House passeert rekening om het internet van kapotte dingen aan te pakkenseptember 18, 2020
CBD Olie kan helpen bij ADHD. Lees hoe op MHBioShop.com
Huile de CBD peut aider avec TDAH. Visite HuileCBD.be
from the your-fridge-needs-a-better-firewall dept
Though it doesn’t grab the same headline attention as the silly and pointless TikTok ban, the lack of security and privacy standards in the internet of things (IOT) is arguably a much bigger problem. TikTok is, after all, just one app, hoovering up consumer data in a way that’s not particularly different from the 45,000 other international apps, services, governments, and telecoms doing much the same thing. The IOT, in contrast, involves millions of feebly secured products being attached to home and business networks every day. Many also made in China, but featuring microphones and cameras.
Thanks to a laundry list of lazy companies, everything from your Barbie doll to your tea kettle is now hackable. Worse, these devices are now being quickly incorporated into some of the largest botnets ever built, resulting in devastating and historic DDoS attacks. In short: thanks to “internet of things” companies that prioritized profits over consumer privacy and the safety of the internet, we’re now facing a security and privacy dumpster fire that many experts believe will, sooner or later, result in some notably nasty results.
To that end, the House this week finally passed the Internet of Things Cybersecurity Improvement Act, which should finally bring some meaningful privacy and security standards to the internet of things (IOT). Cory Gardner, Mark Warner, and other lawmakers note the bill creates some baseline standards for security and privacy that must be consistently updated (what a novel idea), while prohibiting government agencies from using gear that doesn’t pass muster. It also includes some transparency requirements mandating that any vulnerabilities in IOT hardware are disseminated among agencies and the public quickly:
“Securing the Internet of Things is a key vulnerability Congress must address. While IoT devices improve and enhance nearly every aspect of our society, economy and everyday lives, these devices must be secure in order to protect Americans’ personal data. The IoT Cybersecurity Improvement Act would ensure that taxpayers dollars are only being used to purchase IoT devices that meet basic, minimum security requirements. This would ensure that we adequately mitigate vulnerabilities these devices might create on federal networks.”
Again, it’s not going to get the same attention as the TikTok pearl clutching, but it’s arguably more important.
The IOT is a simultaneously a successful sector while at the same time suffering from a form of market failure. I come back a lot to this Bruce Schneier blog post because I think it explains IOT dysfunction rather well:
“The market can’t fix this because neither the buyer nor the seller cares. The owners of the webcams and DVRs used in the denial-of-service attacks don’t care. Their devices were cheap to buy, they still work, and they don’t know any of the victims of the attacks. The sellers of those devices don’t care: They’re now selling newer and better models, and the original buyers only cared about price and features. There is no market solution, because the insecurity is what economists call an externality: It’s an effect of the purchasing decision that affects other people. Think of it kind of like invisible pollution.”
One problem is that consumers often don’t know what they’re buying because sellers aren’t transparent, which is why groups like Consumer Reports have been working on an open source standard to include security and privacy issues in product reviews. Another big problem is that these devices are rarely designed with GUIs that provide transparent insight into what these devices are doing online. And unless users have a semi-sophisticated familiarity with monitoring their internet traffic via a router, they likely have no idea that their shiny new internet-connected doo-dad is putting themselves, and others, at risk.
Fixing the IOT requires collaboration between consumers, vendors, governments, and security experts, and so far that coordination has been patchy at best. Instead of developing policies and standards that address an entire sector’s worth of security and privacy problems, the U.S. adores hyperventilating about individual threats (see: TikTok) then pushing policies (see: the TikTok ban) that don’t actually accomplish that much. U.S. data privacy and security is a problem that requires a much wider view, instead of this bizarre, inconsistent consternation that’s more ADHD Whac-a-Mole than serious policy.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team