Slashdot Mirror
A Future Where Everything Becomes a Computer Is As Creepy As You Feared (nytimes.com)
schwit1 shares a report from The New York Times: More than 40 years ago, Bill Gates and Paul Allen founded Microsoft with a vision for putting a personal computer on every desk. [...] In recent years, the tech industry's largest powers set their sights on a new target for digital conquest. They promised wild conveniences and unimaginable benefits to our health and happiness. There's just one catch, which often goes unstated: If their novelties take off without any intervention or supervision from the government, we could be inviting a nightmarish set of security and privacy vulnerabilities into the world. And guess what. No one is really doing much to stop it. The industry's new goal? Not a computer on every desk nor a connection between every person, but something grander: a computer inside everything, connecting everyone.
Cars, door locks, contact lenses, clothes, toasters, refrigerators, industrial robots, fish tanks, sex toys, light bulbs, toothbrushes, motorcycle helmets -- these and other everyday objects are all on the menu for getting "smart." Hundreds of small start-ups are taking part in this trend -- known by the marketing catchphrase "the internet of things" -- but like everything else in tech, the movement is led by giants, among them Amazon, Apple and Samsung. [American cryptographer and computer security professional Bruce Schneier] argues that the economic and technical incentives of the internet-of-things industry do not align with security and privacy for society generally. Putting a computer in everything turns the whole world into a computer security threat. [...] Mr. Schneier says only government intervention can save us from such emerging calamities. "I can think of no industry in the past 100 years that has improved its safety and security without being compelled to do so by government."
Cars, door locks, contact lenses, clothes, toasters, refrigerators, industrial robots, fish tanks, sex toys, light bulbs, toothbrushes, motorcycle helmets -- these and other everyday objects are all on the menu for getting "smart." Hundreds of small start-ups are taking part in this trend -- known by the marketing catchphrase "the internet of things" -- but like everything else in tech, the movement is led by giants, among them Amazon, Apple and Samsung. [American cryptographer and computer security professional Bruce Schneier] argues that the economic and technical incentives of the internet-of-things industry do not align with security and privacy for society generally. Putting a computer in everything turns the whole world into a computer security threat. [...] Mr. Schneier says only government intervention can save us from such emerging calamities. "I can think of no industry in the past 100 years that has improved its safety and security without being compelled to do so by government."
...we know you want fries with that.
Care killed the cat, but satisfaction brought it back.
Just like we have the "Organic" label on electronics, we should have a new label for things like TVs and other internet connected things that says that that thing does not have a microphone or video camera. I can't bring myself to give my TV my wifi password or buy a new 4k roku box because they all have microphones and cameras now!
>"Mr. Schneier says only government intervention can save us from such emerging calamities. "I can think of no industry in the past 100 years that has improved its safety and security without being compelled to do so by government."
That seems a bit grandiose. Yes, government regulation can and does help with safety and security. It is a necessary part of the modern world. However, it also stifles freedom, the economy, and innovation. I can so no better example off the top of my head than the signs and labels on nearly everything in California that everything is "known to cause cancer". Saying that market forces have no impact on safety is just crazy. Companies are very wary of litigation and bad press; both are very powerful incentives to produce safe and desirable products.
We always need a balance- the question is, what is that balance? Freedom/privacy and safety/security are, generally, diametrically opposed. Just as important is an educated and informed population.
I was watching an anime this week (https://en.wikipedia.org/wiki/A.I.C.O._-Incarnation-) and one of protagonists was infiltrating a building aided by his elite hacker colleague - who was bypassing all of the computer security and lock systems as the infiltration progressed. At the final stage the protagonist was blocked from entering his target room by the simple fact that it was sealed with a physical lock and key.
I am Slashdot. Are you Slashdot as well?
Libertarianism is the opposite side of Socialism. Both are based on this premise:
"We'll trust and magically it will all work out."
Both the market and the state have particular natures that simply don't work for solving certain problems. The government is terrible at the things that Socialism says it can magically fix, and the market is terrible at resolving the negative externalities that Capitalism says will be resolved by market incentives that arise from them.
Historically, that's why it was called political-economy, not economics. It was just understood by most thinkers that politics governs the economy and most political questions resolve back to answering economic disputes.
I don't want a network connected car, television, refrigerator or implanted in my body.
I w0uld hope eventually cheap and easy would be the less preferred alternative to secure; But human nature being what it is will ignore security until it bites them in the ass.
When people's computer implants become more common than insulin pumps, pacemakers and cardiac monitors, it would behoove them to not skimp on security; This is probably the next great digital divide,,,
10 years for items that cost more than $1000. All bug fixing costs covered, including disassembly and assembly where the product is a component. If a bug isn't fixed within a month, money back.
