This article first appeared in ProSource Insider Magazine and used by permission. ProSource is the largest member-owned buying group in consumer technology.
The potential of liability was a motivating factor within the consumer technology industry in the establishment of basic standards and best practices regarding the security of residential IT networks. Implementing security standards is a way for any company to minimize liability. The largest trade organization and lobbying arm of the industry, CTA (Consumer Technology Association) was the first authoritative voice in publishing a set of standards and best practices for Integrators and Home Security installation firms. Recommended Best Practices for Securing Home Systems was originally published in 2015.
We caught up with Siddharth “Sid” Bose, who participated in our Nashville Summit’s Information Security panel moderated by Hagei Feiner, with a few follow up questions. Sid is an attorney in Ice Miller’s Intellectual Property Group. His top two areas of focus are Intellectual Property and Data Security and Privacy.
PS: What recommendations would you suggest for an integrator to adopt to minimize their liability when it comes to selling and securing residential network systems?
SB: Integrators need to be aware of warranty and liability considerations. Integrators are considered to be in the “stream of commerce,” and customers often seek out integrators as their first line of support; integrators become the face of the engagement to customers.
Integrators need to be cognizant of obligations they receive from upstream entities (i.e. manufacturers) and the obligations they offer to downstream entities (i.e. the customer). For example, an integrator installing manufacturer devices, should not offer any additional representations and/or warranties to its customers on the same devices, than offered by the manufacturer itself.
When an integrator makes additional representations and/ or warranties around manufacturer-provided devices, it may inevitably leave the integrator in the untenable position of being responsible to its customers to whom it has provided such additional warranties, but without the recourse of being able to hold the manufacturer accountable, because the manufacturer may have contractually disclaimed such warranties for the devices.
Integrators do not want to be ‘left holding the bag’ when manufacturer originating products become a point of failure.
To minimize risk in such cases, integrators should seek contractual indemnification from manufacturers if possible this can help minimize liability for integrators. Integrators should also consider a thorough vetting or evaluation of manufacturers and their devices. For example, integrators may consider requiring the manufacturer to certify in writing that devices:
(i) do not contain components with known security vulnerabilities or defects; (ii) include components that can receive properly authenticated and trusted patches from vendors; and (iii) use industry-standard technology and components for communication, encryption, and interconnection with peripherals. Integrators may also require manufacturers to timely update, replace, or remove vulnerabilities in software and firmware components in a properly authenticated and secure manner. Taking such an intentional approach and proper diligence can help spot problematic manufacturers or devices, and potentially minimize risk.
Lastly, integrators should also consider proper insurance protections especially when coverages relate to cybersecurity and even privacy. This may help offset potential risk for integrators if devices go awry.
PS: How do you see this issue evolving over the next five years?
SB: Integrators may see a lot of change in this area particularly around privacy. As many are well aware, home systems are becoming increasingly prevalent and are finding inroads into very intimate parts of homeowners’ lives. While this creates many obvious privacy concerns, integrators should see this as an opportunity to help guide this sector on diligence, best practices, and ‘privacy-first’ thought leadership.
The growth of home systems also creates the need for technology stewardship. As homes become increasingly “tech-heavy” the ancillary service to support needs to be in place as well. No different than needing a good mechanic for a car, or a good doctor for healthcare, smart homes and their homeowners need a foundation of technical support in order to fully benefit from such technology. Integrators are usually the closet to the homeowner and can have the biggest impact on the homeowner’s success.