Schneier: "Think of all the CCTV cameras and DVRs used in the attack against Brian Krebs. The owners of those devices don't care. Their devices were cheap to buy, they still work, and they don't even know Brian. The sellers of those devices don't care: they're now selling newer and better models, and the original buyers only cared about price and features. There is no market solution because the insecurity is what economists call an externality: it's an effect of the purchasing decision that affects other people. Think of it kind of like invisible pollution."
Security Economics of the Internet of Things - Schneier on Security
Security Economics of the Internet of Things. Brian Krebs is a popular reporter on the cybersecurity beat. He regularly exposes cybercriminals and their tactics, and consequently is regularly a target of their ire. Last month, he wrote about an online attack-for-hire service that resulted in the ...
4 plus ones
Shared publicly•View activity
- Yes, and the solution is: internalize those externalties by making sellers and/or producers of said devices legally responsible for their products, let's say 5 years after production. It's time for hardware (and software) producers in the IT business to take responsibility.20w
- I had the same thought as, the standard way of dealing with externalities is by making someone responsible for them. The producers seem like the right people to me, since they're the ones who have the ability to make the devices secure.20w
- In addition to making the manufacturer responsible, or maybe instead of, we could make the consumer responsible.
Instead of open ended connectivity contracts we could take a page from environmental and vehicle safety legislation. All equipment would need to be certified and annually recertified in order to maintain access to the Internet.
We could also merge a concept from property maintenance laws that allows for proper authority to enter and clean up property that violates community, health, and safety issues.
It doesn't matter who is ultimately held responsible, consumer costs will rise. From a strictly philosophical point of view, I think that the manufacturer must be held to a reasonable standard of in the same way that car manufacturers are treated, but that the consumer is held responsible for maintenance, again like with cars.19w