'Smart Home' Providers May Be Liable Under The TCPA
This article was published in Law360 on July 5, 2016. Written by Ice Miller partner Isaac Colunga and associate Deepali Doddi.
In many ways, it is becoming easier and easier to violate the Telephone Consumer Protection Act (TCPA). Congress passed the TCPA in 1991 with the simple goal of stopping automated phone calls that consumers did not consent to receive. And as technology morphed and changed over the years, the Federal Communications Commission interpreted the statute so that the restrictions on automated phone calls extended to text messages as well. This interpretation, of course, has made it that much more difficult for businesses to comply with the TCPA, seeing that consumers exchange text messages with businesses all the time. Consider the scenario where a shopper walks into a store and sees a sign offering a store coupon if the shopper sends a text message to a listed number. Every day, shoppers respond to these offers and instantly receive text messages containing store coupons. These consumer-prompted coupons may not violate the TCPA, but they are a good example of how consumers and businesses are communicating more and more by text message. The list of examples goes on and on, and even still a new area has emerged by which companies are communicating with consumers by text message or otherwise and sharing data about those consumers’ personal lives and homes. We call this the “internet of things.”
The Internet of Things and Smart Homes
Put simply, the “internet of things” refers to an “interconnected environment where all manner of objects have a digital presence and the ability to communicate with other objects and people.” With the internet of things, the possibilities for using a variety of interconnected devices and objects — ranging from appliances to HVAC systems to vehicles to energy grids — to enhance your daily life and increase efficiencies are endless.
One interconnected feature of our lives, which many of us are aware of or already use, is the “smart home.” A smart home generally involves a collection of devices and appliances that synchronize over a network and automatically share information with each other about the user’s activities and preferences. Home automation technologies are developing at a rapid pace, and consumers can now choose from myriad products to build their smart homes. For instance, consumers can install smart home systems that allow them to use their cell phones or tablets to remotely control the temperature and lighting within their residences, turn on appliances, unlock doors and monitor the security of their homes. As technology evolves, home automation devices will grow more “intelligent,” relying less frequently on overt user commands to function — a thermostat will sense your presence when you walk into a room, for example, and automatically adjust to your preferred temperature.
The TCPA Implications of Smart Home Technologies
The expansion of home automation technologies is inevitably fraught with both practical and legal concerns surrounding the collection, use and security of smart home data. To achieve compliance with the TCPA in particular, smart home technology vendors must be careful to use consumers’ cell phone information to communicate with them only in a manner that is consistent with the consumers’ consent. The exchange of text messages between smart home vendors and consumers is central to the functionality of many home automation systems, but it can be tricky in light of the TCPA. Smart home security systems serve as a prime example. A critical feature of an automated home security system is the ability to detect possible intruders, perhaps by identifying a door or a window that is opened while the homeowner is out of the house. Then, after sensing that a door or window is open, the security system will send an alert to the homeowner’s cell phone via text message. The text message alert may even provide options to trigger an alarm or notify law enforcement of an emergency. This is a really useful feature, to be sure, but providers must consider the consent that the TCPA requires when sending these messages.
The FCC rules implementing the TCPA, as applied to text messages, differ depending on whether the text message contains a noncommercial message or the text message was sent for marketing purposes. If the text message is purely informational, then to show that the consumer has consented, the FCC requires only “express consent,” which is generally obtained when the person receiving the text message willingly provides his or her cell phone number to the sender. The requirement differs, however, if the text message contains marketing or advertising. If it does, then the FCC would expect the provider to have met the more stringent prerequisite of obtaining “prior express written consent.”
In the context of smart homes, many consumers who wish to receive purely informational text messages from smart home vendors, such as alerts of suspicious activity in or around their homes, will voluntarily provide their cell phone numbers to the vendors. In such cases, smart home vendors can presume that their customers have expressly consented to receiving informational text messages from them. Nevertheless, to avoid liability under the TCPA, smart home vendors must ensure that they craft text message alerts that are entirely noncommercial and do not, in any way, contain information that may be construed as “advertisements” or “marketing” for their services or products.