With all these "things" running Linux at its core it seems FOSS has won.
http://marshallbrain.com/manna...
Liberty - Security - Laziness - Pick any two.
These are running on sub $1 processors only doing very simple things like turning a light on or off. Even something as complicated as your dishwasher doesn't need an OS. I know this will horrify some programmers but you can actually schedule multiple things to happen in a single program and create something that is simpler, easier to debug and easier to get to 99% working without an OS.
There's a nice song about the subject of "smart" things. ;)
Anons need not reply. Questions end with a question mark.
Most of these devices are running ZigBee. ZigBee is a suite of "layers". The MAC layer is 802.15.4, network is ZigBee Pro, the application is a binary format call ZigBee Cluster Library. (Google is pushing Thread which is 802.15.4, Thread network layer, ZigBee cluster library for the application). ZigBee Smart Energy is the variant in your electric meter on the side of your house. It uses certificates, a long unique joining code, and a key agreement and certificate authentication scheme call EC-MQV to provide security. Thread has pretty good security, they use a Password Authenticated Key agreement and strong security at every level of communication. Unfortunately, in most other versions of ZigBee security is trumped by convenience.
If you want the $1 device to monitor your behavior and keep wireless contact with cloud servers, you'll probably want an OS to make things easier.
I know this will horrify some programmers but you can actually schedule multiple things to happen in a single program and create something that is simpler, easier to debug and easier to get to 99% working without an OS.
Want to horrify them even more? A lot of this stuff can be also done with purely analog electronics and electromechanical devices.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
"Bruce Schneier] argues that the economic and technical incentives of the internet-of-things industry do not align with security and privacy for society generally."
THAT part is an insight that might merit further thought. How can one arrange the system such that what is good for the company is good society? When you do that, it can work really well.
As far as the "I can think of no industry" but, Bruce is generally a smart guy, so I'm surprised to hear him start the interview with a statement that is so flat out wrong on the facts. More than that, anyone who knows a little history KNOWS it's completely wrong.
"There's no industry that's improved safety or security without governments forcing it to do so.", he said.
Has Bruce never heard of Underwriters Laboratories (UL listed, UL registered, etc)? Underwriters means insurance companies. That's not government, that's insurance companies offering guidance and an incentive. How about the National Fire Protection Association, which writes the fire codes? That's another safety organization started by insurance companies, and insurance companies wouldn't insure a building unless it met fire code. Later, local governments ALSO said "me to", but the NFPA and fire codes were created by insurance companies, not government.
The auto companies were advertising safety innovations for half a century before there was any major legistlature. From Dusenberg advertising hydraulic brakes in the 1920s to Ford marketing safety glasses in all its cars in the 1930s to padded dashboards, safety cages, and disc brakes in the 1940s - it wasn't until the 1960s that the government got involved.
So it's simply factually incorrect, plain wrong, to say "There's no industry that's improved safety or security without governments forcing it to do so". My side gig is pyrotechnics, fireworks. A LOT of what we talk about and work on in the industry is safety, sometimes talking about how to convince the government official to allow us to do things the safer way rather than insisting on outdated procedures, or things that are a bad (dangerous) fit for the situation.
of your lfe, that is. A person could just refuse to buy IOT devices . No one is forcing you. So what if don't have the latest, whatever it is. Don't buy it, or if you must then hack it to disable the, rather ill conceive, connected part of your e-toilet. Get a life, read a book, go play outside kids!
We need the government to protect our privacy.
"Bill Gates and Paul Allen founded Microsoft with a vision for putting a personal computer on every desk."
No its more like Gates and Allen had a vision for pirating CP/M.
Its another gold rush, this time for telemetry data that marketing and espionage pays dollars for.
It's very rare that the government will prohibit the collection of data, they want it and can usually get it through defining it as third party information, rubber stamp warrants, national security letters and if not via legally sanctioned or unsanctioned spy programs. What they don't want is a public backlash were people refuse to provide data because it'll be abused, so they'll sometimes stop insurance companies and whatnot from using the data but only because it's good for them. I think anyone who believes the government is against the IoT revolution or will do anything meaningful to prevent them from infecting everything is a fool.
For a random example, my dad got hearing aids. I was there with him, so I've heard what he heard. And then on a check-up she asked how they worked and how much he'd been using them, then checked that against the statistics on the device. There wasn't a single word said when he got them that they were collecting usage data, of course that was just locally on the device but it was still like wait, what, you can tell that? If you got a "smart" anything, you can expect it to upload a ton of telemetry about you. If you value your privacy keep your dumb devices, don't expect the government to come rescue you they'll just curb the worst offenses to keep the IoT wave rolling.
