it is no longer a technical curiosity, but big business.

In its draft Data Protection Regulation, the EU commission has proposed a number of measures to address this phenomenon including a much greater emphasis on privacy, ensuring that privacy by default exists by providing for minimal accessibility of personal data; stressing the need for consent when personal information is involved, providing more comprehensive guidelines on data collection for profiling purposes; ensuring tighter enforcement and providing significant monetary sanctions for breach. All of these are important topics in their own right.

Significant issues remain to be resolved. These include multijurisdictional issues and conflicts between public and private interests. The US Internet Society has produced a discussion document to facilitate informed debate amongst stakeholders. The paper describes the principle issue as follows:

One set of issues surrounds crossborder data flows, which occur when IoT devices collect data about people in one jurisdiction and transmit it to another jurisdiction with different data protection laws for processing. Further, data collected by IoT devices is sometimes susceptible to misuse, potentially causing discriminatory outcomes for some users. Other legal issues with IoT devices include the conflict between law enforcement surveillance and civil rights; data retention and destruction policies; and legal liability for unintended uses, security breaches or privacy lapses.3

Importantly, regardless of the purpose or source of the particular device, one thing in common is that most include some form of cloud service and all have some form of mobile application to access or control the device remotely.

Hewlett-Packard has commented on the rather troubling statistic that 70% of relevant devices contain vulnerabilities involving password security, permissions and encryption. To date, a number of situations have arisen where Internet connected devices have been used for improper purposes; whether in cars, medical devices or children’s toys or TVs.

In February 2015 the U.S.-based privacy group, the Electronic Privacy Information Center (EPIC), asked the Federal Trade Commission to investigate Samsung’s practice of collecting and using customers’ private communications.4 This occurred when interactive voice commands using voice to text recognition software were retained and transmitted by Samsung. EPIC contended that the practice breached the US Electronic Communications Privacy Act, which prohibits the “interception and disclosure of wire, oral, or electronic communications.”

This complaint illustrates the rather graphic disconnect between increasingly smart devices and consumers who are not aware of the capabilities of the technology and are not sufficiently tech savvy to adequately protect their own interests.

Those who are more technically minded will know that one way to defend against IoT attacks is to adequately segment networks. However, this requires the creation of a number of different networks; in other words, having separate networks for IoT devices, personal computers and mobile devices and work-related workstations and servers. Other relatively straightforward precautions include changing the connected device password immediately upon purchase and then regularly changing the password. However, while most users know that it makes sense to change passwords regularly not everyone is fastidious in doing so.

This is just a quick snapshot of some of the issues that we are going to have to grapple with in our session today. We propose to investigate what the IoT means, how it works in day-to-day life (both today and in the foreseeable future) and how in the future it is likely to impact on society and our wider social and legal norms.


1       Sri Solur GM Wearables and IoT HPE. The internet of things and wearables: Driving the next phase of personal computing: 487618cdd630. Referred to in the 2015 Hewlett-Packard Enterprise study “Internet of Things Research Study”

2       The Brave New World of Wearable Technology: What Implications for IP? Emma Poole, Executive Research Officer, WIPO, June 2014.

3       The Internet of Things (IoT): An Overview – Understanding the Issues and Challenges of a More Connected World, 15 October 2015












Instant Apps

Google plans to merge webpages and apps

With Instant Apps, Google Aims to Make the Web and Apps One

Patent Infringement

Just finished a three-week trial before Whata J in the High Court in Auckland – representing the patentee Assa Abloy which alleged that the defendant, Allegion, had infringed certain claims of its patent; relating to a latch and more specifically a latching mechanism for sliding door locks. Allegion responded by saying that the relevant claims of the patent were invalid. The Judge reserved his decision.

Cancer Cure Soon?

I never thought I would say this but the truly awful image below, of a cancer cell, may in our life times be a thing of the past as cancer treatments continue to become more effective. Targeted therapies such as immunotherapies, which use the body’s immune system to target and destroy tumour cells, are at the forefront of this exciting development.


First prosecution under the the Harmful Digital Communications Act for threatening to post nude images. 

Copyright Commissioning Rule

The Commissioning Rule is an important part of the New Zealand Copyright Act when it comes to those involved in the creative arts and industries. The rule governs who, in the absence of an agreement to the contrary, owns the relevant copyright. Regrettably it is a rule which is unknown to many and misunderstood by many others.

James Carnie of Clendons has just written a very helpful article which explains, in readily digestible form, the dos and don’ts:

Copyright; Commissioning, Ownership of Copyright; Intellectual Property


Internet of Things – Wear to Now?

Looking forward to delving into recent developments in the “Internet of Things” with my co-panellists Judge David Harvey, Lloyd Gallagher, Arran Hunt, Wayne Rumbles and Nik Turner. NZLS Cyber Law Conference in May 2016 in Auckland and Wellington. For more details:

16CLC Brochure