On the other hand, if smart home vendors elect to send marketing communications to their customers’ cell phones via text message — whether the marketing communications are embedded within their informational text message alerts or comprise standalone text messages — they must be willing to partake in the more onerous process of obtaining their customers’ “prior express written consent.” A vendor may obtain prior express written consent electronically through a website form submission or an opt-in text message. But the vendor must critically review the consent language and ensure the consumer knows what he or she is agreeing to receive. Smart home vendors must remember that under the TCPA, a consumer's willingness to receive informational text message alerts has no bearing on whether he or she has consented to receiving commercial text messages.
The internet of things revolution presents exciting opportunities for companies to develop new technologies that rely on network interconnectivity to create the “smart home” and engage with consumers. As smart home vendors continue to use text messaging to send alerts to their customers’ cell phones, they should be mindful that their communication practices will be scrutinized for compliance with the TCPA.
This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.
 See 47 U.S.C. §§ 153(39), 227(b)(1); Satterfield v. Simon & Schuster, Inc., 569 F.3d 946, 954 (9th Cir. 2009).
 In re Rules and Regulations Implementing the TCPA, 18 FCC Rcd. 14014, 14115 ¶ 165 (July 3, 2003); In re Rules and Regulations Implementing the TCPA, FCC 15-72, ¶ 52 (July 10, 2015) (2015 FCC Order); Satterfield, 569 F.3d at 954 (explaining that text messaging is used primarily between telephones and is therefore consistent with the definition of a “call”).
 In re Rules and Regulations Implementing the TCPA, FCC 15-72, ¶ 103 (July 10, 2015) (2015 FCC Order) (clarifying that “on demand” text messages sent in response to a consumer-initiated request are not subject to TCPA liability).
 Federal Trade Commission, FTC Staff Report: Internet of Things: Privacy & Security in a Connected World, at 1 (January 2015).
 See SAS Institute, Internet of Things (IoT): What It Is and Why It Matters.
 See Deborah Weinswig, Why Smart Homes Will Be a Million Times Better Than 'The Jetsons,' Forbes (April 19, 2016).
 See, e.g., Richard L. Tso, Smart Homes of the Future Will Know Us by Our Heartbeats, Wired (October 2014).
 See, e.g., University of Michigan, Hacking into Homes: 'Smart Home' Security Flaws Found in Popular System (May 2, 2016) (describing a research study that revealed security vulnerabilities in a smart home automation system).
 See, e.g., SmartHome.com. Depending on the user's preference, alerts may also be issued via email and push notifications for smartphone applications.
 See Carolyn Heneghan, Nerd Alert: Smart Home Security Enlightens the Industry, The SafeWise Report (July 17, 2014).
 See In re Rules and Regulations Implementing the TCPA, 23 FCC Rcd. 559, 565 (2008) (stating that “calls regarding debt collection or to recover payments are not subject to the TCPA’s separate restrictions on ‘telephone solicitations’”).
 In re Rules and Regulations Implementing the TCPA, Report and Order, 7 FCC Rcd. 8752, 8769, ¶ 31 (Oct. 16, 1992) (1992 FCC Ruling) (“Persons who knowingly release their phone numbers have in effect given their invitation or permission to be called at the number which they have given, absent instructions to the contrary.”); In re Rules and Regulations Implementing the TCPA, Report and Order, 233 FCC Rcd. 559, 564 (Jan. 4, 2008).
 In re Rules and Regulations Implementing the TCPA, Report and Order, 27 FCC Rcd. 1830, 1838 (Feb. 15, 2012) (effective October 16, 2013) (2012 FCC Ruling).
 Id. at ¶ 32 (indicating that an electronic signature obtained in accordance with the E-SIGN Act may constitute "express written consent").