Slashdot Mirror
A Future Where Everything Becomes a Computer Is As Creepy As You Feared (nytimes.com)
schwit1 shares a report from The New York Times: More than 40 years ago, Bill Gates and Paul Allen founded Microsoft with a vision for putting a personal computer on every desk. [...] In recent years, the tech industry's largest powers set their sights on a new target for digital conquest. They promised wild conveniences and unimaginable benefits to our health and happiness. There's just one catch, which often goes unstated: If their novelties take off without any intervention or supervision from the government, we could be inviting a nightmarish set of security and privacy vulnerabilities into the world. And guess what. No one is really doing much to stop it. The industry's new goal? Not a computer on every desk nor a connection between every person, but something grander: a computer inside everything, connecting everyone.
Cars, door locks, contact lenses, clothes, toasters, refrigerators, industrial robots, fish tanks, sex toys, light bulbs, toothbrushes, motorcycle helmets -- these and other everyday objects are all on the menu for getting "smart." Hundreds of small start-ups are taking part in this trend -- known by the marketing catchphrase "the internet of things" -- but like everything else in tech, the movement is led by giants, among them Amazon, Apple and Samsung. [American cryptographer and computer security professional Bruce Schneier] argues that the economic and technical incentives of the internet-of-things industry do not align with security and privacy for society generally. Putting a computer in everything turns the whole world into a computer security threat. [...] Mr. Schneier says only government intervention can save us from such emerging calamities. "I can think of no industry in the past 100 years that has improved its safety and security without being compelled to do so by government."
Cars, door locks, contact lenses, clothes, toasters, refrigerators, industrial robots, fish tanks, sex toys, light bulbs, toothbrushes, motorcycle helmets -- these and other everyday objects are all on the menu for getting "smart." Hundreds of small start-ups are taking part in this trend -- known by the marketing catchphrase "the internet of things" -- but like everything else in tech, the movement is led by giants, among them Amazon, Apple and Samsung. [American cryptographer and computer security professional Bruce Schneier] argues that the economic and technical incentives of the internet-of-things industry do not align with security and privacy for society generally. Putting a computer in everything turns the whole world into a computer security threat. [...] Mr. Schneier says only government intervention can save us from such emerging calamities. "I can think of no industry in the past 100 years that has improved its safety and security without being compelled to do so by government."
...we know you want fries with that.
Care killed the cat, but satisfaction brought it back.
Just like we have the "Organic" label on electronics, we should have a new label for things like TVs and other internet connected things that says that that thing does not have a microphone or video camera. I can't bring myself to give my TV my wifi password or buy a new 4k roku box because they all have microphones and cameras now!
>"Mr. Schneier says only government intervention can save us from such emerging calamities. "I can think of no industry in the past 100 years that has improved its safety and security without being compelled to do so by government."
That seems a bit grandiose. Yes, government regulation can and does help with safety and security. It is a necessary part of the modern world. However, it also stifles freedom, the economy, and innovation. I can so no better example off the top of my head than the signs and labels on nearly everything in California that everything is "known to cause cancer". Saying that market forces have no impact on safety is just crazy. Companies are very wary of litigation and bad press; both are very powerful incentives to produce safe and desirable products.
We always need a balance- the question is, what is that balance? Freedom/privacy and safety/security are, generally, diametrically opposed. Just as important is an educated and informed population.
I was watching an anime this week (https://en.wikipedia.org/wiki/A.I.C.O._-Incarnation-) and one of protagonists was infiltrating a building aided by his elite hacker colleague - who was bypassing all of the computer security and lock systems as the infiltration progressed. At the final stage the protagonist was blocked from entering his target room by the simple fact that it was sealed with a physical lock and key.
I am Slashdot. Are you Slashdot as well?
Libertarianism is the opposite side of Socialism. Both are based on this premise:
"We'll trust and magically it will all work out."
Both the market and the state have particular natures that simply don't work for solving certain problems. The government is terrible at the things that Socialism says it can magically fix, and the market is terrible at resolving the negative externalities that Capitalism says will be resolved by market incentives that arise from them.
Historically, that's why it was called political-economy, not economics. It was just understood by most thinkers that politics governs the economy and most political questions resolve back to answering economic disputes.
