By: Francis Yoon

The “smart home” revolution promised a seamless life: a programmable coffee maker, lights that dim automatically, and a thermostat that learns your comfort level. These items that connect and exchange data with other devices and the cloud are collectively known as the Internet of Things (IoT). That was the old “smart.” The Modern AI-powered smart home is now an AI-enabled data-centric habitat; a pervasive ecosystem of sensors, microphones, and cameras whose primary function is not just automation, but data extraction.

Consider this: A voice assistant records you ordering medication late at night; a smart thermostat notes a sudden, prolonged drop in energy use; a smart watch tracks erratic sleep patterns. Separately, these are minor details, but when AI algorithms combine them, they can infer sensitive data (a new chronic illness, a major life event, or a precise work schedule). The potential for this detailed inference is highlighted by privacy advocates who note that even smart meter energy data reveals intimate details about home habits, like showering and sleeping.

This inferred data is the real trap. It is highly personal and potentially discriminatory if used by insurers or targeted advertisers, all while being entirely invisible to the homeowner.

The core danger of modern smart homes is not the collection of a voice command, but the AI-powered inference that follows.

The Danger of Data Inference and the Black Box

This process of data collection is housed within a legal “Black Box”: AI systems that make highly sensitive decisions about individuals without revealing the underlying logic.

Manufacturers claim the AI models and algorithms that create these inferences are protected as proprietary trade secrets. This directly conflicts with a user’s right to access information about the logic, a core tenet of modern data protection law regarding how and why the AI made a certain decision or inference about them. This legal conflict between transparency and corporate intellectual property is the subject of intense debate.

Furthermore, your home data is shared across a fragmented ecosystem that includes: the device maker, the voice assistant platform (e.g., Amazon, Google), and third-party app developers. When a data breach occurs, or a harmful inference is made, the liability for any resulting damage is so fractured that no single entity takes responsibility, leaving the consumer without recourse. This lack of clear accountability is a major flaw in current AI and IoT legal frameworks.

The stakes are real. The Federal Trade Commission (FTC) took action against Amazon for violating the Children’s Online Privacy Protection Act (COPPA) by illegally retaining children’s voice recordings to train its AI algorithm, even after parents requested deletion. This resulted in a $25 million settlement and a prohibition on using the unlawfully retained data to train its algorithms, further showing how data maximalism (collecting and keeping everything) can be prioritized over legal and ethical privacy obligations.

Privacy-by-Design: Aligning Ethics with IP Strategy

The legal landscape is struggling to keep pace, relying on outdated concepts like “Consent,” which is meaningless when buried in a 5,000-word Terms of Service for a $50 smart plug. Consumer reports confirm that pervasive data collection is a widespread concern that requires proactive consumer steps.

The solution should be to shift the burden from the consumer to the manufacturer by mandating Privacy-by-Design (PbD). This concept, already explicitly required by the EU’s General Data Protection Regulation (GDPR) in Article 25, demands that privacy be the default setting, built into the technology, ensuring “by default, only personal data which are necessary for each specific purpose… are processed,” in regards to the amount of data collected and the extent of their processing.

To make this framework actionable and commercially viable, it should be interwoven with Intellectual Property (IP) strategy.

The technical mandate for data minimization is to use Edge AI/Local Processing––meaning raw, sensitive data must be processed on the device itself, not in the cloud. Only necessary, protected data should be transmitted. This technical shift should be incentivized by an IP Strategy that rewards patents protecting Privacy-Enhancing Technologies (PETs), such as techniques that allow AI models to be trained across many devices without ever moving the user’s raw data (federated learning), or methods that obscure individual data points with statistical noise (differential privacy).

For transparency and auditability, manufacturers should be required to provide Granular Control & Logs (simple, mandatory interfaces showing what data is being collected and why, with logs that can be easily audited by regulators). The corresponding IP Strategy should require mandatory disclosure by conditioning the granting of IP protection for AI models on a partial, audited disclosure of their function, thereby eliminating the “Black Box” defense against regulatory inquiry. New laws are making these transparency measures, including machine-readable labeling and comprehensive logging, mandatory for certain high-risk AI systems.

