Slashdot Mirror
A Future Where Everything Becomes a Computer Is As Creepy As You Feared (nytimes.com)
schwit1 shares a report from The New York Times: More than 40 years ago, Bill Gates and Paul Allen founded Microsoft with a vision for putting a personal computer on every desk. [...] In recent years, the tech industry's largest powers set their sights on a new target for digital conquest. They promised wild conveniences and unimaginable benefits to our health and happiness. There's just one catch, which often goes unstated: If their novelties take off without any intervention or supervision from the government, we could be inviting a nightmarish set of security and privacy vulnerabilities into the world. And guess what. No one is really doing much to stop it. The industry's new goal? Not a computer on every desk nor a connection between every person, but something grander: a computer inside everything, connecting everyone.
Cars, door locks, contact lenses, clothes, toasters, refrigerators, industrial robots, fish tanks, sex toys, light bulbs, toothbrushes, motorcycle helmets -- these and other everyday objects are all on the menu for getting "smart." Hundreds of small start-ups are taking part in this trend -- known by the marketing catchphrase "the internet of things" -- but like everything else in tech, the movement is led by giants, among them Amazon, Apple and Samsung. [American cryptographer and computer security professional Bruce Schneier] argues that the economic and technical incentives of the internet-of-things industry do not align with security and privacy for society generally. Putting a computer in everything turns the whole world into a computer security threat. [...] Mr. Schneier says only government intervention can save us from such emerging calamities. "I can think of no industry in the past 100 years that has improved its safety and security without being compelled to do so by government."
Cars, door locks, contact lenses, clothes, toasters, refrigerators, industrial robots, fish tanks, sex toys, light bulbs, toothbrushes, motorcycle helmets -- these and other everyday objects are all on the menu for getting "smart." Hundreds of small start-ups are taking part in this trend -- known by the marketing catchphrase "the internet of things" -- but like everything else in tech, the movement is led by giants, among them Amazon, Apple and Samsung. [American cryptographer and computer security professional Bruce Schneier] argues that the economic and technical incentives of the internet-of-things industry do not align with security and privacy for society generally. Putting a computer in everything turns the whole world into a computer security threat. [...] Mr. Schneier says only government intervention can save us from such emerging calamities. "I can think of no industry in the past 100 years that has improved its safety and security without being compelled to do so by government."
...we know you want fries with that.
Care killed the cat, but satisfaction brought it back.
Just like we have the "Organic" label on electronics, we should have a new label for things like TVs and other internet connected things that says that that thing does not have a microphone or video camera. I can't bring myself to give my TV my wifi password or buy a new 4k roku box because they all have microphones and cameras now!
>"Mr. Schneier says only government intervention can save us from such emerging calamities. "I can think of no industry in the past 100 years that has improved its safety and security without being compelled to do so by government."
That seems a bit grandiose. Yes, government regulation can and does help with safety and security. It is a necessary part of the modern world. However, it also stifles freedom, the economy, and innovation. I can so no better example off the top of my head than the signs and labels on nearly everything in California that everything is "known to cause cancer". Saying that market forces have no impact on safety is just crazy. Companies are very wary of litigation and bad press; both are very powerful incentives to produce safe and desirable products.
We always need a balance- the question is, what is that balance? Freedom/privacy and safety/security are, generally, diametrically opposed. Just as important is an educated and informed population.
Libertarianism is the opposite side of Socialism. Both are based on this premise:
"We'll trust and magically it will all work out."
Both the market and the state have particular natures that simply don't work for solving certain problems. The government is terrible at the things that Socialism says it can magically fix, and the market is terrible at resolving the negative externalities that Capitalism says will be resolved by market incentives that arise from them.
Historically, that's why it was called political-economy, not economics. It was just understood by most thinkers that politics governs the economy and most political questions resolve back to answering economic disputes.
With all these "things" running Linux at its core it seems FOSS has won.
These are running on sub $1 processors only doing very simple things like turning a light on or off. Even something as complicated as your dishwasher doesn't need an OS. I know this will horrify some programmers but you can actually schedule multiple things to happen in a single program and create something that is simpler, easier to debug and easier to get to 99% working without an OS.
