[Cryptography] Schneier's Internet Security Agency - bad idea because we don't know what it will do
Peter Todd
pete at petertodd.org
Sun Feb 26 18:31:39 EST 2017
On Sun, Feb 26, 2017 at 04:09:29PM +0100, mok-kong shen wrote:
> Am 25.02.2017 um 23:52 schrieb Peter Todd:
>
> >Introduce strict liability for distributors, manufacturers, and/or developers
> >and this problem would go away. Of course, so would the IoT industry, but they
> >were creating an unsafe product causing harm to others, so there's every reason
> >why that industry (and individuals working in that industry) should be sued
> >into the ground until they find ways of developing secure IoT devices that
> >don't cause harm to others.
>
> I doubt what you wrote is realistic. Analogy: A kitchen knife, which is
> very useful for cooking but could also be used to kill persons under
> circumstances.
Knifes aren't very good rebuttles: your average person fully understands what a
knife is doing, and thus the responsibility for a knife killing someone
obviously should lie with the person wielding the knife.
Non-open-source IoT devices OTOH have functionality that's hidden from the
user, and thus the responsiblity for that functionality should lie with the
people responsible for that functionality. The user was entirely reliant on the
manufacturer to produce a secure device.
As for open-source devices, that's a situation where we've given the owner the
ability to determine what the device is doing, so there's every reason to
absolve the vendor of responbility, particularly if they ship the IoT device
without software. Sure, in some cases that may amount to a legal loophole, but
it's reasonable for society to have a "soft-touch" on this kind of thing and
allow manufacturers and software developers to absolve themselves in this
manner.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170226/826753e4/attachment.sig>
More information about the cryptography
mailing list