Do we blame the ice maker manufacturer when poisoned water flows from the city water pipes? Do ice machines have viral and chemical threat detection? Wouldn't the ISP be a better place to assign liability? Or, perhaps, just maybe, the actual user of a device? It's not Lenovo's fault when a user gets a virus.
I agree device security ought to be better, but the free market can solve that. If a particular brand of toaster is constantly being hacked, the market would respond. I wouldn't expect an ice maker manufacturer to be held liable for poisoned water supplies.
It's a tough issue, but 'more government' isn't the answer. The government can barely keep their own data safe let alone be trusted to enforce how others ought to keep their's safe.
The FDA is supposed to keep medicines safe yet it has become a monster that adds billions to the costs of drug development. I am not saying to ditch the FDA, but I would be fearful of releasing a new IOT device required FDA-level approval. Your connected toaster would cost $9000.
If a particular brand of toaster is constantly being hacked, the market would respond
That depends whether "the market" is directly affected.
If my toaster is hacked and starts getting used in a DDOS botnet - but still makes toast as expected - would I even know?
The way to ensure market forces influence this is to ensure that the market is negatively affected: whether that's their ISP disconnecting their internet, their device stopping working, etc.
> If my toaster is hacked and starts getting used in a DDOS botnet - but still makes toast as expected - would I even know?
How is the toaster connected to the Internet? If through wireless, a DDOS could easily use too much airtime, making every other wireless device in the same channel slower.
You wouldn't notice the toaster misbehaving, but you would notice everything else not working as well.
you would notice everything else not working as well
Assuming that my toaster didn't get owned on day 1, even as a tech-minded person, if my wifi suddenly started slowing down, I'd be considering a number of other alternatives before wondering whether my toaster had been hacked.
Let's assume a little bit of packet-sniffing would uncover the cause, that's still only a very small minority of people with the skills and tools to go through that process.
And most people will troubleshoot this problem by restarting their router. And when that doesn't solve the problem, complain about cosmic rays, or humid weather.
Do I have google fiber with one of those fancy 37 antenna routers? I could easily be blasting 100mbs upstream without noticing because nearly all the traffic I care about is downstream.
I agree device security ought to be better, but the free market can solve that. If a particular brand of toaster is constantly being hacked, the market would respond. I wouldn't expect an ice maker manufacturer to be held liable for poisoned water supplies.
It's a tough issue, but 'more government' isn't the answer. The government can barely keep their own data safe let alone be trusted to enforce how others ought to keep their's safe.
The FDA is supposed to keep medicines safe yet it has become a monster that adds billions to the costs of drug development. I am not saying to ditch the FDA, but I would be fearful of releasing a new IOT device required FDA-level approval. Your connected toaster would cost $9000.