Schneier's "Click Here To Kill Everybody pervasive connected devices mean we REALLY can't afford shitty internet policy


#1

Originally published at: https://boingboing.net/2018/09/04/great-if-we-dont-fuck-up.html

Bruce Schneier (previously) has spent literal decades as part of the vanguard of the movement to get policy makers to take internet security seriously: to actually try to make devices and services secure, and to resist the temptation to blow holes in their security in order to spy on “bad guys.” In Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, Schneier makes a desperate, impassioned plea for sensible action, painting a picture of a world balanced on the point of no return.


#2

This is why security guys refer to the “Internet of Things” (small connected devices) as the “Internet of Shit.” Very few of these were designed with security foremost in mind, and some have glaring design flaws, not to mention bugs. They have software that runs them, but it’s typically in firmware, so there is no auto-update. if you are very lucky the vendor has security patches, and if you are very savvy, you are actually applying them, but 99% of the users of these things probably aren’t. Then of course some vendors just go out of business, leaving the devices still running, with nobody fixing anything.

It is really scary when you start thinking about medical devices having security holes, for example. Or someone hacking into your home surveillance camera. Or you car. Not to mention, homes and offices increasingly have a whole bunch of these and if any one of them is vulnerable, that is an entry point for hackers to access your network, and from there they can potentially get to more valuable targets.


#3

I haven’t yet read his specific arguments, and it’s probably true that legislators will continue to do nothing upon nothing about the increasingly unanimous demand to take (the population’s) cybersecurity seriously. That’s been the historical pattern.

But it might go down differently. I’ve noticed that a lot of recent political upheavals could be viewed as instances of people pushing with all their might on a door that is suddenly wide open. (Presumably because of the internet)

Like, with gay rights, and especially trans rights, after decades of slooowly chipping away at it, people suddenly found that the public consensus, and policy makers, just turned on a dime. With net neutrality – though there are forces actively working against it – on several occasions public protests have produced immediate results, which no one really expected. Women have been pointing out systematic sexual abuse since, you know, the dawn of time, and suddenly things like #MeToo just explode, to the point where in some cases the consequences for abusers have been more rapid and severe than anyone really expected (albeit not so you’d lose sleep over it).

And on the negative side, you have, well, basically everything that motivates Turmp supporters. Those people spent generations espousing horribly cruel and bigoted opinions (“send 'em all back to Mexico”), as hyperbole, and all of a sudden those nasty opinions are literal GOP platform items. Yes, the deplorables may have doubled down rather than dialling back their rhetoric, securing Hell as their destination, but I think even the nastiest mainstream Republican was taken by surprise at how easily things changed.

Anyway my point is that a lot of the time, the social and political consensus now reacts to pressure much faster than it used to. IoT security is probably still a little bit of a niche concern, but it might be possible to turn things around based on even a relatively minor headline.


#4

There was a news item here (UK) last night on TV about next gen surgical robots. (Newsnight, BBC, I think.)
Among others Google has one. And guess what?

OK, just in case it wasn’t obvious: Google are going to make them all “internet connected” so they can share data, outcomes, procedures, performance, etc. with each other, to learn and improve.

It may have been very lazy journalism (“internet connected”) or it may have been lazy Google PR, and perhaps they won’t simply be “internet connected”, but the idea I may have some future keyhole surgery done by a robot that could be hacked by Vlad from Putinland mid-procedure does not fill me with confidence.

ETA: Found a version of the news item online:


closed #6

This topic was automatically closed after 5 days. New replies are no longer allowed.