[Cryptography] Schneier's Internet Security Agency - bad idea because we don't know what it will do

Benjamin Kreuter brk7bx at virginia.edu
Sat Feb 25 21:21:48 EST 2017


On Sat, 2017-02-25 at 16:26 +0100, Ian G wrote:
> (cryptopolitics)

(Typically dominated by libertarians, but I'll be a proud exception.)

> Schneier's argument relies, in a sense, on asking the question:
> what's the least bad thing we could do, when we don't know what to
> do?  Schneier says that the market has failed, and what we do with
> market failure is create a government agency to implement a solution
> to the problem.

Except that is not the only solution to market failures.  The other
solution is to change the rules so that the market stops failing.

In this case, strict liability for security failures seems like a
reasonable approach.  IoT vendors are free to try different things, but
if their devices are hacked, they have to pay the device owners.  Let
the market figure out how to keep that damage down to a manageable
level.

Markets are really just a way for society to deal with the problem you
described: not knowing what to do.  In general markets can only exist
in the context of a legal system that makes a market possible.  If a
market is failing, the right answer might be to change the law so that
the market succeeds.

-- Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 847 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170225/f8366611/attachment.sig>


More information about the cryptography mailing list