Well, that's a relief.
Can you imagine what a mess they'd make ?
The Internet of Things is “dangerous”, according to some bloke trying to rebrand it as the “Internet of You” – and the government ain't going to pass new laws to sort it out. According to a press release, one Jim Hunter of Greenwave Communications quite rightly warned the Broadband World Forum this morning that putting …
"Cyber security research institutes"???
Here's a vote-winning idea for any party that wants to adopt it.
Make use of the prefix "cyber-" in relation to anything computer/Internet/digital-related... punishable by public flogging followed by hanging, drawing, being ripped apart by wild horses and then encasement in carbonite. As a warning, for a first offence.
It would get my vote.
What is this, 1994? Do all civil servants get their idea of the technology landscape from viewings of Lawnmower Man?
This post has been deleted by its author
I eagerly await their latest public proclamation that will state what an utter bastard I am for not allowing employees to buy any old IoT shite and plug it in the network. I'm sure that internet enabled fridges, kettles, cup warmers, vests, vibrators, door bells, locks and toilets etc are all essential parts of a modern Government network infrastructure.
Plus the Treasury desperately needs lots of start-ups to begin making this shite and even more technologically incontinent customers to buy them.
Take your IoT and shove it up your smart app enabled arse.
If people want to plug any old shite into their network that is entirely up to them.
If they get sued them because their IOT device damaged some one else's business tough.
If an IOT supplier gets sued because they enabled the aforementioned idiot, tough.
It has nothing to do with the Government.
After a couple of lawsuits perhaps people will consider what they are doing, customers will demand secure products, suppliers will only supply secure products.
The best the Government could do is put out periodic warnings about the possibility of people being held liable for their actions.
Sued are you serious?!?
When your device is one of a million+ strong botnet, there's not much chance anyone's coming after you. Especially if the target is no longer in business.
In today's brave new Britain, apparently plod isn't going to bother investigating "open window" type crimes any more so they're unlikely to waste their resources tracking down IOT owners. After all they've got more important things to worry about like, say, hate crimes. 600 against one person if you can trust an MPs recent claim; that should take a few man hours to resolve. Or not, as the case may be.
"It has nothing to do with the Government."
Maybe it's also nothing to do with Government that electrical equipment has to reach minimum safety standards before it's put on sale. Maybe it's nothing to do with Government that vehicles have to meet safety standards before being put on sale. Maybe it's nothing to do with Government that children's toys mustn't use toxic paint.
But, of course, Government does have a say in all these things. Why should it not also be able to mandate that stuff to be connected to at least the local section of the net meets appropriate digital safety standards before it's put on sale?
Just imagine the vast troves of data that all these IBD (Insecure By Design) ((copyright ME!)) IOT devices will have access to. An entire connected network potentially covering huge areas of the country all ripe for surreptitious deployment of govt sponsored malware.
Sorry, did I say that lot out loud?
I am curmudgeon, I am legion, Where's my foil hat and WiFi Jammer!!
I'm curious: is there any chance that a claim against a product for having a fundamental security defect would fall foul of the CRA? Which describes it as "Under the Consumer Rights Act all products must be of satisfactory quality, fit for purpose and as described". I'd have thought defects fall foul of the first, and possibly the second (depending on the nature of the defect).
This probably has been discussed before, but my google-fu is failing me.
I'm perfectly happy to take responsibility for my own actions. The problem is that my security is also affected by the actions of others that I have no control over. It doesn't matter how good I am at driving if some drunken idiot drives into me. Likewise, it doesn't matter how secure I make all my networked devices if a million incompetents have theirs compromised and DDOS me. We have laws about the former for exactly that reason, so why wouldn't we also need laws about the latter? Lots of people love to complain about government interference, but regulating actions which can harm others is one of the main reasons governments exist at all.