Bruce Schneier: We're sleepwalking towards digital disaster and are too dumb to stop

Re: @AC - It's gonna be difficult...

"Actually those retailers and importers are right, it's not their problem. They're doing business, they're not a charity to care for something that is non-profit related."

Er, it is their problem if they get caught doing it. The trouble is that the trade arrangements we have these days assume that manufacturers and traders are trustworthy, but there's very little going on to check up on them. With no real chance of being caught, the greedier types get away with it. A CE badge is meant to mean something but in practice it doesn't.

Looking at the debacle over hoverboards one wonders whether anyone anywhere cares about product standards compliance at all.

Re: It's gonna be difficult...

"Why is that the belief persists that a rule written on a piece of paper has some kind of magic power over all human beings ? We are talking about rules written by humans here and not some narrative about an omniscient and omnipotent being that hands out rules written on stone which aren't followed either by the way."

Because, in case you didn't know, there's people whose job it is to prevent bad things happening. They're called the Police.

There's whole laws with words like "conspiracy to commit" in them. They are there so that if a jury is sure that the evidence indicates that an individual was planning an illegal act, they can be locked up before they do it, not afterwards.

If you don't have laws like that you'd have the absurd situation where it would be illegal to prevent someone carry out a burglary, terrorist attack, fraud, etc.

Re: It's gonna be difficult...

Laws do not protect you from law breakers

Depends on what sort of laws.

Laws that criminalize (say) ignoring safety and financial regulations will work, if the penalty is stiff enough. Nobody in VW would have authorized the cheat devices if the penalty once discovered was certain to be jail time. Bankers would probably not have created the recent financial crisis, if the penalty would have involved sequestration of all personal wealth howsoever acquired on top of certain jail time. They saw it as "heads I win, tails you lose" and in many cases they were not actually breaking the then-existing law, just working in dark grey zones of arguable legality but total amorality.

And of course, laws and regulations that impose safety or financial regulations are in general followed by the law-abiding majority, at least if people can see that there is a modicum of sense behind them. So company accounts are audited, electrical products and cars are rarely unsafe, food no longer contains untested and undisclosed additives.

In case you are bristling about unwarranted regulations, there needs to be a mechanism for striking down regulations that have outlived their usefulness (and a lot of EU nonsense that had no useful purpose in the first place. In what way will reducing the maximum power of a kettle save energy? The amount of energy needed to raise the temperature of a litre of water from A to B is a physical constant. Worse, if it takes longer to boil, more energy will leak out of the kettle. Idiots! )

Re: It's gonna be difficult...

"Laws do not protect you from law breakers"

No they are intended to establish a framework for society to get on with things.

I think the legal context that's being discussed here isn't the "make hacking illegal" type of law, it's more like "make system suppliers more liable for their products so they'll make them better".

We already do this with lots of safety critical equipment containing software (cars, planes ships etc.) so there's no reason we can't legislate for certain kinds of systems to follow similar guidelines.

OK, as an example, you might put the price of electricity up by a small amount, but you'd be doing this with the aim of making the electricity supply more robust.

Also, if this is a defence issue, then divert part of the defence budget to securing critical systems; maybe spend less on spying on the public in a vain attempt to anticipate an attack, and spend more on securing systems so an attack is harder to accomplish and can do less real-world damage.

Re: It's gonna be difficult...

@gnufrontier

I'll confess that I completely failed to spot your suggested alternative.

Re: It's gonna be difficult...

"One may as well be sacrificing virgins to the moon god for all the good laws are going to do for you."

Law creates the concepts of 'property' and 'ownership' which have some advantages in terms of encouraging sustained activity towards long-term goals.

In other words: you won't get much done if you spend all your time protecting what you fondly imagine to be 'yours'.

Re: It's gonna be difficult...

"Laws do not protect you from lawbreakers"? The laws on their own might not, but you back those laws up with enforcement, so that they are more than just rules written on a piece of paper. If you are sure laws make no difference, try living somewhere like Somalia where government has effectively broken down. Good legislation (yes, there is bad legislation too) demonstrably makes our lives safer and better. And we aren't just talking about protection from criminals, legislation on things like safety standards clearly protects everyone by making it possible to take dangerous products off the market and fine the people selling them. This model has been working reasonably well for a long time now, and is one reason why you stand a good chance of not being electrocuted by your toaster.

