i think this would be the most effective route proposed so far. May the force be with you :)
On Wed, Oct 26, 2016 at 12:19 PM, Leo Bicknell <bickn...@ufp.org> wrote: > In a message written on Wed, Oct 26, 2016 at 08:06:34AM -0400, Rich Kulawiec > wrote: >> The makers of IoT devices are falling all over themselves to rush products >> to market as quickly as possible in order to maximize their profits. They >> have no time for security. They don't concern themselves with privacy >> implications. They don't run networks so they don't care about the impact >> their devices may have on them. They don't care about liability: many of >> them are effectively immune because suing them would mean trans-national >> litigation, which is tedious and expensive. (And even if they lost: >> they'd dissolve and reconstitute as another company the next day.) >> They don't even care about each other -- I'm pretty sure we're rapidly >> approaching the point where toasters will be used to attack garage door >> openers and washing machines. > > You are correct. > > I believe the answer is to have some sort of test scheme (UL > Labratories?) for basic security and updateability. Then federal > legislation is passed requiring any product being imported into the > country to be certified, or it is refused. > > Now when they rush to market and don't get certified they get $0 > and go out of business. Products are stopped at the boader, every > shipment is reviewed by authorities, and there is no cross boarder > suing issue. > > Really it's product safety 101. UL, the CPSC, NHTSA, DOT and a > host of others have regulations that if you want to import a product > for sale it must be safe. It's not a new or novel concept, pretty > much every country has some scheme like it. > > -- > Leo Bicknell - bickn...@ufp.org > PGP keys at http://www.ufp.org/~bicknell/
