[iot-discussion] What role does the SP play in protecting consumers re IoT?

For anyone not already there. . . The Twitter thing on the Internet of Shit?

And the cover of the Economist last week: Why computers will never be safe.

And I remember being on the RISKS Forum mailing list moderated by Peter G. Neumann a long time ago. Anybody here still following it?

And I remember being in an operating theatre with the gamma counters when the guy upstairs with the computer got bored and played with buttons he should not have been playing with and "could not see the data anymore”. We replaced him with a button that I could control.

And I was on that flight to the IETF in Seoul when our seats “crashed”. Way up in the sky above Siberia and the “blue screen of thingie” on the seat back in front of me.

And my new car wants to be on the Internet!

And so on and so on.

I suppose though I feel part of the old school to whom stuff, things, whatever, were always connected to computers and computers were connected to networks. No, I was never in a place that had the coffee machine hooked up. But what is new?

Time to quote Philip Larkin?

"Sexual intercourse began
In nineteen sixty-three
(which was rather late for me) -
Between the end of the "Chatterley" ban
And the Beatles' first LP."

I now think though that what is “new” is that it is no longer just ”us” but it is more and more “them”. And that is probably the most important distinction.

I think I first came across the notion of an “Internet driving licence” in an exchange I had way back with Robert Cailliau. I did not see how it could work then and I still don’t.

On the other hand I remember the Scottish Law Commission looking at computer crime.

https://www.scotlawcom.gov.uk/files/1013/1419/8499/cm68.pdf

The lesson I took I think still holds valid. The law is an ecosystem and you are so much better first seeing what you can do with current law before looking to see if current law needs to be modified, even just in interpretation, before trying to justify brand new laws.

So consumer protection - truth in advertising? - and product liability and privacy / data protection and so on.

This community could help out in that direction by being clearer on roles - and so possible responsibilities?

But I have been struck by a couple of things mentioned where I feel we have to be much clearer towards the outside world, particularly policy people and legislators.

I feel more and more uncomfortable with the term "end-to-end principle”. Don’t get me wrong. I am very much in favour of the the dumb middle, the simplifying, the non-interfering, non-discrimatory middle. And the more we all encrypt the more that may be how it will be. But the end-to-end idea seems to take us back to a connection - a circuit? - between two end points. Maybe two end networks makes a little bit more sense? And yet we here know that is not the case. 

A few years back Patrik Fältström and I wrote a little paper on what happened when I, sitting at home in Brussels, accessed his web-site in Sweden. With a little bit of thought you can imagine what we saw. The number of networks involved. The number of name servers involved. The number of content servers involved. Patrik was a bit surprised to see - to be reminded? - that one machine  was acting as both a name server and a content server? I am not sure if Patrik is on this list but I have copied him in. So if anyone wants the paper he can give a pointer on his site.

So a “thing” on a network may be having quite a rich conversation with very many servers out there. It is not simple end-to-end, device to server.

And then your access provider - many provide services only some provide access! — may not be as obvious as you think. You will have more than one. I am not sure how many.

I remember watching a video of a presentation by Mark Townsley at UKNOF27 (available on YouTube of course). I invite you to go and have a look at it. But for me there were two key points. Your home network will have multiple external connections, multiple external IP connections if not full Internet connections. And as Mark points out home networks will have to deal with that. And at the same time we all already have things - smart phones! - that move back and forwards between different styles of connectivity. 

My phone does WiFi in my living room and “only” 4G down the corridor in my bedroom. So some apps only work when I am on WiFi and not when I am on 4G. 

And they have just installed remote water meters which I hope will stay where they are

I will pause here.

:-)

Gordon @ TDRS