Re: At WhitePines...
"In theory we need a set of standards for the IoT, security, updates, loss of functionality, bricking, etc. but if such standards were implemented there would be a couple of problems as I see it. Firstly, the pace of change in the industry would overtake the standards quite quickly - although I think that basics of safety, security, surveillance could be generic enough to be useful. Secondly, and most important, the cost impact would probably drive suppliers out of business or make the products so expensive that users would just buy knock off that didn't meet the regs; the main cost impacts being compliance and supportability."
Unfortunately there's a third problem you've missed - what is considered "safe" differs between people. In particular, what a government considers safe is very different from what ordinary people consider safe when it comes to surveillance. We already have politicians in several countries attempting to legislate the laws of mathematics when it comes to encryption. While IoT crap is a mess in its current state, I'm not sure I'd feel a lot better if it all followed a set of standards that included legally mandated
back doors security holes.
And that's before you even start thinking about the problems of how different countries might view things. With something like a plug, if it doesn't electrocute you in one country, it's probably not going to do so anywhere else. So physical safety rules tend to be fairly universal no matter where you sell your products (obviously as long as you pay attention to grid voltages and the like). An internet connected gizmo that needs to obey 200-odd different security standards is a lot more difficult to handle.
There's certainly a case to be made for a sensible set of standards regarding things like providing updates, not being allowed to brick products remotely to force people to buy new things, and that sort of thing. But those are quality rules that, as with physical safety, are more-or-less universal no matter where you are. When it comes to actual security and safety, I see little possibility of getting any sensible standards that are actually agreed on by more than a few countries, and even less possibility of any country's government setting standards that I as a consumer actually agree with.