I don't want a network connected car, television, refrigerator or implanted in my body.
I w0uld hope eventually cheap and easy would be the less preferred alternative to secure; But human nature being what it is will ignore security until it bites them in the ass.
When people's computer implants become more common than insulin pumps, pacemakers and cardiac monitors, it would behoove them to not skimp on security; This is probably the next great digital divide,,,
10 years for items that cost more than $1000. All bug fixing costs covered, including disassembly and assembly where the product is a component. If a bug isn't fixed within a month, money back.
With all these "things" running Linux at its core it seems FOSS has won.
http://marshallbrain.com/manna...
Liberty - Security - Laziness - Pick any two.
These are running on sub $1 processors only doing very simple things like turning a light on or off. Even something as complicated as your dishwasher doesn't need an OS. I know this will horrify some programmers but you can actually schedule multiple things to happen in a single program and create something that is simpler, easier to debug and easier to get to 99% working without an OS.
There's a nice song about the subject of "smart" things. ;)
Anons need not reply. Questions end with a question mark.
Shops to remove/disable dubious hardware components. I've epoxied the Alexa microphone on my Fire TV remote, but non-technical types would find this difficult to do.
Anytime you run something with software or even a simple IoT product. It becomes a security that wasn't there before and if poorly updated and supported just becomes a security problem. As this stuff becomes more attacked I think many will reverse course on allowing it into their homes and businesses. I have yet to see a problem turning on my lights myself instead of some app doing it through a device. It just adds complexity to a rather simple task.
Most of these devices are running ZigBee. ZigBee is a suite of "layers". The MAC layer is 802.15.4, network is ZigBee Pro, the application is a binary format call ZigBee Cluster Library. (Google is pushing Thread which is 802.15.4, Thread network layer, ZigBee cluster library for the application). ZigBee Smart Energy is the variant in your electric meter on the side of your house. It uses certificates, a long unique joining code, and a key agreement and certificate authentication scheme call EC-MQV to provide security. Thread has pretty good security, they use a Password Authenticated Key agreement and strong security at every level of communication. Unfortunately, in most other versions of ZigBee security is trumped by convenience.
If you want the $1 device to monitor your behavior and keep wireless contact with cloud servers, you'll probably want an OS to make things easier.
I know this will horrify some programmers but you can actually schedule multiple things to happen in a single program and create something that is simpler, easier to debug and easier to get to 99% working without an OS.
Want to horrify them even more? A lot of this stuff can be also done with purely analog electronics and electromechanical devices.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
But it'll be a race to see if that dystopia arrives before the planet melts. http://www.ipcc.ch/
Pass the popcorn.
"Bruce Schneier] argues that the economic and technical incentives of the internet-of-things industry do not align with security and privacy for society generally."
THAT part is an insight that might merit further thought. How can one arrange the system such that what is good for the company is good society? When you do that, it can work really well.
As far as the "I can think of no industry" but, Bruce is generally a smart guy, so I'm surprised to hear him start the interview with a statement that is so flat out wrong on the facts. More than that, anyone who knows a little history KNOWS it's completely wrong.
"There's no industry that's improved safety or security without governments forcing it to do so.", he said.
Has Bruce never heard of Underwriters Laboratories (UL listed, UL registered, etc)? Underwriters means insurance companies. That's not government, that's insurance companies offering guidance and an incentive. How about the National Fire Protection Association, which writes the fire codes? That's another safety organization started by insurance companies, and insurance companies wouldn't insure a building unless it met fire code. Later, local governments ALSO said "me to", but the NFPA and fire codes were created by insurance companies, not government.
The auto companies were advertising safety innovations for half a century before there was any major legistlature. From Dusenberg advertising hydraulic brakes in the 1920s to Ford marketing safety glasses in all its cars in the 1930s to padded dashboards, safety cages, and disc brakes in the 1940s - it wasn't until the 1960s that the government got involved.
So it's simply factually incorrect, plain wrong, to say "There's no industry that's improved safety or security without governments forcing it to do so". My side gig is pyrotechnics, fireworks. A LOT of what we talk about and work on in the industry is safety, sometimes talking about how to convince the government official to allow us to do things the safer way rather than insisting on outdated procedures, or things that are a bad (dangerous) fit for the situation.