Furthermore, the security mandate should require End-to-End Encryption (E2EE)––a security method that ensures only the communicating parties can read a message––for all data, along with a guaranteed lifecycle for security updates and patches for every device sold. This should be backed by a product liability shift in law that treats a product that failed to provide security updates as a “defective product,” creating a powerful legal incentive for manufacturers to maintain their devices. The need for this is supported by official guidance encouraging manufacturers to adopt a security by design and default mindset.

A Call for Fiduciary Duty and Mandatory Standards

For AI-powered smart homes to be a benefit, not a threat, the law should evolve beyond the current model of consumer consent, which has proven meaningless when privacy obligations are buried in massive Terms of Service agreements. The EU AI Act, for instance, is already moving toward a risk-based legal framework by listing prohibited practices like cognitive behavioral manipulation and social scoring, which are highly relevant to pervasive smart home AI. To this same end, we should implement two major safeguards.

Legislation should introduce minimum technical security and privacy standards for all smart devices before they can be sold (a digital equivalent of safety standards for electrical wiring). The default setting on a new smart device should be the most private one, not the one that maximizes data collection.

Additionally, smart home companies should be held to a fiduciary duty of care toward the users of their products. This legal concept, typically applied to doctors or financial advisors, would require them to place the user’s interests and loyalty above the company’s financial interests in matters concerning data and security. This would force companies to legally act in the best interest of the user, regardless of what a user “consents” to in a convoluted contract. This single shift, supported by seminal legal scholarship, would fundamentally alter the incentives, forcing companies to design for privacy, as their primary legal duty would be to protect the user’s data, not to maximize its commercial value.

Overall, the battle for privacy is increasingly fought on the digital ground of our own homes. The AI-powered smart home doesn’t just automate our lives; it digitizes our intimacy. It is time to enforce a technical and legal framework that ensures innovation serves our well-being, not just corporate profit. The architecture of a truly smart home must start with privacy at its foundation.

#smart-home #privacy-trap #AI-governance

By: Nicholas Skubisz-Gonzalez

From air transport to nuclear energy, military contractors in the United States have famously benefitted from the expansive government funding necessary to develop new technology and implement it at scale. However, when issues come up with these projects, who pays the human costs associated with failure by contractors?

The answer, since 1988, has largely been that liability should never rest with the contractors that created the equipment at issue, so long as they satisfy all three elements of the Government Contractor Defense set out in Boyle v. United Technologies Corp. This case involved the death of a Marine Corps pilot due to an escape hatch defect, which resulted in a products liability case brought by his family against the company that created said escape hatch. The District Court initially ruled in favor of Boyle under state tort law, which was reversed on appeal to the Fourth Circuit, leading to the Supreme Court ruling that the manufacturer was immune from liability for this incident since it had simply built the helicopter (including the escape hatch) according to government specifications. The test created in Boyle requires that a contractor need only show that (1) the United States agreed to reasonably precise specifications, (2) the equipment satisfied those specifications, and (3) the supplier warned the United States about any dangers in using the equipment that they knew of and which the United States did not. This defense gives manufacturers the benefit of resolving cases before they are forced to go through costly litigation or risk discovery.

Under the defense set out in Boyle, which has largely been expanded in its applicability in the decades since, and only rarely limited, an increasingly large portion of government contractors have gained immunity from products liability claims by third parties. This most importantly includes blocking suits by the military servicemembers they are meant to benefit.

How does the Government Contractor Defense apply in modern defense contracts?

One of the major military contracts that poses a risk of possibly requiring this defense is the Army’s Integrated Visual Augmentation System (IVAS), a helmet incorporating various elements of virtual and mixed reality to enhance soldier perception on the battlefield. This project was initially awarded to Microsoft in 2018 with the intent of creating prototypes for testing before full production began. That said, issues have arisen over the years due to a failure to ensure user acceptance among military personnel, i.e. how many soldiers actually approve of their future equipment. This issue puts the $21.88 billion contract at risk, according to a 2022 Department of Defense audit by the Inspector General. The report states that the product description lacks any measurement for user acceptance, despite the fact that the Army’s sole measurement for system acceptability is user acceptance.

If relying on the elements in Boyle, this project could pose a significant risk to manufacturers. With this technology, the manufacturer has been provided with limited specifications and an inability to satisfy them due to a lack of adequate user satisfaction metrics. User satisfaction metrics are testing requirements for system effectiveness when used by the intended users, in this case soldier satisfaction with IVAS systems. Barring portions of the contract which may not be publicly available, the defense might not be applicable here, which could explain the recent history of the contract. Despite its value, the Army handed over control of the IVAS contract to Anduril Industries via a contract novation signed off on April 10, 2025. A contract novation is the legal process of replacing one party in a contract with another, shifting both the rights and responsibilities specified in the contract onto the new party with the consent of all involved.