Live today, because you never know what tomorrow brings
I wonder how far fire and safety regulatory orgs would get without municipal code adoption of their standards?
It isn't that a computer in every device is an issue, it's that these computers have to be free as in beer. We've squandered the massive decrease in network cost to the point of demanding no incremental increase in cost of smart devices vs traditional. I'm all for paying a little more for a smart thermostat that doesn't tell some ad server when I get home from work. And I'm happy to pay a little for firmware upgrades to my smart switch if it means my house isn't going to become part of a bot network. And no way do I see any value in bringing microphones into my home that offer "free" services in exchange for listening to keywords and embedded sub audible sounds in TV shows. But it seems like these Internet companies (and by extension IOT companies) have such little faith in their product that they feel it necessary to give it away for nothing and then try to survive by introducing third parties for their income. Until that changes (and it doesn't help the cause when the tech press howls about the $1000 iPhone vs the $200 Android phone with "free" OS), we're going to continue down the dystopian path.
"Well, good luck finding a judge that doesn't run a bestiality site."
Socialism is based on the idea that we'll trust the state on everything and it will magically work out. Capitalism is the idea that we'll trust the market for everything and it will magically work out. Those are opposite positions, extreme polar opposites. They're also united in the one particular sense that they're both rooted in a fallacious belief that politics can be reduced to an exercise of ideology. Virtually all modern politics is built on that faulty premise.
Actual feudalism gets a bad rap. It's infinitely preferable to living under doctrinaire Socialism or anarcho-Capitalism. You're basically saying "would you rather be ruled like 16th century England with modern tech or modern day Somalia or Venezuela?" No one in their right mind would chose either of the latter.
Then again, an electro-mechanical timer will wear out, a well-designed microcontroller talking to some solid-state power switches with a few sealed buttons for input should last decades.
And they won't stop anything because all the surveillance possibilities and data that they too want access to.
> I wonder how far fire and safety regulatory orgs would get without municipal code adoption of their standards?
You can read all about it, because that was the case for about 100 years. Still many building codes are only *legally* enforced by municipal ordinance - within city limits. Outside city limits, people build to code because no bank is going to issue a mortgage on a non-compiant building, insurance companies won't insure it, and far fewer people would want to buy it, thereby greatly reducing the price the builder could sell it for. The codes are pretty well followed for construction in the county, where there is no legal requirement.
Many building codes are only *legally* enforced by municipal ordinance - within city limits. Outside city limits, people build to code because no bank is going to issue a mortgage on a non-compiant building, insurance companies won't insure it, and far fewer people would want to buy it, thereby greatly reducing the price the builder could sell it for. The codes are pretty well followed for construction in the county, where there is no legal requirement.
> But is the fire code truly optional
You can find out by calling your mortgage company and asking them if they'll loan you the $200,000 to build a building that ISN'T up to code. Ask your insurance company if they'll insure a building if you build it without following fire code. Ask your real estate agent how much money you'd lose track of to see it if it's not up to fire code. Or, let's try asking YOU -
If you were hiring me as the contractor to build for you, would you want me to:
A) build properly, to code
B) Build you crap that's unsafe, not complying with fire code
> or does government use penalties to coerce you to follow them?
The government penalty (failing to get a permit) is not in fact the primary motivation, and doesn't exist at all outside of city limits for many code requirements.
You had to replace worn out and/or broken parts before now you have to ensure that this IoT piece gets current version of certificates and security SW or else you will not be able to control it in a few years time. Happened to me already that to access my home NAS to update its security SW I had to use an old firefox because the new one would not work.
You mean the creeps that want to backdoor everything and compromise all security in order to be able to listen to and record everything? Fat chance. These people will only make everything worse.
Bruce Schneier has an irrational trust in authority. He really should know better by now.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Good point. I have no sympathy for these big companies, but they are operating in a capitalist system trying to make money. If regulation and public demand let them do this stuff, then why wouldn't they?
The key area that doesn't get a lot of air-time - mentioned above - is how consumers can make *informed* decisions. If products were forced to declare what telemetry was going, what got collected and how it would be used, at least people could make an informed decision about it. Lots of users would be happy with the benefits of facebook (staying in touch with friends etc) bearing in mind the costs of the personal data they give up (I find it abhorrent and staggering that anybody would, but we're all different).
The worst part about our current situation is that people just have no idea about what happens with their data - government regulation should compel much better transparency around this. Well done to the EU for pushing this forward.
Hej! Nasi tu byli!
