Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bruce Schneier: IoT + DMCA = More Monopolies, Limits On Consumer Choice (theatlantic.com)

Posted by timothy on from the everything-is-online dept.

New submitter OldMan17 writes: On Dec 24, while many of us were busy in a frenzy of commercial excess and socially-conditioned good cheer, The Atlantic published an article by Bruce Schneier predicting that the IoT will be abused in conjunction with DMCA to make our lives worse instead of better. Some of the precedents he cites are old news, but I expect we will have a lively debate in the comments as to whether the over-arching conclusion is justified by his arguments. When everything is online, laws made for "the internet" suddenly apply to everything.

10 of 118 comments (clear)

  1. I respect Bruce, but... by Anonymous Coward · · Score: 5, Interesting

    His example of the Hue dustup was a poor, poor choice as example there.

    1) Hue bulbs use ZigBee Light-Link Profile.
    2) The bulbs (all of them...ALL OF THEM in the IoT space right now) cannot be re-flashed.
    3) In order to get a permanent private key for each SKU shipped using ZigBee LL Profile, the devices must conform to the spec and properly interoperate. So, they can't dink with the bulbs, period.
    4) The only place you can even possibly DO what Phillips attempted to do would be to dink with the final phases of the LL handshake, wherein the coordinator (the gateway puck) would allow federation with the mesh or not at the last part of the process, based on manufacturer and manufacturer ID, and just drop the federation request on the floor if it didn't match the list.
    5) It's not DRM, per se. Worse, it's NOT compliant with the ZigBee spec. Not sure how the Consortium would handle a revocation of things like that, but the Coordinator in that configuration no longer complied with the spec (which is to allow Home Automation and Light-Link protocol devices ONTO that mesh and be able to control them, period.
    6) Better yet, there were competing products (Iris, Wink, etc.) that could work with Phillips' crap because of the ZigBee spec. While some of them don't have an "API" to drive it via PC, some do- and moreover, some of them let you have ZB and Z-Wave light controls signal lights on and off or to federate clusters of bulbs with a control panel that acts like a Light Switch. Phillips just simply cut their own throats by trying this. People can go buy up their RGB bulbs or Osram's...and get the same basic functionality as Hue provided...for less money in most cases.

    1. Re:I respect Bruce, but... by Anonymous Coward · · Score: 5, Interesting

      Not really.

      What Phillips did was effectively refuse to send control codes to non-Phillips bulbs. So you could still use non-Phillips ZigBee lights and they'd still help form the mesh network, you just couldn't turn them on or off or dim them or whatever it is that Hue does. And, of course, a lightbulb that can't be made to light is essentially useless even if it is helping your bridge communicate with a distant bulb.

      But you're right, you should (in theory) be able to throw away the Phillips hub (the part that communicates from the app to the bulbs) and switch over to a non-Phillips hub and get control of your lights back. Just not with the existing app.

      Which means that involves setting up your entire system from scratch, rebuilding everything you had set up in the Phillips app in the new app, and potentially means your physical switches that Phillips sells no longer works.

      And, of course, any new bulbs you buy from Phillips presumably won't work with the new bridge. And there may be some "special features" that only work with the Phillips bridge but who knows what those would be.

  2. Re: White People Problems by Anonymous Coward · · Score: 2, Interesting

    General purpose computers are on their way out. One decade or less and you won't be able to buy one. With no spare parts, those still existing will stop working very soon. But way before that happens you won't be able to connect to the internet without a "certified" device. This will happen. There is no way to stop it.

  3. Re:The Internet of Things is Stupid (IOTIS) by fermion · · Score: 4, Interesting
    Smart phones are stupid. they cost privacy and security. They are expensive and you don't get any benefits.

    People want free things, so firms are going to produce products for this market. People don't understand the technology or how it impacts security or privacy so they sill just buy the cheap or free products. Look at PCs in the 90's. People were fine having malware on their purchased computers if it meant saving $50. For the most part they would not buy more secure computers because they cost more.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  4. Re:White People Problems by ShanghaiBill · · Score: 4, Interesting

    You definitely don't need a frigging Internet connected LIGHTBULB.

    I have a few frigging Internet connected lightbulbs, and while they are not "needed", they are certainly convenient. The bulb on my porch is controlled by an IoT motion detector, which also triggers an IoT camera, and sends an alert to my cellphone. The bulb in my kitchen is integrated with both a motion detector, and my Amazon Echo, so I can control it with voice. I save electricity, have better physical security, and I no longer have to get up on cold winter nights because my wife hears a noise. If the motion detector hasn't triggered, then I ain't gettin' up.

  5. Re:Don't forget TPP by ShanghaiBill · · Score: 3, Interesting

    It is a shame that the best way to block this bad idea may be the gridlock in Congress.

    There are many, many good things about gridlock. The only reason I am planning to vote for Hillary in November is because that will ensure that the gridlock continues.

  6. Re:It will blow back in their faces by Opportunist · · Score: 3, Interesting

    Unlikely. People won't even realize it. And it will only affect a tiny portion of the people buying those IoT trinkets.

    Look at the various devices that are already locked down and sealed. People are willing to put up with it. They buy from the walled-garden store, they buy the printer ink, they accept it. Of course they don't actually know what's going on, and they might even complain and lament, but they buy.