A unique point to make on this contract changeover is how the scope of responsibilities have changed for each contractor given the modern landscape. The US military has in recent years reported a troublesome “substantial consolidation” of military contractors, resulting in their goal of diversifying reliable sources of supply to involve more businesses. When this contract was initially awarded to Microsoft, the goal was to create effective helmets with Mixed Reality capabilities that expanded the soldier’s awareness on the battlefield. While the hardware hasn’t resulted in any serious public concerns for the Army, this initial project did result in several software problems that warranted recompeting the contract, which Microsoft ultimately lost to Anduril. This has changed since the contract novation, since Microsoft now only provides the hardware they already developed, and Anduril is only responsible for working on the software and integration component of the contract, getting their EagleEye software to operate on the Microsoft hardware. Anduril has conducted several tests to ensure compatibility with the existing Microsoft created IVAS 1.2 design, but if this software-hardware connection should fail in any way in the field, a valid question remains on who would be responsible.

Who’s holding the liability hot potato?

Microsoft created the nausea-inducing headset under the original contract, Anduril focused on enhancing the software for user comfort and capabilities and was handed responsibility for the full contract, and in both instances the technology seems to be on the cutting edge of Mixed Reality capabilities. Was it even possible to articulate any reasonably precise specifications for either company?

Common practice might suggest that any tort cases involving this equipment might base liability off of the party responsible for the portion of the hardware or software at issue, yet the Government Contractor Defense presents potentially significant limits for litigants. One of the main limits at issue is the ability to limit the scope of discovery due to confidentiality concerns and the need for testimony by government personnel. This creates a trend of cases where plaintiffs lack meaningful information on the equipment that caused their injuries, preventing them from identifying the root cause, or the real defendant responsible. While the types of cases covered by the defense created in Boyle have grown over the decades since, the current doctrine creates a legal limbo for contracts on developing technologies that have, by their nature, extremely imprecise specifications and multiple contractors taking on full responsibility for different phases of development for the same equipment.Should the defense be expanded to accommodate current practices, as it historically has been post-Boyle? Should it be restricted to assume that liability exists unless the military specifically approved the conduct at issue, as Justice Kagan suggested in a case currently before the Supreme Court? The ideal solution going forward largely depends on an individual’s own balancing on the importance of innovation versus accountability.

#WJLTA #Military-Contractor #Products-Liability

By: Claire Kenneally

Billions for Borders 

On July 1st, 2025, the U.S. Senate passed a budget reconciliation bill (“H.R.1” or “One Big Beautiful Bill”), allegedly aimed at fixing a broken immigration system. Over $170 billion was allocated for immigration and border-enforcement projects, with $46.5 billion for border wall construction, $45 billion for private prison corporations to expand detention centers, and $29.9 billion for hiring additional ICE agents and funding deportations. 

Critics of the bill denounce its punitive emphasis on incarceration and deportation instead of pathways to legal citizenship. American Immigration Council policy director Nayna Gupta observed that “[the bill] does nothing to address the real problems in our immigration system including court backlogs, a lack of legal pathways to citizenship, and a broken U.S. asylum system.”

The Paper Wall We Aren’t Talking About

Despite more money than ever pouring into the immigration system, pathways to legal citizenship, asylum, and work permits have only gotten more convoluted and backlogged in the last 20 years. 

U.S. Citizenship and Immigration Services (USCIS) is the federal agency that processes visa and green card applications. USCIS is distinct from Immigration and Customs Enforcement (ICE) and Customs and Border Patrol (CPB). Money allocated to ICE and border enforcement does not trickle down to,  nor support USCIS. USCIS is primarily funded through user fees paid by those applying for immigration and naturalization benefits. 

Figure 1: The Complex Green Card Application System

In 2023, USCIS processed over 10 million applications. However, they are still taking longer than ever to review applications, and are currently grappling with an unprecedented 11.3 million pending applications. As backlogs grow, applicants are left waiting for months, years, and sometimes decades longer than they should. 

