I agree with that. I'm much more in favor of punishing harshly when the mess up ...

gherkin0 · on Jan 23, 2016

I think it's a little bit of this, a little bit of that. We need regulation to attempt to enforce baseline security practices (e.g. no passwords in cleartext, encryption during authentication, etc), since that can be proactive if not comprehensive. In addition to that, we need stronger consumer advocacy and liability for the more complicated, unanticipated cases.

> We'd have to find a balance though, as we are already way too litigious and we'd be stifling innovation out of fear of getting accused of negligence.

If we're "way too litigious" to the point of stifling innovation, then I think the problem and solution are in a completely different area than this.

Bender · on Jan 24, 2016

I am a technologist; and yet, I am all for stifling innovation with IoT. The folks creating these devices are not qualified to make decisions for themselves or for us.

manyxcxi · on Jan 25, 2016

What decisions are they making for you? It's your decision to opt in to their system by buying. As a technologist you have a good idea how to spot the crappy ones that can put you at risk- or would just (rightly) assume that something like an internet connected Elmo is a bad idea. It's the general population that we have to worry about, as they'll be the ones most seriously harmed (identity theft is the thing I worry most about any of this) by these things going awry. They may also not even put things together that some of these devices could be or are internet connected in the first place, where to us it's obvious that there must be network connectivity of some sort.

That being said, let the bad actors fail. Let their names get dragged through the mud, let the big companies sober up after a few too many VTech/Mattel/LG style failures that make the headlines. Let them either back out of the market because this shit is hard to keep secure, let them work with someone who can, or let them triple down and figure it out themselves. We're going to see a lot of failures, but we'll be better for it.

I've connected my own devices around my house (securely), use z-wave, and consumer home automation hubs/hardware, as well as some well known stuff like Nest and Amazon Echo. I don't ever want to go back to NOT having these things.

I've accounted for many of the likely failure points by these very well regarded manufacturers and I've firewalled my network very tightly, among many other things. But damn it, I've seen the future and I don't want to go back. It's too nice, too convenient, and adds too much real value.

It's your decision to buy their goods, no one should be preventing anyone from trying to enter the market just because you get the heebie jeebies or don't see the value. Someone else does- or no one else does and they fold up shop.

Bender · on Feb 1, 2016

History has shown us that all the the IoT devices are poorly coded at best and completely un-managed at worst.

It is also assumed that these devices have unfettered internet access. Most of them can do HTTPS. Either you allow it or you don't. How many Barbie dolls have been having inappropriate conversations with children that a human would otherwise be arrested for? How many televisions are feeding audio from families back to a company? How long is this data saved? Who has access to it? When must it be destroyed? What legal protections does anyone have against data abuse? What is deemed data abuse? If it turns out I am being spied on, what binding agreement do I have with the manufacturer and seller that will make them feel pain? Are they obligated to give me more than, "We're sorry. Gosh, we're just so darn sorry."

Sorry, no. These devices need to be recycled before they are ever used.