    And as long as they buy, the corporations don't give a fuck about the rest.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. Re:White People Problems by mlts · · Score: 5, Interesting

    Here is where things get nefarious. IoT are like social networks. In the past, you could just tell people where to stick it when they talked about their livejournal, MySpace, or Orkut stuff. However, if one doesn't have a LinkedIn account, FB account, and a Twitter account, you will be turned down for jobs.

    I know this firsthand. Had a job interviewer tell me that I was too old for IT work and show me the door because he wanted to read/follow my Twitter account, and I told him that I didn't have one.

    IoT has the potential for being just like that. For example, the Bluetooth deadbolt. It might be that apartment managers and other landlords install IoT security devices because it makes their job easier to lock out tenants being evicted, know who is going into a tenant's place, or to let maintenance in on a schedule regardless if the tenant wants it or not. For more flexible for the property owner, and the tenant would have no choice in the matter.

    Insurance can also demand IoT devices, say CCTV monitoring and file storage, or IoT deadbolts and other devices so they can be assured that a property is secured when the owners are away. If this isn't done, they won't renew the policy.

    Then, there is the phone home aspect. Pull the internet connection on a modern console, it halts. I wouldn't be surprised if a future HDCP spec that requires all devices to authenticate with a central server for a healthcheck every so often, would require that all TVs and such be always on and in communication. As per the EULA of the TV, video and audio would also be sent back for "IP enforcement purposes". If someone disagrees with that... well, good luck with the no-sue arbitration agreement they agreed to...

    Next comes devices. Take the refrigerator for instance. Good luck trying to find a completely mechanical one with a thermostat and compressor that runs for decades. Most have various computer controls. It wouldn't be surprising that IoT functionality is important, and no network connection means the device does not function, especially if the fridge maker starts demanding license keys to activate the ice maker, crisper section, and such.

    The key is to not just avoid buying IoT shit, but make it -damn well known- that you will never buy that because you don't want another route an intruder can trespass into your home. Because IoT security is so weak, and there is zero incentive for companies to actually do something about it, it needs to die on the vine.

  8. Re:White People Problems by epyT-R · · Score: 1, Interesting

    You could use a centralized control box for bog standard lamps and cams, too, and get the same functionality. You can also tell your 21st century empowered wife to get up off her lazy ass and check out the noise, but that would require you to have some balls.

  9. Re:White People Problems by mlts · · Score: 4, Interesting

    It wouldn't be worth the time, since I found a far better place to be at anyway, job-wise.

    As for FB/whatever, I decided to make an account, and keep them around. I now use Twitter for announcing GitHub releases I make. That way, the account is of actual use.

    As for IoT, whining about is not going to do much. However, there are a few ways to actually make IoT truly secure... not secure as in the sense of "locking it down" secure... but secure as in resisting unauthorized intrusions, modifications, deletions... the classic sense.

    Three ways to make it work:

    1: Get some people who know what they are doing, such as Bruce. Make a UL type independent organization whose job it is to check security of products in both white-box testing and black-box testing. Security such as resisting attacks via the network, ease of resetting the device, should the owner lose the password, how firmware updates are handled [1], how the device reacts to intrusion attempts, internal security like chrooting, signed executables, SELinux, ASLR, and other methods. Have the independent organizations's approval a must for the device to be sold. Of course, this invites regulatory capture, and genuine security can easily be perverted into "keeping the user out" security... but anything in IoT is better than nothing.

    2: Move to a different topology for IoT devices than having the devices connecting directly to the Internet via a 3G/4G connection or using a Wi-Fi access point. Instead, the devices should communicate on the LAN basis to a hardened appliance... and that appliance does the sending and receiving for the devices. This way, the "smart toaster" communicating to the hub via BlueTooth will be extremely difficult to hack because it sends the user's toaster preferences up through the BT hub, which then relays it through the Internet. Going with a hub/spoke, with redundant hubs possible, would significantly decrease the attack surface of IoT devices.

    3: Use the principle of least privilege. If an Internet connection isn't needed (say for a device to work as a remote), use Bluetooth. If the device has to have an Internet connection for updates, have documentation that describes the sites it connects to [2], and what ports that it should be allowed. Anything else should be blocked. The device should even enforce this in its OS firewall (netfilter for Linux, for example) to protect against unauthorized processes trying to get out. If "smart" functionality isn't needed, don't bother with it.

    Take the "smart" refrigerator. If appliance companies wanted to make something expensive, why not a fridge with two cooling mechanisms... the standard compressor that plugs into the wall, and an absorption mechanism which can be powered by electricity, natural gas, or propane. This way, if there is a power blackout, the fridge still retains cooling capacity, and with a thermalelectric generator (think a Peltier running in reverse), would have enough power to keep the core circuit board running. I'm sure there would be more demand for a fridge that keeps the food cold if power goes out, than a fridge which can display ads 24/7 on the screen.

    [1]: I believe in the old school idea of a physical button or switch that is used before flashing firmware... but this isn't something that can be done if the device is not physically accessible, so maybe a fallback would be some other mechanism. That way if the RSA key is compromised, the vendor can use a different, but still secure, way to get the updates to devices.

    [2]: Ideally, it should just fetch a signed manifest via SSL, and go from there. If the embedded OS is Linux, it could even use an existing package manager like Yum or apt so that wheel doesn't have to be reinvented.