Cory Doctorow on nascent pro-security industries

In this O’Reilly Radar Podcast: The impact of minimal IoT product security and the case for new pro-security business models.

By Jenn Webb
August 25, 2016
Sprout. Sprout. (source: Pixabay)

This week’s Radar Podcast episode is a special cross-over edition from the O’Reilly Security Podcast, which you can find on iTunes, Stitcher, RSS, or SoundCloud. O’Reilly strategic content director Courtney Nash chats with Cory Doctorow, a journalist, activist and science fiction writer. They talk about nascent pro-security industries, the EFF’s lawsuit against the U.S. government, and the new W3C DRM specification.

Here are some highlights:

Learn faster. Dig deeper. See farther.

Join the O'Reilly online learning platform. Get a free trial today and find answers on the fly, or master something new and useful.

Learn more

Auditing IoT products is a liability for security researchers

Think about the conditions under which IoT companies operate. Their business plan—the thing they show to VCs to get the money to go into the business—is to monetize data. They’re all designed with security as an afterthought. They’re all designed with the minimum viable security to make this product not immediately burst into flames after you put it inside your body or put your body inside of it. Even worse, security researchers face total, brutal liability for investigating these devices and telling people which ones are and aren’t safe. It is completely nightmarish.

New pro-security business models

Note: The Electronic Frontier Foundation is representing Bunny Huang and Matthew Green in a case challenging the constitutionality of Section 1201 of the DMCA.

One of the things that our DMCA lawsuit would provide for is a pro-security business model. Imagine if you could start a commercial consultancy that would come in and deworm your IoT household. It could come in and jailbreak all the devices and check their firmware loads, and replace the firmware loads with open firmware or patched firmware, or something else that sits in between. All of those things, all that commercial stuff as well, is currently off-limits, and would be available in the same way that you can enable third-party parts and services if there are no legal impediments. The hardware service and support market in the U.S. for all classes of goods, from lawnmowers to cars to air conditioners to computers, is 2 to 4% of America’s GDP. It’s a gigantic multi-billion-dollar sector, and in many cases, these are small and medium-size enterprises.

Related resources:

Post topics: O'Reilly Radar Podcast