See subject: For items NEEDING entire OS no-cost Linux is a huge per unit incentive (keeps per-unit cost down vs. OS license fees) - that & Microsoft's screwups Windows 8 onward help it also.
* Part of what drove me to Linux was seeing the STUPID THINGS M$ is doing (erroneous updates, security issues galore that DO NOT SEEM TO STOP, & POST Windows7 - Taking what users used for AGES in menus & turning them into what I call "idiot hierglyphics" instead, etc.).
APK
P.S.=> It's a shame to see good things go bad (on the MS stuff above) but it IS nice to see that Linux IS finally a very good operating system WITH a nice user interface (I use Plasma/KDE but am interested in trying xfce & others eventually) that works well + good surrounding development tools (FreePascal/Lazarus fan here) - took them time, but it's here imo (used Linux on/off since 1994, left it & came back roughly every 10 yrs.)... apk
In recent years, the tech industry's largest powers set their sights on a new target for digital conquest.
but like everything else in tech, the movement is led by giants, among them Amazon, Apple and Samsung.
1+1=2
The giant co.s are greedy and retarded. If we let them do what they want they will unleash a hoard of insecure privacy violating nightmarish dystopian devices.
Solution: get rid of the giant co.s
of your lfe, that is. A person could just refuse to buy IOT devices . No one is forcing you. So what if don't have the latest, whatever it is. Don't buy it, or if you must then hack it to disable the, rather ill conceive, connected part of your e-toilet. Get a life, read a book, go play outside kids!
We need the government to protect our privacy.
How will they ever recover?
"Bill Gates and Paul Allen founded Microsoft with a vision for putting a personal computer on every desk."
No its more like Gates and Allen had a vision for pirating CP/M.
Its another gold rush, this time for telemetry data that marketing and espionage pays dollars for.
They spelled Steve Jobs, Steve Wozniak, and Apple wrong in the title. Even the revisionist history in the summary is wrong. IBM created the PC, not Microsoft.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Some things maybe is better to stay analogic as they are today. And not to be connected to the Internet of [dumb] Things.
It's very rare that the government will prohibit the collection of data, they want it and can usually get it through defining it as third party information, rubber stamp warrants, national security letters and if not via legally sanctioned or unsanctioned spy programs. What they don't want is a public backlash were people refuse to provide data because it'll be abused, so they'll sometimes stop insurance companies and whatnot from using the data but only because it's good for them. I think anyone who believes the government is against the IoT revolution or will do anything meaningful to prevent them from infecting everything is a fool.
For a random example, my dad got hearing aids. I was there with him, so I've heard what he heard. And then on a check-up she asked how they worked and how much he'd been using them, then checked that against the statistics on the device. There wasn't a single word said when he got them that they were collecting usage data, of course that was just locally on the device but it was still like wait, what, you can tell that? If you got a "smart" anything, you can expect it to upload a ton of telemetry about you. If you value your privacy keep your dumb devices, don't expect the government to come rescue you they'll just curb the worst offenses to keep the IoT wave rolling.
Live today, because you never know what tomorrow brings
I wonder how far fire and safety regulatory orgs would get without municipal code adoption of their standards?
It isn't that a computer in every device is an issue, it's that these computers have to be free as in beer. We've squandered the massive decrease in network cost to the point of demanding no incremental increase in cost of smart devices vs traditional. I'm all for paying a little more for a smart thermostat that doesn't tell some ad server when I get home from work. And I'm happy to pay a little for firmware upgrades to my smart switch if it means my house isn't going to become part of a bot network. And no way do I see any value in bringing microphones into my home that offer "free" services in exchange for listening to keywords and embedded sub audible sounds in TV shows. But it seems like these Internet companies (and by extension IOT companies) have such little faith in their product that they feel it necessary to give it away for nothing and then try to survive by introducing third parties for their income. Until that changes (and it doesn't help the cause when the tech press howls about the $1000 iPhone vs the $200 Android phone with "free" OS), we're going to continue down the dystopian path.