Part of this gridlock is the outdated use of paper applications and limited e-filing options. “Notorious for its reliance on antiquated paper files,” USCIS requires immigrants (and their lawyers) to embark upon a lengthy process of preparing and mailing printed application materials to one of only five national processing centers.

This summer, I had the privilege of working as a legal intern at the Northwest Immigrant Rights Project. There, I observed staff attorneys spend hours compiling application materials for clients—writing extensive cover letters listing every document in the application, triple-checking that even blank or non-applicable boxes were marked, photocopying birth certificates multiple times to ensure clarity, and assembling a FedEx or USPS package for delivery. Then they’d carefully attach the package’s tracking number to the client’s file, so that in the (not unlikely) chance USCIS claimed they never received it or it was delayed, they could verify the application had been delivered. Then they waited, sometimes for weeks, to receive a confirmation letter from USCIS. Weeks and months after that, they might receive another letter asking for a clarification, different information, or a copy of a different form. 

Technical issues also persist beyond the application stage, slowing progress and creating confusion throughout the process. Checking a case’s status on USCIS’s website is also often futile due to system outages, server issues, or glitches. In early 2025, a USCIS website glitch falsely showed that hundreds of cases had been advanced to final review, leading to widespread confusion and disappointment when the error was rectified. 

How can this be? How can we have systems in place for online tax filing, online banking, and countless other e-filing systems, yet USCIS can’t manage to move beyond manually reviewing millions of paper forms? And how can billions of taxpayer dollars be allocated to immigration reform, yet so focused on inhumane incarceration practices instead of obvious improvements that create legal pathways to citizenship? 

A History of Inefficiency

Interestingly, the inefficiency of USCIS technology has long been a thorn in the side of effective immigration processes. In a 2005 report by the Department of Homeland Security’s Office of the Inspector General, auditors noted that “USCIS’ IT environment for processing immigration benefits continues to be inefficient, hindering its ability to carry out its mission. USCIS’ processes are primarily manual, paper-based, and duplicative, resulting in an ineffective use of human and financial resources to ship, store, and track immigration files.” 

Similar sentiments repeated in 2014 and 2016, with auditors writing that “USCIS struggled to modernize its stove- piped, paper-based immigration benefits processing to a more centralized and automated environment”. In 2020, yet another audit found that despite “strategic planning activities to help prioritize legacy IT systems or infrastructure for modernization… [the Department of Homeland Security and USCIS] continues to rely on deficient and outdated IT systems to perform mission-critical operations.” 

The Human Cost 

There are multiple implications when a system designed to support some of our most vulnerable community members struggles to be efficient. It is costly. It creates backlogs, currently in the millions. It is frustrating for USCIS staff and immigration attorneys who must carefully wade through inch-thick application materials. But most importantly, it is cruel to the millions of immigrants a year attempting to enter the United States. Some will wait decades just to be denied. Others will wait for months with no updates, only to receive a cryptic notice warning that their case may be denied unless they locate and resend documents they thought were already submitted. 

Low-income applicants in particular face heightened barriers due to paper-only fee-waiver applications, while H.R.1 has simultaneously hiked filing fees by hundreds of percent. With billions of dollars allocated for immigration reform through H.R.1 and millions of dollars in profits lining the pockets of privatized prison corporations as a result, this process is a slap in the face to those attempting to immigrate through legally recognized channels. 

Now what? 

Ironically, the very inefficiency of immigration technology has proven to be an effective tool for limiting access to the United States. As of October 2025, just seventeen of the 103 forms on USCIS’s website were available to be completed online. Discussing USCIS’s all-time high backlog of applications, immigration attorney Greg Siskind told Newsweek: “USCIS is still moving along with e-filing…and [their] long-term goal is to totally move away from paper filings…[even] more worrisome is the expectation by many in the immigration bar that USCIS will increasingly use AI—often poorly designed AI—that will speed up decision-making but in a way that lacks transparency and with serious quality control concerns.”

USCIS’ paper-heavy infrastructure continues to frustrate applicants and attorneys alike, with digital access limited to a fraction of its forms. Whispers of utilizing AI introduces a worrisome paradox: how can we trust advanced technology to improve outcomes when the fundamentals of digital access and e-filing are still missing? 

I believe immigration reform is possible—but only if we stop funneling billions of dollars into cages, and start prioritizing accessibility.

#WJLTA #ImmigrationTechCrisis