Re: Vernor Vinge wrote about this

"And presumably the aliens will use their equivalent of a Mac to do so."

They'll use whatever they have at hand - historical documents like Independence Day taught us that viruses (and animated GIFs) transcend petty, fluffy stuff like hardware architectures and instructions sets. You could easily hack a Nest if you wanted with nothing but an alien comm badge, surely...

Re: Hmmm...

Those "panics" are generally skillfully engineered.

Given the (thankfully) low rate of successful terrorist attacks in the UK, exactly what 'panics' are you referring to?

If you're referring to the new snooper's charter, you could hardly accuse them of putting it to Parliament in the teeth of a mass panic. Fortunately there isn't one happening at the moment. At least they're asking MPs to consider (if only briefly) the matter with clear-ish heads instead of exploiting the inevitable reactionism that would prevail in the aftermath of an atrocity such as Paris suffered recently.

Re: Hmmm...

See: disaster capitalism

Re: Hmmm...

No, they are not. They are not so skillful. But they are good at exploiting situations.

Hmmm... Sow the Seed, Reap the Whirlwind?

Those "panics" are generally skillfully engineered. .... DestroyAllMonsters

Ideally be they skilfully engineered, DAM, but generally they be nothing short of a catastrophe in planning/foresight and afterthought ........ http://www.zerohedge.com/news/2016-03-02/striking-admission-former-bank-england-head-european-depression-was-deliberate-act

And to imagine and realise that media and governments hang on to and laud their every uttered word as if scared and gospel, tells you everything you need to know about the depth and spread of the absurdity and insanity.

Madness and mayhem is the norm in their shell end game and it is beautifully destroying them at an exponential rate these cloudy days, and there is nothing to be done about it with Remote IT Command and Virtual Space Control without Creative Cyber Command and AI Control in Virtual Machine Systems ....... and quite whether such is to be made readily available to corrupt and perverted systems to save such systems admins and exclusive executive elites is ...... well, at least a gazillion dollar question, for it will be expensive and not at all cheap.

we are due for another Carrington event and if it seriously screwed up 1860ish technology it will screw us over like no rogue nation can.

Wrong.

The threat is that a Carrington event induces what is effectively a high-power DC signal in transmission lines. It's worst for long ones, over 100km, with low impedance.

Back then data-transmission used copper wire and DC coupling to make a telegraph. The wires glowed erd-hot and shocked the operators and in places burned out. Today, long-distance datacomms is optical fibre. Telephone wires are rarely if ever long enough to get affected and I don't think a telephone offers a low-impedance path these days. Things have moved on since the days of bakelite boxes with electromechanical ringers.

The greater threat is to the power grid which is intended to carry 50 or 60 Hz AC. The power transformers through which it is coupled cannot cope with high power DC inputs and might burst into flames. Back in the 1950s we were terribly vulnerable(*) because the threat was not well known and there would have neen absolutely no advance warning.

Today, we have satellites watching the sun and so electricity utilities have an early-warning system. (about 15 minutes, but a lot better than nothing). Also the threat is understood and I hope that there are last-resort protection systems in place on the transformers connecting the long grid cables to monitor DC currents and internal temperature, that will disconnect from the grid if necessary to save the transformer.

So the result ought to be somewhere between a controlled shutdown of the national grids, and a cascading power failure caused by automatic protection systems triggering in an unplanned manner. A blackout is no fun, but it has happened several times (for other reasons such as carbonized squirrels) on the USA Eastern seaboard. Civilisation didn't collapse. A few hours to a day later when the event is over, they'll reconnect the grid to the power stations.

Move on a couple more decades, and the long-distance AC electricity grid will start to go the same way as the telegraph. It's more efficient to transmit power as high-voltage DC, and the technology of AC-DC-AC conversion is rapidly falling in cost. What was once impossible, then too expensive to use except on submarine grid links, will soon become the norm for any long-distance grid link. With a DC link, a Carrington event would just either add or subtract a small amount of energy compared to what is being transmitted. There would then no longer be a need to create a short-term blackout to save civilisation.

(*) I'd speculate, not actually on the edge of losing 20th century civilisation. The big transformers would have different times to catastrophic failure. As soon as the first one or two exploded all hell would have broken loose with the AC power they were transmitting, and ordinary AC overload protection systems would have cut in creating a cascade failure blackout but saving enough of the grid for life to go on fairly normally th next day. I'm glad it was never put to the test, though!