"Well, good luck finding a judge that doesn't run a bestiality site."
For example, if I buy a new car I want to render it incapable of accessing the Internet.
How does one disable its antenna, to accomplish this?
They sell water heaters connected to the internet right now. It's a gimmick to appeal to "high end" buyers who somehow think this feature is useful. Same thing with a washing machine or a microwave. I could also buy the Nest thermostat too... but why? So Nest can break the heating in my house with a software update (which they already did at least once).
Even the microwave has nothing really to do with the internet. It's just "voice control", which also just seems like a gimmick. If you want to make something useful, make it detect exactly what's in the microwave, and sense when it's cooked/defrosted, a voice control is just a silly feature and always will be.
The one internet connected thing I have that _is_ useful is my Plex DVR. I was able to watch recorded TV from home in my hotel room 2000 miles away. It was nice to have a touch of home from so far away. But these other kinds of IoT devices have been around for years now, and they haven't caught on. Why would they?
Those that think eventually we'll all suddenly figure out that having my toothbrush on the internet is some great new thing everyone will want are living in a faith based world.
At sex toys. Thanks ;]
Socialism is based on the idea that we'll trust the state on everything and it will magically work out. Capitalism is the idea that we'll trust the market for everything and it will magically work out. Those are opposite positions, extreme polar opposites. They're also united in the one particular sense that they're both rooted in a fallacious belief that politics can be reduced to an exercise of ideology. Virtually all modern politics is built on that faulty premise.
Actual feudalism gets a bad rap. It's infinitely preferable to living under doctrinaire Socialism or anarcho-Capitalism. You're basically saying "would you rather be ruled like 16th century England with modern tech or modern day Somalia or Venezuela?" No one in their right mind would chose either of the latter.
Then again, an electro-mechanical timer will wear out, a well-designed microcontroller talking to some solid-state power switches with a few sealed buttons for input should last decades.
"If their novelties take off without any intervention or supervision from the government."
Seriously?? The government would LOVE to pool all these 'novelties' into a citizen control mechanism. From license plate readers to facial recognition, ALL this computing power will be used to control people BY the government. This is not OSHA we're talking about here. This is Homeland Security setting up shop inside your house n order to "save" us. I'm glad I'm old. I do not look forward to the jack boot government's further intrusion into our lives. And for the record, fuck socialism, an idea so good people have to be forced to live under it.
How about a moderation of -1 pedantic.
The article is talking about an industry regulating itself. You're about one industry regulating another, in the case of insurance companies and safety codes. If the government didn't adopt and enforce these codes they'd be relatively meaningless to the citizenry as a whole. As far as your auto industry examples, they're all profit centered, and more akin Apple putting better gorilla glass on their phone. What is at stake are the safety precautions that the auto industry doesn't consider good for marketing, and would lose profit on vs. not pursuing them. That's a lot of safety precautions.
And they won't stop anything because all the surveillance possibilities and data that they too want access to.
pufff it's not so creepy, "everything's on a cob" is creepy!
> I wonder how far fire and safety regulatory orgs would get without municipal code adoption of their standards?
You can read all about it, because that was the case for about 100 years. Still many building codes are only *legally* enforced by municipal ordinance - within city limits. Outside city limits, people build to code because no bank is going to issue a mortgage on a non-compiant building, insurance companies won't insure it, and far fewer people would want to buy it, thereby greatly reducing the price the builder could sell it for. The codes are pretty well followed for construction in the county, where there is no legal requirement.
Many building codes are only *legally* enforced by municipal ordinance - within city limits. Outside city limits, people build to code because no bank is going to issue a mortgage on a non-compiant building, insurance companies won't insure it, and far fewer people would want to buy it, thereby greatly reducing the price the builder could sell it for. The codes are pretty well followed for construction in the county, where there is no legal requirement.
I have lived with the nightmare of smart devices since the end of the ice box era. Yes, our first refrigerator was a modern miracle that put our ice man out of work. My parents were amazed at its ability to keep milk cold and fish frozen for days, weeks and months. I observed a dark side that older people never considered: the light inside. Oh, they said 'the light goes out when the door is closed', as if it were nothing; as if we could just trust Jesus that it was so. But how can we be sure? None of my efforts could confirm or deny the assertion. In my early youth, I had already been outwitted by a simple appliance.
There have been many struggles with smart devices since then. My dad gave me an old Stanley thermos bottle for Boy Scout campouts, etc. It was beat up and ugly, but I treasured it for a long time before I realized how intelligent it was. In an idle moment, camping in the North Woods, it dawned upon me that my thermos had the ability to keep things hot, and also to keep things cold. It could do either! This piece of metal having no moving parts save the removable top, could decide whether to keep something hot, or cold; all without any effort from me. How does it decide? Another mystery for which I have sought an answer from the best minds of my generation.
Now, with the benefit of 'AI', we can expect devices to ponder many variables and make decisions as in the Go championship games, that even the programmer cannot explain. This is necessary, for instance, for computers to diagnose x-rays and other dense patterns of data. They will do it better than doctors very soon and yet nobody will know exactly how the results are achieved. When this tech is applied to military weapons, as it will, we should all take notice.
...omphaloskepsis often...
> But is the fire code truly optional
You can find out by calling your mortgage company and asking them if they'll loan you the $200,000 to build a building that ISN'T up to code. Ask your insurance company if they'll insure a building if you build it without following fire code. Ask your real estate agent how much money you'd lose track of to see it if it's not up to fire code. Or, let's try asking YOU -
If you were hiring me as the contractor to build for you, would you want me to:
A) build properly, to code
B) Build you crap that's unsafe, not complying with fire code
> or does government use penalties to coerce you to follow them?
The government penalty (failing to get a permit) is not in fact the primary motivation, and doesn't exist at all outside of city limits for many code requirements.
You had to replace worn out and/or broken parts before now you have to ensure that this IoT piece gets current version of certificates and security SW or else you will not be able to control it in a few years time. Happened to me already that to access my home NAS to update its security SW I had to use an old firefox because the new one would not work.
You mean the creeps that want to backdoor everything and compromise all security in order to be able to listen to and record everything? Fat chance. These people will only make everything worse.
Bruce Schneier has an irrational trust in authority. He really should know better by now.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
As a veteran of a couple of IoTstartups the part where the author claims big companies are driving everything was particularly funny. The more idiots like this sensationalize things they don't understand the more western countries lose the ability to compete with electronic powerhouses such as Shenzhen.
Sure IoT security is hugely important. Every data breach a possible legal nightmare. But it's not like the cloud vendors, device manufacturers, and software providers do not have best practices and solutions. We don't really need government intervention because IoT vendors are already somewhat proactive about anticipating new security regulations. The real problem is consumers who do not understand setting up perimeter networks, key management, authentication, following sites about the latest threats, etc. Basically those too lazy or clueless to enable the host of security features available to them.
Good point. I have no sympathy for these big companies, but they are operating in a capitalist system trying to make money. If regulation and public demand let them do this stuff, then why wouldn't they?
The key area that doesn't get a lot of air-time - mentioned above - is how consumers can make *informed* decisions. If products were forced to declare what telemetry was going, what got collected and how it would be used, at least people could make an informed decision about it. Lots of users would be happy with the benefits of facebook (staying in touch with friends etc) bearing in mind the costs of the personal data they give up (I find it abhorrent and staggering that anybody would, but we're all different).
The worst part about our current situation is that people just have no idea about what happens with their data - government regulation should compel much better transparency around this. Well done to the EU for pushing this forward.
Hej! Nasi tu byli!
When someone tells you about a topic, including its history, that's a hint that they might know something about the topic. They are therefore unlikely to be fooled by you making up stuff out of thin air.
> While "Underwriters" can mean insurance companies, it doesn't have to. And doesn't in this case.
It was founded by the Western Insurance Union and Chicago Underwriters Association in 1893
https://www.ul.com/aboutul/his...
> Oh, and later teh government gave it the ability to run legally binding tests on product safety.
What statute is that? If you plan to go look, let me suggest you not waste too much time looking for such a thing.
> And while car companies may advertise "it's safer", it does take a neutral third party observer to say whether it is.
Typically the third-party rating advertised is the IIIHS rating. Guess what IIHS stands for? Insurance Institute for Highway Safety.
Noticing a trend? Electrical safety (UL) - insurance companies.
Fire code (NFPA) - insurance companies.
Auto safety (IIHS) - insurance companies.
So who, exactly as responsible for creating and advancing safety standards? Insurance companies. They are really, really good at analyzing and minimizing risk because that's how they can be successful and make money, by reducing the risks of their customers.
I keep watching more and more video cameras being rolled out without vandalism. The citizenry and even the criminals are apathetic, unaware, or unwilling to do what is necessary to regain our freedom and anonymity.
Everyone is happy with their cell phones, everyone (even criminals!) is happy with their social networking account, everyone is happy giving over all their biometrics, and everyone is happy being videotaped and facially recognized everywhere they go. Enabling but not enforcing has given them tacit approval of these tactics and only once the noose has closed and people are grasping at their neck will they realize the true horrible consequences of what they have allowed to happen.
Mr. Schneier says only government intervention can save us from such emerging calamities.
...but this time he's wrong.
The government will not save us because it will be on the side of the corporations. Why? Corporations aren't the only ones seeking power and control; the government would love to have the same (or more), likely in the guise of "national security."
The only people who can save us from what's coming are...ourselves.
Unfortunately, I'm not sure if humans have evolved to the level needed to do that.
Yes, the NHTSA rates car safety, giving each car either four or five stars. Last year 97% of vehicles received one of the the top ratings.
One way to get a five star rating is to have the front wheels and most of the engine compartment end up in the front seats after a collision:
https://www.thetruthaboutcars....
IIHS, on the other hand, provides ratings which allow you to tell which cars are the safest and which aren't so safe. Not every car gets a trophy from IIHS because failing to distinguish safe cars from less-safe ones, giving them all high ratings like NHTSA does, would reduce the profits of the companies sponsoring the testing. The companies need to know which ones are actually safer.
> It was founded in 1894 by William Merrill
That's right. Merril, an insurance underwriter, lead the project, which was funded by insurance companies.
Here's the thing - car accidents and the other dangers we are talking about kill tens of thousands of people every year. Real people, whose children actually lose their parents. This isn't a game and it's not theoretical. Livew are on the line, yours and mine. So let's do what works, okay? Let's figure out what has ACTUALLY improved safety effectively and do more of that, alright? We can choose something else to try to score points for some political theory.
"Mr. Schneier says only government intervention can save us from such emerging calamities"
Non-sense. People have choices and ones own failures should not be blamed on others- but on oneself. This argument misplaces the blame from stupid users choices to shitty corporations and is an example of control freak mentality which dictates government must step in to solve the problem when there are obvious and better solutions out there- like not utilizing these companies products and services. And when you can't avoid that technology it's mostly because of control-freaks forcing bad shit like license plates onus via government. If users stopped purchasing/using these companies products and services we wouldn't be in this mess. He misses the real problem we have today. It's not corporations so much as it is governments fabricating real or imaginary problems and passing laws that thrust everybody to pay up or do a particular thing in a particular way even if it's a shitty solution.
People who think they know whats best for everybody are out of control. Government is taking and using technology in its abuse of power. I'm not at all worried about Facebook, Google, Microsoft, Apple, Amazon, and similar companies because I have a choice. I can choose not to utilize them. I can't choose not to utilize government or forced government services. I can't choose not to put a license plate on my car when I don't want to be tracked. I can't choose not to be tracked by FBI agents putting up license plate scanners. I can choose not to utilize Facebook. I can choose and have chosen not to purchase a smart television. I choose not to utilize Microsoft Windows. I choose not to utilize Google's Android or Apple iOS. I do choose to utilize GNU/Linux, Mastodon, and other decentralized technologies. I do choose to switch to crypto currencies and as time progresses anonymous crypto currencies. Crypto currencies today are not perfect and less privacy friendly- but they do something credit card companies and centralized payment networks can't or won't- they put the user in control. They may not be anonymous- but neither government nor corporate executive makers can decide to stop my payment to somebody they don't like. This is not to say government doesn't have power still, but it's after-the-fact. It's not an action they can take prior to my action. With a bank they can shut down my porn business because the government doesn't like porn and banks are highly regulated. With Bitcoin the government has to wait until I receive payment and then ALSO have a law under which they can prosecute me to seize my assets. Technically they do the seizing before the trial's conclusion- but none-the-less there is some opportunity no matter how small that is to defend myself. Unlike in the traditional banking system.