When someone tells you about a topic, including its history, that's a hint that they might know something about the topic. They are therefore unlikely to be fooled by you making up stuff out of thin air.
> While "Underwriters" can mean insurance companies, it doesn't have to. And doesn't in this case.
It was founded by the Western Insurance Union and Chicago Underwriters Association in 1893
https://www.ul.com/aboutul/his...
> Oh, and later teh government gave it the ability to run legally binding tests on product safety.
What statute is that? If you plan to go look, let me suggest you not waste too much time looking for such a thing.
> And while car companies may advertise "it's safer", it does take a neutral third party observer to say whether it is.
Typically the third-party rating advertised is the IIIHS rating. Guess what IIHS stands for? Insurance Institute for Highway Safety.
Noticing a trend? Electrical safety (UL) - insurance companies.
Fire code (NFPA) - insurance companies.
Auto safety (IIHS) - insurance companies.
So who, exactly as responsible for creating and advancing safety standards? Insurance companies. They are really, really good at analyzing and minimizing risk because that's how they can be successful and make money, by reducing the risks of their customers.
I keep watching more and more video cameras being rolled out without vandalism. The citizenry and even the criminals are apathetic, unaware, or unwilling to do what is necessary to regain our freedom and anonymity.
Everyone is happy with their cell phones, everyone (even criminals!) is happy with their social networking account, everyone is happy giving over all their biometrics, and everyone is happy being videotaped and facially recognized everywhere they go. Enabling but not enforcing has given them tacit approval of these tactics and only once the noose has closed and people are grasping at their neck will they realize the true horrible consequences of what they have allowed to happen.
Yes, the NHTSA rates car safety, giving each car either four or five stars. Last year 97% of vehicles received one of the the top ratings.
One way to get a five star rating is to have the front wheels and most of the engine compartment end up in the front seats after a collision:
https://www.thetruthaboutcars....
IIHS, on the other hand, provides ratings which allow you to tell which cars are the safest and which aren't so safe. Not every car gets a trophy from IIHS because failing to distinguish safe cars from less-safe ones, giving them all high ratings like NHTSA does, would reduce the profits of the companies sponsoring the testing. The companies need to know which ones are actually safer.
> It was founded in 1894 by William Merrill
That's right. Merril, an insurance underwriter, lead the project, which was funded by insurance companies.
Here's the thing - car accidents and the other dangers we are talking about kill tens of thousands of people every year. Real people, whose children actually lose their parents. This isn't a game and it's not theoretical. Livew are on the line, yours and mine. So let's do what works, okay? Let's figure out what has ACTUALLY improved safety effectively and do more of that, alright? We can choose something else to try to score points for some political theory.
Mr. Schneier let me help you with you inability to understand about safety and industry. The National Electrical Code which fundamentally improved safety in the electrical industry is part of the National Fires Code, which fundamentally improved safety in the building industry is published by the National Fire Protection Association (NFPA) a private trade association. It was not imposed by the government.
Unlike what some people would like you to believe, it is not necessary or usually even advisable for government to impose solutions. The best ones (see NEC and NFC) can be developed outside of government. It does require will and interest on the part of industry to do so.
"I can think of no industry in the past 100 years that has improved its safety and security without being compelled to do so by government."
Not in the US, that's for sure.
There is a big culture issue here. In Europe, we like to play it safe and slow. Companies are founded by people not looking for an IPO and early retirement, but those hoping to create a legacy that future generations can continue. Many of our companies, including some of the biggest, are still earned by the family that founded them.
This creates a relatively risk-averse business culture in which opportunities are sometimes not taken. You americans call it "socialism".
The US has a "go big or go bust" attitude. The culture is risk-seeking and failure is considered to be just a detour to eventual success. This leads to every opportunity being exploited, sometimes at considerable risk. We Europeans call it "the next financial crisis just around the corner".
While this manifests in laws and government regulations, it also expresses itself more directly in customer and investor expectations. In information security (my professional field), for example, my mostly european customers expect the reputation costs of a data breach to be much higher than the data justifies it would probably be. But the data is mostly from the US, so... maybe they are right in the end.
Assorted stuff I do sometimes: Lemuria.org
If their novelties take off without any intervention or supervision from the government, we could be inviting a nightmarish set of security and privacy vulnerabilities into the world.
And what makes anyone naive enough to assume that government "supervision" would somehow magically immunize us from said vulnerabilities? Or that government wouldn't misuse data gathering to commit human rights abuses?
Sigh...why is the default knee-jerk reaction to a potential crisis almost always "hey, let's find a way to depend on GOVERNMENT to fix this for us! Government is mighty, all knowing, all seeing, efficient, incorruptible, and always benevolent, right?"
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky