Internet of Things

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Jonathan Zittrain <zittrain () law harvard edu>
> Date: June 5, 2018 at 10:03:30 EDT
> To: David Farber <farber () gmail com>
> Subject: Fwd: Internet of Things
>
>
>
> I wrote up some thoughts on security for the Internet of Things - 
> https://www.nytimes.com/2018/06/03/opinion/westworld-internet-of-things.html. 
>
> I’d love to further develop the “island of misfit toys idea”; curious what IP’ers think. 
>
> From Westworld to Best World for the Internet of Things
> By Jonathan Zittrain
> Mr. Zittrain is a Harvard professor and a co-founder of the Berkman Klein Center for Internet & Society.
> June 3, 2018
>
> +
> Image
> CreditGetty Images
> Last month the F.B.I. issued an urgent warning: Everyone with home internet routers should reboot them to shed them 
> of malware from “foreign cyberactors.”
>
> Putting aside the strangeness that for oncepower-cycling a device could perform an effective exorcism upon it, the 
> episode reveals more than just the potential for disruption of internet access for people using equipment they never 
> expect to have to physically manage. It also underscores how unprepared we are to manage downstream-networked devices 
> and appliances — the “internet of things” — that are vulnerable to attack.
>
> A longstanding ethos of internet development lets anyone build and share new code and services, with consequences to 
> be dealt with later. I call this the “procrastination principle,” and I don’t regret supporting it. But it’s hard to 
> feel the same way about the internet of things.
>
> Worries about security for these devices have become widespread, and they fall roughly into two categories.
> First, compromised networked things can endanger their users. In 2015, Chrysler recalled 1.4 million vehicles after 
> researchers showed they could hack a Jeep and disable its brakes and transmission. Coffee makers and other appliances 
> with heating elements could have safety features overridden, starting a fire. And an alert was issued on certain 
> pacemakers last year after vulnerabilities were found that could allow attackers to gain unauthorized access and 
> issue commands to the devices.
>
> Second, hacking even a tiny subset of the 10 billion and counting networked things can produce threats larger than 
> any one consumer. Individually these devices may be too small to care about; together they become too big to fail. 
> Security systems in a city could be made to sound an alarm simultaneously. Light bulbs can be organized into bot 
> armies, directed to harm any other internet-connected target. And worse than a single Jeep executing an unexpected 
> sharp left turn is a whole fleet of them doing so.
>
> Short of rejecting internet integration with appliances, dealing with this is not easy. As with home routers, we tend 
> to keep appliances around for years, so vulnerabilities aren’t phased out quickly.
>
> In fact, many vendors might stop issuing firmware updates for physical objects even while they’re still widely in use 
> — abandoning the public to problems lurking in embedded code. And otherwise-valuable “over the air” security updates 
> could also be a gateway to a hack, especially for small vendors of cheap if useful objects like $5 drones.
> The unusual problems of the internet of things call for unusual solutions.
>
> The first confronts the life-cycle problem. Companies making a critical mass of internet-enabled products should be 
> required to post a “networked safety bond” to be cashed in if they abandon maintenance for a product, or fold 
> entirely. Insurers can price bonds according to companies’ security practices. There’s an example of such a system 
> for coal mining, to provide for reclamation and cleanup should the mining company leave behind a wasteland.
>
> For internet-connected appliances, “reclamation” can entail work by nonprofit foundations to maintain the code for 
> abandoned products, creating an “island of misfit toys,” in the parlance of the famed 1964 Rankin/Bass stop-motion 
> Christmas special. Proceeds from redeemed bonds would go to these foundations to maintain the products, like the way 
> the Mozilla Foundation has transformed the 1998 Netscape browser long after its originators left the scene.
>
> A second intervention would require networked products modeled after analog counterparts to work even without 
> connectivity. A smart coffee maker shouldn’t be so clever that it can’t make coffee without internet access. 
> Switchover to non-connectivity mode will not merely help prevent things from becoming useless when the internet goes 
> down, or if the original vendor disappears or jacks up service prices. It can also provide a soft landing for 
> appliances that reach the end of their supported life cycles while still beloved by owners.
>
> Finally, networked devices made by different vendors need to be able to communicate with one another — the way that, 
> say, Mac and PC users seamlessly exchange email. That prevents a household from becoming locked into a single vendor 
> for all its appliances. It also prevents us from flocking to one or two vendors whose compromise could cause 
> widespread consequences.
>
> While procrastination around security has been vital to the expansion of the internet, “later” doesn’t mean “never.” 
> We can create incentives to design networked devices for both interoperability and safety, and to plan for 
> remediation when some things inevitably go wrong. We can enjoy the best rather than worst of both worlds.
> Jonathan Zittrain (@zittrain) is a professor of international law and of computer science at Harvard, a co-founder of 
> the Berkman Klein Center for Internet & Society and the author of “The Future of the Internet — And How to Stop It.”



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20180605101211:6E9969BC-68CA-11E8-A2F8-E67A9A9437FD
Powered by Listbox: http://www.listbox.com