Mr. Schneier let me help you with you inability to understand about safety and industry. The National Electrical Code which fundamentally improved safety in the electrical industry is part of the National Fires Code, which fundamentally improved safety in the building industry is published by the National Fire Protection Association (NFPA) a private trade association. It was not imposed by the government.
Unlike what some people would like you to believe, it is not necessary or usually even advisable for government to impose solutions. The best ones (see NEC and NFC) can be developed outside of government. It does require will and interest on the part of industry to do so.
"I can think of no industry in the past 100 years that has improved its safety and security without being compelled to do so by government."
Not in the US, that's for sure.
There is a big culture issue here. In Europe, we like to play it safe and slow. Companies are founded by people not looking for an IPO and early retirement, but those hoping to create a legacy that future generations can continue. Many of our companies, including some of the biggest, are still earned by the family that founded them.
This creates a relatively risk-averse business culture in which opportunities are sometimes not taken. You americans call it "socialism".
The US has a "go big or go bust" attitude. The culture is risk-seeking and failure is considered to be just a detour to eventual success. This leads to every opportunity being exploited, sometimes at considerable risk. We Europeans call it "the next financial crisis just around the corner".
While this manifests in laws and government regulations, it also expresses itself more directly in customer and investor expectations. In information security (my professional field), for example, my mostly european customers expect the reputation costs of a data breach to be much higher than the data justifies it would probably be. But the data is mostly from the US, so... maybe they are right in the end.
Assorted stuff I do sometimes: Lemuria.org
And a llama.
Silly consumer, you know what you're actually going to get? The opportunity to buy a replacement every year or two, just like you get with your cellphone.
Now go back to work, slave.
Way too many A.K.A.s in there but the points are valid. Insurance companies make bets and then try to manipulate the odds afterwards so they get a better deal.
We see this all the time and yet nothing is done. When you buy car insurance, they calculate that X number of people in a certain group will have a loss. Then when that happens to someone, instead of properly treating that person as a member of that group, they suddenly treat that person as an individual and raise rates, etc. Why we permit this is just unreal to me.
The point of insurance companies is to get you to pay them for delivering nothing. If they can do that by helping safety they will. If they can achieve that by manipulating the law so you can't sue them then they'll do that. If they can achieve that by imposing bureacracy that puts the worst imagined government red tape to shame and waiting for you to die before they pay then they'll do that.
Insurers are not to be trusted. Neither are technology companies, which these days consist of a bunch of marketers, SJW social media child-tyrants, and one world government promoter executives all trying to sell the most hastily designed crap coded by unskilled third world 'developers' who think they're doing a good job, and manufactured in totalitarian nations that insert spy chips into the finished products. That's your world until you do something about it.
If their novelties take off without any intervention or supervision from the government, we could be inviting a nightmarish set of security and privacy vulnerabilities into the world.
And what makes anyone naive enough to assume that government "supervision" would somehow magically immunize us from said vulnerabilities? Or that government wouldn't misuse data gathering to commit human rights abuses?
Sigh...why is the default knee-jerk reaction to a potential crisis almost always "hey, let's find a way to depend on GOVERNMENT to fix this for us! Government is mighty, all knowing, all seeing, efficient, incorruptible, and always benevolent, right?"
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
Even elite hackers know that you sometimes need a screwdriver.
Please please please save of oh great mighty all-knowing government!
Because people in government are SO much more intelligent, moral, and better informed than technologists and consumers.
(Who will save us from GOVERNMENT???)
Like I have been saying for the past 20 years: tomorrow the world is NOT going to be a better place.
That's the motto of most of the new tech companies with silly colorful logos. There will be more people, more requests from your boss to make more with less, less space, less resources and more and more prized information to be gathered from every device and sold and used to sell more useless tech. Good luck for those who stay. Meanwhile, why not to make some money out of it?