This article is originally a publication of CLM Magazine, February 2018. Legal opinions may vary when based on subtle factual differences. All rights reserved.
When people hear the word “internet,” they usually think of search engines, funny videos, or personal interactions through social media. But the internet involves so much more. Machine-to-machine (M2M) communication represents a significant portion of all internet communications.
In the same way cellphone communication has advanced from voice-only to data-rich LTE, M2M communication has advanced to allow systems to seamlessly communicate over secure networks. This advancement in communication has allowed previously closed systems to interoperate and even share access to private and secure data.
Technology companies are constantly adapting to find new ways to leverage communication paths to sell products and services. These companies know communication goes beyond simple conversations between two people. Because of this, companies are actively pursuing ways to continuously communicate with their users while also collecting valuable data. We communicate with our web searches, Facebook posts, Tweets, internet shopping, and even with our music and movie selections. With the advancements of voice recognition technologies like Amazon’s Alexa and Apple’s Siri, we can initiate these internet communications with our voices.
Our interactions with machines, coupled with advancements in M2M communication, have given us unprecedented access to our homes, offices, and vehicles using smart devices and automation technology. Because of these advancements, there are many devices using the internet to communicate with remote machines or servers. These remote servers are often controlling your devices.
We’ve all seen commercials showing people turning on the lights via voice command or remotely through an app on their cellphones. However, most people do not realize that the lights are actually being controlled by a remote server that is translating the voice command or prompt from the app and then sending a signal to the device. In some instances, the device being controlled is the electrical outlet and not the light itself. For these outlets to be controlled remotely, they need to be connected to the internet. Therefore, these outlets are no longer simple conduits for electricity, but small electronic devices that can fail like any other device.
And internet-controlled devices are not exclusive to residences and offices. The term Industrial Internet of Things (IIoT) is used to describe the use of remotely monitored or controlled devices in industrial applications. Sensors, switches, valves, indicators, monitors, data-entry devices, and countless other devices are being connected to networks in industrial facilities. The marketing data from companies providing these services speaks of the efficiency gains associated with IIoT. An increase in spending on these services and technologies suggests rapid adoption by industrial facilities.
The impact of this automation trend creates additional considerations for subrogation professionals and the forensic experts retained to perform causation investigations. Because these systems rely on internal networks to communicate to the internet, and on the internet to communicate with remote servers and services, a number of failures could occur that cause or contribute to a loss event.
A breakdown in the internal or external networks could prevent the system from communicating. Software bugs and hardware failures are additional concerns. Downtime at the remote server can also prevent communication. Even failures from malware or unsecured networks are realities for these systems. Knowing this, the forensic expert needs to expand the investigation beyond the immediate area of the loss.
Unfortunately, exploring whether a software, hardware, or a communication issue contributed to the occurrence may create significant obstacles for the subrogation professional and the investigator. In some cases, the required tasks may be beyond their collective expertise.
Initially, an investigator must determine if the device is connected to the internet. Also, the investigator should determine how users interact with the device and if these interactions are associated with the loss. Examples of the potential types of interactions include voice, smartphone apps, a website, and Bluetooth.
Next, the investigator will need to determine to which remote service the system connects, and the company that offers the service. In some scenarios where the device remains operational, the investigator will need to isolate the device from remote networks and attempt to identify the software version at the time of the occurrence. It is important to prevent automatic software updates, which could inadvertently alter the device’s operating system, settings, software, and firmware.
In some cases, it may be necessary to collect data from the provider of the automation services, which can further complicate investigating these types of claims. The service provider will likely claim that the requested information is proprietary in nature and refuse to provide it. Even if the data is made available, it may be encrypted or in a raw format that requires interpretation prior to evaluation. Unfortunately, when dealing with service providers, the subrogation professional is at a significant disadvantage as there is currently no mechanism in place to obtain the data outside of the litigation process. Even if the subrogation professional is unable to obtain the requested data, she must advise the service provider of the investigation and then request that the data be preserved.
To further complicate these types of claims, and because the internet is global in nature, these service providers and their remote servers may be foreign entities. In addition, hardware development kits like Raspberry Pi and software interfaces provided by companies like Amazon, Google, and others are enabling individual developers to create unique internet-connected hardware. This increases the variety of devices an investigator can encounter.
Ultimately, the investigator must rely on the skills, techniques, and education that are used in traditional investigations. However, the investigator and subrogation professional must not overlook the impact of internet-connected devices to ensure that the appropriate steps are taken to fully evaluate any potential subrogation claim and to ensure that the data and evidence are properly preserved.