There's a nice song about the subject of "smart" things. ;)
Anons need not reply. Questions end with a question mark.
Most of these devices are running ZigBee. ZigBee is a suite of "layers". The MAC layer is 802.15.4, network is ZigBee Pro, the application is a binary format call ZigBee Cluster Library. (Google is pushing Thread which is 802.15.4, Thread network layer, ZigBee cluster library for the application). ZigBee Smart Energy is the variant in your electric meter on the side of your house. It uses certificates, a long unique joining code, and a key agreement and certificate authentication scheme call EC-MQV to provide security. Thread has pretty good security, they use a Password Authenticated Key agreement and strong security at every level of communication. Unfortunately, in most other versions of ZigBee security is trumped by convenience.
If you want the $1 device to monitor your behavior and keep wireless contact with cloud servers, you'll probably want an OS to make things easier.
"Bruce Schneier] argues that the economic and technical incentives of the internet-of-things industry do not align with security and privacy for society generally."
THAT part is an insight that might merit further thought. How can one arrange the system such that what is good for the company is good society? When you do that, it can work really well.
As far as the "I can think of no industry" but, Bruce is generally a smart guy, so I'm surprised to hear him start the interview with a statement that is so flat out wrong on the facts. More than that, anyone who knows a little history KNOWS it's completely wrong.
"There's no industry that's improved safety or security without governments forcing it to do so.", he said.
Has Bruce never heard of Underwriters Laboratories (UL listed, UL registered, etc)? Underwriters means insurance companies. That's not government, that's insurance companies offering guidance and an incentive. How about the National Fire Protection Association, which writes the fire codes? That's another safety organization started by insurance companies, and insurance companies wouldn't insure a building unless it met fire code. Later, local governments ALSO said "me to", but the NFPA and fire codes were created by insurance companies, not government.
The auto companies were advertising safety innovations for half a century before there was any major legistlature. From Dusenberg advertising hydraulic brakes in the 1920s to Ford marketing safety glasses in all its cars in the 1930s to padded dashboards, safety cages, and disc brakes in the 1940s - it wasn't until the 1960s that the government got involved.
So it's simply factually incorrect, plain wrong, to say "There's no industry that's improved safety or security without governments forcing it to do so". My side gig is pyrotechnics, fireworks. A LOT of what we talk about and work on in the industry is safety, sometimes talking about how to convince the government official to allow us to do things the safer way rather than insisting on outdated procedures, or things that are a bad (dangerous) fit for the situation.
It isn't that a computer in every device is an issue, it's that these computers have to be free as in beer. We've squandered the massive decrease in network cost to the point of demanding no incremental increase in cost of smart devices vs traditional. I'm all for paying a little more for a smart thermostat that doesn't tell some ad server when I get home from work. And I'm happy to pay a little for firmware upgrades to my smart switch if it means my house isn't going to become part of a bot network. And no way do I see any value in bringing microphones into my home that offer "free" services in exchange for listening to keywords and embedded sub audible sounds in TV shows. But it seems like these Internet companies (and by extension IOT companies) have such little faith in their product that they feel it necessary to give it away for nothing and then try to survive by introducing third parties for their income. Until that changes (and it doesn't help the cause when the tech press howls about the $1000 iPhone vs the $200 Android phone with "free" OS), we're going to continue down the dystopian path.
"Well, good luck finding a judge that doesn't run a bestiality site."
> I wonder how far fire and safety regulatory orgs would get without municipal code adoption of their standards?
You can read all about it, because that was the case for about 100 years. Still many building codes are only *legally* enforced by municipal ordinance - within city limits. Outside city limits, people build to code because no bank is going to issue a mortgage on a non-compiant building, insurance companies won't insure it, and far fewer people would want to buy it, thereby greatly reducing the price the builder could sell it for. The codes are pretty well followed for construction in the county, where there is no legal requirement.
You mean the creeps that want to backdoor everything and compromise all security in order to be able to listen to and record everything? Fat chance. These people will only make everything worse.
Bruce Schneier has an irrational trust in authority. He really should know better by now.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.