Monday, November 14, 2016

The Internet of Policy

So That Happened


With the completely mis-forecasted win by Donald Trump in the US Presidential Race this last week, there is going to be changes in policy and direction that will affect the Internet of Things on all three fronts: governmental, enterprise and consumer.  The big question is what those changes will be and that is not easy to predict.

On one hand, Mr. Trump has painted himself as a business man.  From that perspective, automation is a good thing.  It cuts long term costs and improves quality.  On another hand, he wants to bring jobs back to this country and automation is not good for that.

On a third hand, Mr. Trump is also not a fan of anyone who disagrees with him.  That leads to the potential for a surveillance society and an increase in the need for the Internet of Things.  On the other (fourth?) hand, he has threatened to 'unplug the Internet' if necessary, a crucial component to any distributed automation.

All of those Kali-esque hands lead me to one conclusion:

I have no freakin' clue how this will affect anything
(Courtesy of FunkyJunk.com)

Let Me Help


So, instead of trying to predict what his Trumpness will do and how it will affect this emerging technological area, I'd like to make some recommendations: what I would do if I were in his shoes.

First, I would issue a statement that recognizes that the Internet of Things is not going away.  If the government bans all of that stuff, from wireless cameras to Nest thermostats to automated light bulbs, they will simply go underground.  The convenience and such is too much to allow stuffing the genie back into the bottle.  In many ways, it is like the rise of the Smartphone: once you have it, you're not going to willingly give it up.  Recognition does not mean that it should be allowed to happen un-regulated.  That is not in the public interest.

Security Regulation


And that first regulation needs to focus on how secure these devices are.  Something similar to FCC approval for radio devices, but is more focused on the preventing hacking and IoT botnets.  Does the device require the user to change the default password before it can be used?  Does it conform to the latest Wi-Fi security standards?  Can it detect basic attacks and respond?  What is the process for upgrading the firmware to handle new types of attacks?  This would have to be a oft reviewed set of standards as security needs change quickly.  Underwriter's Laboratories (UL) does have a certification for IoT devices, but it appears to be more about making money for them and less about protecting the consumer.


IP Freely


Next, I would push for a stronger, mandatory switch for all IoT devices to be IPv6 compliant.  The good old 192.168.x.x and 10.0.x.x that most home users use as their only subnet only allow for so many connections.  IoT devices require more.  IPv6 is really more about the connection from the router out to the rest of the world and not from the device to the router, but with the rise of the cloud connection/control of these devices, forcing the wider range allowed by IPv6 would get everyone off their asses and start using the new protocol.

Cloud Control


The final part of my plan would be to have some regulation around the corporate clouds to which most of these devices connect.  Right now, many (most) IoT consumer devices require that the device connect to specific servers run by the manufacturer.  What protections are in place to prevent these corporations from spying on their customers?  Right now, we all click through an unread T&C document that probably waves our rights to privacy with these devices.  A new boilerplate set of terms needs to be created and mandated for connected devices sold in this country.


Reality Check


Despite the opaque nature of the future, I have low expectations that any of those things will happen. As a business man, the Trumpster is more likely to reduce regulation than increase it.  To let the Invisible Hand of capitalism decide what products are best.  With that in mind, make sure that you protect yourself: update firmwares often, change passwords often and keep your virus protection up to date.

No comments:

Post a Comment