Re: [iot-discussion] iot-discussion Digest, Vol 1, Issue 5
Thanks for sharing Gordon, and good question Shane.. I found the article a bit lacking in terms of a clear reason why regulation is *the* main way forward. It is not said that if you leave the regulation of IoT in the hands of several different goverments across the world that you get better security standards all-round. More likely, you will get certain jurisdictions that do a good job and others that don't. I also feel that the call for governments to take this up really opens the door to legitimizing the ongoing efforts at the ITU to make it the hub for IoT standard development. And looking at the recent discussions on Over the Top (OTT) services and DOA at the ITU-D WTSA meeting, I am not sure that is good solution. Rather, it would be great if we could find a way to look at soft law options and encourage the technical actors responsible for developing security considerations to take the importance of strong security for IoT on board, if only because if they don't people will lose trust in them and their stuff they build. And there I see a clear role for RIPE and its members. Happy to further discuss! Best, On Tue, Nov 22, 2016 at 11:00 AM, <iot-discussion-request@ripe.net> wrote:
Send iot-discussion mailing list submissions to iot-discussion@ripe.net
To subscribe or unsubscribe via the World Wide Web, visit https://lists.ripe.net/mailman/listinfo/iot-discussion or, via email, send a message with subject or body 'help' to iot-discussion-request@ripe.net
You can reach the person managing the list at iot-discussion-owner@ripe.net
When replying, please edit your Subject line so it is more specific than "Re: Contents of iot-discussion digest..."
Today's Topics:
1. Re: Regulating the IoT (Shane Kerr)
----------------------------------------------------------------------
Message: 1 Date: Tue, 22 Nov 2016 12:51:10 +0800 From: Shane Kerr <shane@time-travellers.org> To: Gordon Lennox <gordon.lennox.13@gmail.com> Cc: iot-discussion@ripe.net Subject: Re: [iot-discussion] Regulating the IoT Message-ID: <20161122125110.47650945@pallas.home.time-travellers.org> Content-Type: text/plain; charset="utf-8"
Gordon,
At 2016-11-18 14:10:52 +0100 Gordon Lennox <gordon.lennox.13@gmail.com> wrote:
You can read Bruce Schneier?s take here:
https://www.washingtonpost.com/posteverything/wp/2016/11/ 03/your-wifi-connected-thermostat-can-take-down-the- whole-internet-we-need-new-regulations/
And here:
https://www.schneier.com/crypto-gram/archives/2016/1115.html
He's not wrong. But is there a path to reasonable regulation? Can RIPE help facilitate this in any way?
Cheers,
-- Shane
Corinne, all - I'd be much grateful if folks here (and on any other list they are subscribed to, too) would actually follow the following recommendation: On 22.11.2016 12:28, Corinne Cath wrote:
[...]
When replying, please edit your Subject line so it is more specific than "Re: Contents of iot-discussion digest..."
- which is part of any and all digests they are getting. Thank you very much - kind regards, Carsten
+1 Carsten -Michael On Nov 22, 2016 12:57 PM, "Carsten Schiefner" <ripe-wgs.cs@schiefner.de> wrote:
Corinne, all -
I'd be much grateful if folks here (and on any other list they are subscribed to, too) would actually follow the following recommendation:
On 22.11.2016 12:28, Corinne Cath wrote:
[...]
When replying, please edit your Subject line so it is more specific than "Re: Contents of iot-discussion digest..."
- which is part of any and all digests they are getting.
Thank you very much - kind regards,
Carsten
_______________________________________________ iot-discussion mailing list iot-discussion@ripe.net https://lists.ripe.net/mailman/listinfo/iot-discussion
Corinne, To be clear, I do not necessarily advocate regulation in the terms that most people probably think about it. That is, "Manufacturer X must apply standard ABC and get certification 1234 from an EU-authorized certification body". But, as Bruce Schneier and many others have pointed out, the economic model currently surrounding IoT is broken. This is the area that I think that regulators can and should be focusing their efforts. Regulation could be simply in terms of clarifying liability. It could even be something like *relaxing* consumer guarantees (for example, maybe a best practice would be for IoT devices to brick themselves - or at least disable Internet connections - if they have not received a security patch in X days). It could be in things like requiring consumers have the ability to run open operating systems on devices. As to why governments should do this... who else? My own opinion is that businesses generally do a terrible job of self-regulation. Should the EU have had to step in and insist on net neutrality for mobile data? No, but they did. Should the EU have had to strong-arm the mobile industry to make roaming fees more reasonable? No, but they did. One could argue that the RIR system is a shining example of good self-regulation. Or one could argue that it is actually broken and point to the unfairness of legacy versus new space, the problems with IP brokers hijacking the policy process, the way that abuse policies with teeth cannot be created, the unwillingness to take a stand on enforcing good routing practices, and so on. (My own feelings here are mixed.) :) While it would be nice if there was something other than businesses or governments, in today's world there really isn't. All of the old powers like religions or unions are basically gone, and other things like NGO's and the like are typically ignored by both business leaders and governmental officials, who have all the keys to the kingdom. Maybe a middle road is to generate recommendations & best practices elsewhere and somehow convince companies or governments to adopt them. It seems unlikely to succeed, but the IETF did basically this (although with explicit US government support for the first couple decades). So what else is there? Cheers, -- Shane At 2016-11-22 11:28:17 +0000 Corinne Cath <corinnecath@gmail.com> wrote:
Thanks for sharing Gordon, and good question Shane.. I found the article a bit lacking in terms of a clear reason why regulation is *the* main way forward. It is not said that if you leave the regulation of IoT in the hands of several different goverments across the world that you get better security standards all-round. More likely, you will get certain jurisdictions that do a good job and others that don't.
