Clearly it wouldn't be reasonable to impose a lower standard of safety and security than a non-smart lock. I don't think landlords would attempt to argue that principle.
The argument from them will be that smart locks do not regress security and safety.
Given the widespread and well known security problems with IoT devices across the industry, I think it'd be reasonable to demand assurances on this. For example, an audit trail provided to the resident for every unlock event and who authorised it, an agreement to immediately revert indefinitely to a physical lock at the landlord's expense if a vulnerability is discovered, and daily financial compensation for every day that the landlord fails to act on these mitigations.
Anything less than this I'd argue is a breach of contract, and any requirement that doesn't provide similar assurances would have to be by agreement by the tenant (ie. a new contract signed).
Breach of contract? Huh? Most tenants do not have "audit trail" requirements in their contracts and their existing physical locks don't provide one.
I always wonder if the folks making legal claims on hn actually practice law - the arguments are often nonsensical. Or maybe this type of logic is why law seems so backwards to folks
> Most tenants do not have "audit trail" requirements in their contracts and their existing physical locks don't provide one.
No, but the contract was signed at a time when physical locks were the only norm and the security and safety characteristics of a physical lock can be considered to be implied by that contract.
[For example a typical rental contract does not say "the landlord will maintain a working and suitable lock on the front door" but clearly a landlord would nevertheless be in breach of contract if the lock needed replacing due to wear and tear and the landlord refused to fix it]
This wouldn't rule out installing a smart lock in the future, but only if the security and safety characteristics, as implied by the contract, are not regressed by doing so.
A remote unlock facility wasn't agreed by the tenant, so it's reasonable to ask for an audit trail requirement in this case as previously the landlord (or their agent) would have had to be physically present, so their memory would serve as an audit trail.
I think that the perspective that [the addition of] a remote unlock facility without an audit trail compromises the security and safety of a physical lock and thus breaks the implied contract is a perfectly reasonable argument, especially given the prevalence of general industry failure (known vulnerabilities in specific models) in this area.
Landlord here. My lease doesn't specify the type of lock, nor do states where I rent property require that I disclose smart locks nor provide an audit trail of remote access to the lock. I am only required to provide "quiet enjoyment of the property" and provide reasonable notice if access is required (24 hours notice, which I provide via email and text). That said, I don't use smart locks with my properties. They're a pain in the ass from a reliability standpoint, and I prefer more reliable mechanical locks (Kwikset SmartKey, which allows for rapid re-keying when turning over the property).
> I think that the perspective that [the addition of] a remote unlock facility without an audit trail compromises the security and safety of a physical lock and thus breaks the implied contract is a perfectly reasonable argument, especially given the prevalence of general industry failure (known vulnerabilities in specific models) in this area.
While the argument can be entertained, housing statute provides for no such requirements (providing an audit trail of smart lock activity to tenants). I'm happy to run it by my attorney for funsies if you're interested in going down the rabbit hole, but I'm confident the use of smart locks, as well as not providing access control data to tenants, is entirely compliant with housing statute (and I have read all housing statute for the states I operate in).
I'm not making any claims about statute. I'm talking about contract law, which is rather separate (except when a contract is modified by statute, which as we both agree isn't the case here).
Ask your lawyer to explain implied terms of a contract, what implied terms might exist in your contract with your tenants with respect to expectations of the provision and maintenance of things such as locks that were present at the start of the tenancy, and what obligations you may have to maintain the same level of security and safety that existed at the time the contract was signed.
Your lawyer will most likely tell you that you can't _reduce_ the security of the locks, with the baseline being something between what you implied that you would provide at the start of a tenancy and what is the norm for tenancies of the same type, and that whether or not the addition of a remote unlock facility does so or not depends on the specific circumstances that only a court can determine.
Sent this link to my attorney, interested to hear what I get back. Honestly though, if a tenant raised the issue with me prior to signing a lease, I likely wouldn't rent to them as long as I had other tenants to consider. If the issue was raised after they signed the lease, I'd let them know they were free to terminate the lease and move out within a reasonable amount of time or not renew their lease when it came up for renewal. Being expensive to service is a trait I can legally discriminate against, and is not protected by fair housing laws.
I can appreciate the concerns, but not to the point where I'm going to waste time litigating it. It's a public policy issue that needs to be addressed.
> I'd let them know they were free to terminate the lease and move out within a reasonable amount of time...
This would be accurate, but depending on the terms of the contract the tenant may have no obligation to do so, and you would still have an obligation to provide the same quality of lock, secure under the same reasonable threat models, as what was present at the time the contract was signed. In other words, it may be that you would not be entitled to force a smart lock [that adds extra things that compromise the security of the implied threat model such as remote unlock] on the tenant, just as you would not be entitled to remove the lock entirely.
> ...or not renew their lease when it came up for renewal. Being expensive to service is a trait I can legally discriminate against, and is not protected by fair housing laws.
Traditional locks are more like suggestions, and have a well known attack called "lockpicking", that is easy to learn. I doubt smart locks will be less secure than that.
Don't forget the other major characteristics of network-connected gear; it's not just that a lock can be hacked remotely, but that all of them can be hacked at once, or even just all left accidentally unlocked because someone screwed up at Cloud Central.
The real problem with all this network connected stuff isn't even the new failure modes per se... it's the correlated nature of the new failure modes. (You know you're a Real Systems Engineer if something inside of you just screamed in terror.)
What breach? Every apartment lease agreement I’ve ever had says the leasing company can change the lease anytime they want. My recourse is to move out immediately.
The argument from them will be that smart locks do not regress security and safety.
Given the widespread and well known security problems with IoT devices across the industry, I think it'd be reasonable to demand assurances on this. For example, an audit trail provided to the resident for every unlock event and who authorised it, an agreement to immediately revert indefinitely to a physical lock at the landlord's expense if a vulnerability is discovered, and daily financial compensation for every day that the landlord fails to act on these mitigations.
Anything less than this I'd argue is a breach of contract, and any requirement that doesn't provide similar assurances would have to be by agreement by the tenant (ie. a new contract signed).