The second half of 2016 gave us the Mirai botnet. I didn’t blog about it much, but why would I? I ran a honeypot, made a list of common login credentials, and analyzed some data. This isn’t uncharted territory by any measure. You were much better off reading about Mirai at Krebs on Security (assuming his hosting isn’t fighting off a Mirai botnet attack at the time), Schneier on Security, and the SANS Internet Storm Center.
I presented on Internet of Things (IoT) privacy and security a few times last year and continued to consider what I could do to make a positive difference for society. I recognized that people generally feel helpless and confused when it comes to IoT once they choose to not ignore it entirely. We face these problems together – individuals, customers, manufacturers, political parties, governments – none are alone in this fight, yet we all act like it. (And certainly have different positions and perspectives.) In an effort to have dialogue and share knowledge I determined that the best course of action for myself would be to start an IoT privacy and security non-profit. So I did that.
There’s a problem and it’s…
The Internet of Things. Seriously.
At present, IoT products are generally recognizable and purposefully integrated into our lives. As time progresses and market penetration for those products increases they will go back to being called things – Internet of will provide needless specificity and be dropped. Before a cultural acceptance and transition occurs surrounding IoT is it important that consumers and manufacturers participate in conversations surrounding their privacy and security goals, obligations, and actions.
You shouldn’t have to be an expert in any field to judge if a product is harmful.
I believe that by establishing RiotPSA and creating data-driven awareness campaigns, the frequency of these conversations will increase and will contribute to better technologies, products, and societies.
Being responsible and realistic
The crux of this issue is that I love technology. I love my Apple iPhone, my Amazon Echo Dot, my Anova Sous Vide… the list goes on. RiotPSA’s goals do not include scaring the public or avoiding the benefits of technology. RiotPSA embraces the future to help it have the best possible outcome.
The future and what we can do
A focused case-study of a device
Having a focused case study of a device this year would allow us to build a model for future IoT research. RiotPSA exists for everyone and not just technology enthusiasts. Ideally the model created would produce a result that can be communicated through a thoughtful infographic. We will present in a way that attracts public interest. Publishing results in an overbearingly authoritative, condescending, and unapproachable way is counter to the goal of RiotPSA and ultimately destructive to society.
Report carding and reputation metrics
The Electronic Frontier Foundation (EFF) has report cards. I believe a similar system would be useful to most people, although I believe a company/manufacturer reputation system is more beneficial (and practical in terms of resource management) in the long run than having a database of each individual device. Having both would be ideal.
Creating opportunities for manufacturers and service providers
Manufacturers and service providers have a great opportunity to communicate with their customers and they’re blowing it. If we highlight ways they can both inform the customer and improve product experience I believe they will act on it. Their conversation with the customer should not end after purchase. Product and service updates should not only come with an end user license agreement (EULA) but also with a simple document written in an understandable way to broadly highlight product or service changes to consumers. More importantly this document shouldn’t be geared towards elderly people or children – it should be geared towards everyone.
Adventure. Excitement. A Jedi craves not these things. I am no Jedi.
RiotPSA has goals with good people driving them. I am excited about this and the future is an adventure. I often found running my first company to be like jumping off a cliff and building the hang glider on the way down. I expect parts of RiotPSA to be this way. My personal goal is to make a difference – not to just force my beliefs or understanding of the world over and over despite there being no impact. If an opportunity appears I don’t want to miss it. I am entering this with an open mind and an understanding that the world changes.