This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/iot-wg@ripe.net/
[iot-discussion] Regulating the IoT (again, re-titled from iot-discussion Digest, Vol 1, Issue 5)
- Previous message (by thread): [iot-discussion] If on digest mode, please edit your Subject line !
- Next message (by thread): [iot-discussion] iot-discussion Digest, Vol 1, Issue 5
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at time-travellers.org
Wed Nov 23 06:11:48 CET 2016
Corinne, To be clear, I do not necessarily advocate regulation in the terms that most people probably think about it. That is, "Manufacturer X must apply standard ABC and get certification 1234 from an EU-authorized certification body". But, as Bruce Schneier and many others have pointed out, the economic model currently surrounding IoT is broken. This is the area that I think that regulators can and should be focusing their efforts. Regulation could be simply in terms of clarifying liability. It could even be something like *relaxing* consumer guarantees (for example, maybe a best practice would be for IoT devices to brick themselves - or at least disable Internet connections - if they have not received a security patch in X days). It could be in things like requiring consumers have the ability to run open operating systems on devices. As to why governments should do this... who else? My own opinion is that businesses generally do a terrible job of self-regulation. Should the EU have had to step in and insist on net neutrality for mobile data? No, but they did. Should the EU have had to strong-arm the mobile industry to make roaming fees more reasonable? No, but they did. One could argue that the RIR system is a shining example of good self-regulation. Or one could argue that it is actually broken and point to the unfairness of legacy versus new space, the problems with IP brokers hijacking the policy process, the way that abuse policies with teeth cannot be created, the unwillingness to take a stand on enforcing good routing practices, and so on. (My own feelings here are mixed.) :) While it would be nice if there was something other than businesses or governments, in today's world there really isn't. All of the old powers like religions or unions are basically gone, and other things like NGO's and the like are typically ignored by both business leaders and governmental officials, who have all the keys to the kingdom. Maybe a middle road is to generate recommendations & best practices elsewhere and somehow convince companies or governments to adopt them. It seems unlikely to succeed, but the IETF did basically this (although with explicit US government support for the first couple decades). So what else is there? Cheers, -- Shane At 2016-11-22 11:28:17 +0000 Corinne Cath <corinnecath at gmail.com> wrote: > Thanks for sharing Gordon, and good question Shane.. I found the article a > bit lacking in terms of a clear reason why regulation is *the* main way > forward. It is not said that if you leave the regulation of IoT in the > hands of several different goverments across the world that you get better > security standards all-round. More likely, you will get certain > jurisdictions that do a good job and others that don't. > > I also feel that the call for governments to take this up really opens the > door to legitimizing the ongoing efforts at the ITU to make it the hub for > IoT standard development. And looking at the recent discussions on Over the > Top (OTT) services and DOA at the ITU-D WTSA meeting, I am not sure that is > good solution. > > Rather, it would be great if we could find a way to look at soft law > options and encourage the technical actors responsible for developing > security considerations to take the importance of strong security for IoT > on board, if only because if they don't people will lose trust in them and > their stuff they build. > > And there I see a clear role for RIPE and its members. > > Happy to further discuss! Best, > > On Tue, Nov 22, 2016 at 11:00 AM, <iot-discussion-request at ripe.net> wrote: > > > Send iot-discussion mailing list submissions to > > iot-discussion at ripe.net > > > > To subscribe or unsubscribe via the World Wide Web, visit > > https://lists.ripe.net/mailman/listinfo/iot-discussion > > or, via email, send a message with subject or body 'help' to > > iot-discussion-request at ripe.net > > > > You can reach the person managing the list at > > iot-discussion-owner at ripe.net > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of iot-discussion digest..." > > > > > > Today's Topics: > > > > 1. Re: Regulating the IoT (Shane Kerr) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Tue, 22 Nov 2016 12:51:10 +0800 > > From: Shane Kerr <shane at time-travellers.org> > > To: Gordon Lennox <gordon.lennox.13 at gmail.com> > > Cc: iot-discussion at ripe.net > > Subject: Re: [iot-discussion] Regulating the IoT > > Message-ID: <20161122125110.47650945 at pallas.home.time-travellers.org> > > Content-Type: text/plain; charset="utf-8" > > > > Gordon, > > > > At 2016-11-18 14:10:52 +0100 > > Gordon Lennox <gordon.lennox.13 at gmail.com> wrote: > > > > > You can read Bruce Schneier?s take here: > > > > > > https://www.washingtonpost.com/posteverything/wp/2016/11/ > > 03/your-wifi-connected-thermostat-can-take-down-the- > > whole-internet-we-need-new-regulations/ > > > > > > And here: > > > > > > https://www.schneier.com/crypto-gram/archives/2016/1115.html > > > > He's not wrong. But is there a path to reasonable regulation? Can RIPE > > help facilitate this in any way? > > > > Cheers, > > > > -- > > Shane > > -------------- next part -------------- > > A non-text attachment was scrubbed... > > Name: not available > > Type: application/pgp-signature > > Size: 833 bytes > > Desc: OpenPGP digital signature > > URL: <https://lists.ripe.net/ripe/mail/archives/iot-discussion/ > > attachments/20161122/28de5dbb/attachment-0001.sig> > > > > ------------------------------ > > > > Subject: Digest Footer > > > > _______________________________________________ > > iot-discussion mailing list > > iot-discussion at ripe.net > > https://lists.ripe.net/mailman/listinfo/iot-discussion > > > > > > ------------------------------ > > > > End of iot-discussion Digest, Vol 1, Issue 5 > > ******************************************** > > > > > > -- > Corinne J.N. Cath > Ph.D. Candidate, Oxford Internet Institute & Alan Turing Institute > > Web: www.oii.ox.ac.uk/people/corinne-cath > Email: ccath at turing.ac.uk & corinnecath at gmail.com > Twitter: @C_Cath -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: </ripe/mail/archives/iot-wg/attachments/20161123/4efa8f6b/attachment.sig>
- Previous message (by thread): [iot-discussion] If on digest mode, please edit your Subject line !
- Next message (by thread): [iot-discussion] iot-discussion Digest, Vol 1, Issue 5
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ iot-wg Archives ]