I also feel that the call for governments to take this up really opens the door to legitimizing the ongoing efforts at the ITU to make it the hub for IoT standard development. And looking at the recent discussions on Over the Top (OTT) services and DOA at the ITU-D WTSA meeting, I am not sure that is good solution.
Rather, it would be great if we could find a way to look at soft law options and encourage the technical actors responsible for developing security considerations to take the importance of strong security for IoT on board, if only because if they don't people will lose trust in them and their stuff they build.
And there I see a clear role for RIPE and its members.
Happy to further discuss! Best,
On Tue, Nov 22, 2016 at 11:00 AM, <iot-discussion-request@ripe.net> wrote:
Send iot-discussion mailing list submissions to iot-discussion@ripe.net
To subscribe or unsubscribe via the World Wide Web, visit https://lists.ripe.net/mailman/listinfo/iot-discussion or, via email, send a message with subject or body 'help' to iot-discussion-request@ripe.net
You can reach the person managing the list at iot-discussion-owner@ripe.net
When replying, please edit your Subject line so it is more specific than "Re: Contents of iot-discussion digest..."
Today's Topics:
1. Re: Regulating the IoT (Shane Kerr)
----------------------------------------------------------------------
Message: 1 Date: Tue, 22 Nov 2016 12:51:10 +0800 From: Shane Kerr <shane@time-travellers.org> To: Gordon Lennox <gordon.lennox.13@gmail.com> Cc: iot-discussion@ripe.net Subject: Re: [iot-discussion] Regulating the IoT Message-ID: <20161122125110.47650945@pallas.home.time-travellers.org> Content-Type: text/plain; charset="utf-8"
Gordon,
At 2016-11-18 14:10:52 +0100 Gordon Lennox <gordon.lennox.13@gmail.com> wrote:
You can read Bruce Schneier?s take here:
https://www.washingtonpost.com/posteverything/wp/2016/11/ 03/your-wifi-connected-thermostat-can-take-down-the- whole-internet-we-need-new-regulations/
And here:
https://www.schneier.com/crypto-gram/archives/2016/1115.html
He's not wrong. But is there a path to reasonable regulation? Can RIPE help facilitate this in any way?
Cheers,
-- Shane
Great suggestions Corinne! See my comments in an earlier message I sent as well. Best, -Michael On Tue, Nov 22, 2016 at 6:28 AM, Corinne Cath <corinnecath@gmail.com> wrote:
Thanks for sharing Gordon, and good question Shane.. I found the article a bit lacking in terms of a clear reason why regulation is *the* main way forward. It is not said that if you leave the regulation of IoT in the hands of several different governments across the world that you get better security standards all-round. More likely, you will get certain jurisdictions that do a good job and others that don't.
I also feel that the call for governments to take this up really opens the door to legitimizing the ongoing efforts at the ITU to make it the hub for IoT standard development. And looking at the recent discussions on Over the Top (OTT) services and DOA at the ITU-D WTSA meeting, I am not sure that is good solution.
Rather, it would be great if we could find a way to look at soft law options and encourage the technical actors responsible for developing security considerations to take the importance of strong security for IoT on board, if only because if they don't people will lose trust in them and their stuff they build.
And there I see a clear role for RIPE and its members.
Happy to further discuss! Best,
On Tue, Nov 22, 2016 at 11:00 AM, <iot-discussion-request@ripe.net> wrote:
Send iot-discussion mailing list submissions to iot-discussion@ripe.net
To subscribe or unsubscribe via the World Wide Web, visit https://lists.ripe.net/mailman/listinfo/iot-discussion or, via email, send a message with subject or body 'help' to iot-discussion-request@ripe.net
You can reach the person managing the list at iot-discussion-owner@ripe.net
When replying, please edit your Subject line so it is more specific than "Re: Contents of iot-discussion digest..."
Today's Topics:
1. Re: Regulating the IoT (Shane Kerr)
----------------------------------------------------------------------
Message: 1 Date: Tue, 22 Nov 2016 12:51:10 +0800 From: Shane Kerr <shane@time-travellers.org> To: Gordon Lennox <gordon.lennox.13@gmail.com> Cc: iot-discussion@ripe.net Subject: Re: [iot-discussion] Regulating the IoT Message-ID: <20161122125110.47650945@pallas.home.time-travellers.org> Content-Type: text/plain; charset="utf-8"
Gordon,
At 2016-11-18 14:10:52 +0100 Gordon Lennox <gordon.lennox.13@gmail.com> wrote:
You can read Bruce Schneier?s take here:
https://www.washingtonpost.com/posteverything/wp/2016/11/03/ your-wifi-connected-thermostat-can-take-down-the-whole- internet-we-need-new-regulations/
And here:
https://www.schneier.com/crypto-gram/archives/2016/1115.html
He's not wrong. But is there a path to reasonable regulation? Can RIPE help facilitate this in any way?
Cheers,
-- Shane
participants (4)
-
Carsten Schiefner
-
Corinne Cath
-
Michael Oghia
-
Shane Kerr