January 9, 2017 — Bruce responded to my criticism in the best way possible.
Listen to the audio version of this essay.
“Everyone wants to control your life.”
“I fear it’s going to get a lot worse.”
I know it’s super cool to scream about how IoT is insecure, how it’s dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it’s fun to be invited to talk about how everything is doom and gloom.
I absolutely respect Bruce Schneier a lot for what he’s contributed to InfoSec, which makes me that much more disappointed with this kind of position from him.
InfoSec is full of those people, and it’s beneath people like Bruce to add their voices to theirs. Everyone paying attention already knows it’s going to be a soup sandwich—a carnival of horrors—a tragedy of mistakes and abuses of trust.
It’s obvious. Not interesting. Not novel. Obvious. But obvious or not, all these things are still going to happen.
When we brought electricity to millions of homes, houses burned down, and people died, but I’d argue it was worth it to have electricity in the home and business.
Fear-mongering about IoT is like looking at the first electricity coming to homes in the early 1900’s and warning everyone it’s a horrible idea because of the fire hazard.
You’re honestly objecting to assigning trust, at digital level, to various people in your family, friends, various organizations, etc? Digital management of trust is happening. Having digital assistants in our lives is happening. Having our homes, our workplaces, and our environments adapt to our presence is happening. These aren’t ideas, they’re inevitabilities.
Technology is integrating into human life on planet Earth, and there’s not anything anyone can do to stop that. And once we get out of the woods it’s going to be a massive improvement. Just like electrification was. We should obviously try to minimize the risks, but we don’t do that by trying to shout down the entire enterprise.
To characterize Amazon’s progress in smart homes as, “They want to control our lives.” is both incredibly shortsighted and irresponsible. Awesome people like Bruce (and everyone in InfoSec really) should be leading from the front by saying:
Yes folks—things are going to get nasty. The digitization of our lives through IoT will be a bumpy ride, and people will get hurt. We in InfoSec are on the front lines. We’re the technologists embracing this change first, as the inevitability that it is, and we’re doing our best to make the transition as safe as possible for you.
That is our role.
Not dog-piling on every new technology/life integration like it’s the harbinger of death that must be stopped by InfoSec. It’s not our job to stop the inevitable from happening; it’s our job to make it more safe when it does.
We should be shepherds, not obstructionists.
People complaining about fire hazards wouldn’t have stopped electrification, and people complaining about IoT isn’t going to stop that either.
People need us.
They’re bewildered and scared. So let’s start preparing them for what’s coming instead of adding to their fear and uncertainty.
We’re better than this.