Farhad Manjoo in the NYT writes,
Mr. Schneier argues that the economic and technical incentives of the internet-of-things industry do not align with security and privacy for society generally. Putting a computer in everything turns the whole world into a computer security threat — and the hacks and bugs uncovered in just the last few weeks at Facebook and Google illustrate how difficult digital security is even for the biggest tech companies. In a roboticized world, hacks would not just affect your data but could endanger your property, your life and even national security.
. . .Mr. Schneier is painting government intervention not as a panacea but as a speed bump, a way for us humans to catch up to the technological advances. Regulation and government oversight slow down innovation — that’s one reason techies don’t like it. But when uncertain global dangers are involved, taking a minute isn’t a terrible idea.
My bet would be that when it comes to securing the Internet of Things, government will be more of a problem than a solution.
Would this be the same kind of speed bump that they have provided for the information systems at the Veterans Administration and the Federal Aviation Administration?
“My bet would be that when it comes to securing the Internet of Things, government will be more of a problem than a solution.”
This point of view is justified, but it is also self-reinforcing. When we really need government to succeed at something, we are usually unwilling to let it.
Mr. Schneier is correct about the problem side of his argument. We can all only hope that the consequences play out in a fashion that allows us to all digest the reality of the situation and make the necessary productive adjustments. The market might save us, but it also might not. The difference here is that the ability to scale the harm is unprecedented. This might go very badly.
Perhaps the government could serve a useful role by setting security goals (though not means) and the penalties for not meeting those goals.
In a roboticized world, hacks would not just affect your data but could endanger your property, your life and even national security.
In reality, the average person really does not the risk and there are all kinds hyperbolic claims, especially in movie entertainment, that show these risks. And yet every time a data breach happens, people react, Experian data breach, and it tends to have small impacts. I still believe that there will be evidence of Trump using a bugged phone by Russia or China and the calls of reform will be ridiculous. And all we find out is Trump says rude things to foreign leaders in which everybody knows anyway.
The reality is:
1) Most people data and lives are boring and not a lot can be figured out. One aspect of big data breaches is the information have massive diminishing returns and loses it value after 12 months.
2) Tech does tend to over-react in these situations to protect against government intervention. Most credit card companies waive a $100 purchase if they see evidence of it occurring in Vermont and you live California
3) The reality is a lot of tech is making the world safer overall. How many criminals are caught with surveillance cameras?
4) I still think one aspect of Libertarians missing on Big Tech and Government are working together on security. Think about here criminals are caught using different aspects of big tech. Or with your phone data and private surveillance how well could the government with warrants could trace your everyday movements? Or just think about how quickly the media understands the movement of mass shooter within 12 hours of their capture.
The economic incentives are for IoT companies to drop in a version of Linux on the chip and hire $1 hr programmers in China or India to develop the features. This means the IoT device ships with all the bugs of that version of Linux, plus those written in for the particular app. I get this from a discussion on the EEVblog with Jack Gansslle, an embedded system expert. Once purchased, the item is not set up to auto-update and if Apple is any guide, updates generally reduce the performance of the original item, even as they add “new” features. Features generally designed to extract more “in-game” revenue from the purchaser.
The government can outlaw this, assuming they ramp up the import testing, but that means the I0T is going to get a lot more expensive. It will also seriously hamper the Maker movement with the cheap and easy computers on a chip like Raspberry Pi.
I agree that the problem is the cheap versions of Linux with no security that IoT manufacturers are using. And you would hope the open source movement would produce a more secure version for them to use by default. The IoT people don’t *hate* security, they just won’t spend any money on it. But open source people don’t work on it (or not urgently) because it’s boring.
The solution is for the government to cough up a few million and get open source programmers to produce a secure IoT version of Linux. The manufacturers would then use it, because “why not?”
“My bet would be that when it comes to securing the Internet of Things, government will be more of a problem than a solution.”
Like it was with Ebola?