Iran – yup, Iran – to the rescue to tackle Internet of Things security woes It's no secret that people are getting increasingly jumpy about poor security within the Internet of Things. No one likes it when a website is hit by a flood of junk traffic from thousands of compromised computers – but that's nothing compared to what may happen when billions of IoT devices embedded all over our homes and in …
"Appropriate regulation" doesn't necessarily mean designing the protocols used. It can mean things like governments taking responsibility to ensure that companies meet certain minimum levels of security and accountability, just like they do with things like say automobiles or water heaters.
You can't prevent all mistakes from happening, and you can't even prevent all malicious or dishonest action. You can however ensure that the bad actors face the consequences and don't hide behind "terms of service agreements" and an army of lawyers.
If Facebook loses your cat pictures, well quite frankly I don't care because Facebook really doesn't matter. If however my thermostat and every thermostat in the country doesn't work unless it was connected to a server in bongo-bongo land (or California - same things really) and they shut down and now my house freezes while I stand in line behind 10 million other people waiting for a replacement, then I'm going to care a lot. People should be able to buy critical stuff and know that it is safe to use without having to analyse the technology behind it.
Thames, you are approaching this from a consumer perspective, which is a valid starting point to be sure though it misses the point. Leaving aside for the moment that different governments have drastically different approaches to consumer protections, consider that "appropriate regulation" is somewhat like hypnotic language in that it means whatever the listener wants it to mean and only when treaties are made do its actual effects reveal themselves. How many governments want to snoop on and control the personal lives of their citizens? As far as I know, the answer is all of them. That's what this is really about, not consumer issues.
Just by making suppliers liable for faults and security holes that are not patched reasonably quickly[1] and for the usable life[2] of the IoT devices, and no weasel EULA to got out of it, would be a major start. Most of the problems fundamentally come down to the "ship it fast even if shit, and don't pay for a decent support team" mentality of modern businesses.
[1] say 30 days from it being reported
[2] say 5 years after that model was last offered for sale
"On the flip side, other governments and some organizations argue that the internet is becoming so meshed into our daily lives that the "running code" approach that has made the internet what it is today has limited usefulness when it comes to issues like security."
Does the "limited usefulness" that they refer to, mean that government agencies don't have automatic access to see exactly what everyone is doing; if so, I think that is probably a Good Thing.
"Very broadly, one side feels very strongly that the fact that governmental organizations have not been in charge of the internet's evolution thus far is a major reason why it has been as successful as it has been."
I suspect that based upon their normal track record, if the various governments had been more involved in the Internet's development, we'd have seen a lot more money pissed up against the wall invested, a lot more consultants employed; and we'd probably still be looking primarily at text based pages, using dial up connections.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
