back to article US regulator looks at Internet of Things regulation, looks away

The US Federal Trade Commission is holding off regulating the Internet of Things industry until there is an event which “harms consumers right now”, according to its acting head. Maureen Ohlhausen, the American regulator’s acting head, told a gathering of cyber security professionals that she was not inclined to impose …

  1. Alister
    Facepalm

    The US Federal Trade Commission is holding off regulating the Internet of Things industry until there is an event which “harms consumers right now”, according to its acting head.

    Because it's always better to run round like headless chickens after the event, instead of planning how to deal with it before it happens...

    1. Anonymous Coward
      Anonymous Coward

      Internet-of-shit is just an extension of the existing web, and now app-based surveillance capitalism.

      The solution is regulating data harvesting itself. That would head off the more frivolous internet-of-shit devices before they even make it to market.

    2. codejunky Silver badge

      @ Alister

      "Because it's always better to run round like headless chickens after the event, instead of planning how to deal with it before it happens..."

      The problem with that approach is stopping good things from happening and regulating everything pointlessly. Solving a problem when there is a problem is better than stopping progress.

      1. smudge
        Holmes

        Re: @ Alister

        The problem with that approach is stopping good things from happening and regulating everything pointlessly. Solving a problem when there is a problem is better than stopping progress.

        So you drive on whichever side of the road takes your fancy? Until a problem occurs.

        1. codejunky Silver badge

          Re: @ Alister

          @ smudge

          "So you drive on whichever side of the road takes your fancy? Until a problem occurs."

          That is interesting isnt it. How did we end up driving on the left? And how did others end up driving on the right? Maybe you should look it up and no its not because some jobsworth decided it. Without much shock on my part the problem was solved because it was the most sensible outcome, not by regulation.

          1. Anonymous Coward
            Anonymous Coward

            Re: @ Alister

            Ehm, no, which side of the road you keep was regulated early. And far too often regulations were introduces only after big damages and loss of lives happened. Sometimes the risks were not well understood before, but sometimes they were fully known - and ignored.

            But there's still a difference between the past, when often changes happened slowly, and today, when changes may happen far faster then before. It takes very little for a Chinese factory to churn out millions of IoT devices, and distribute them worldwide.

            Most of the time competition means just to change the logo on them, the box and their managment page (like the recent news of the same lame device sold under 1200 different brands...). In a race to the bottom to maximize revenues, that's all you get.

            Avoiding to think *before* what risks they could create, and believing millions of devices can be easily fixed *after* a risk became real - it's really looking for troubles.

            Are they going to adopt the same approach for batteries? "Oh yes, when they take fire will try to address the problem, but if there's only a risk they do, we'll wait for it to happen, maybe a solution will materialize among the flames". Are they going to unleash autonomous cars on roads, and just look at what happens?

            Hope the FAA won't follow soon....

            1. codejunky Silver badge

              Re: @ Alister

              @ LDS

              "Ehm, no, which side of the road you keep was regulated early."

              Born from the necessity of accessing your weapon and having your opponent on the right (most people being right handed) and your sheathed weapon away from your opponent. And as mounting the horse was typically done on the left you were also safer.

              "And far too often regulations were introduces only after big damages and loss of lives happened."

              The dream of no damages and no loss of life is impossible. And people typically avoid things that will kill them.

              "Avoiding to think *before* what risks they could create, and believing millions of devices can be easily fixed *after* a risk became real - it's really looking for troubles."

              You mean like a developer would do in the hopes of still having customers to buy their products. Those that have a habit of exploding being avoided and those that work gaining popularity.

              "Are they going to adopt the same approach for batteries?"

              That might be a bad example. How many Idevices and Samsung batteries have burned/exploded and now the e-cig explosions. We still have extensions with multiple sockets for mains power which are warned against but yet extremely common and priced under £1. And so the manufacturers dont want to be sued for causing damage and improve their products, recalling anything over dangerous to keep customers.

              "Are they going to unleash autonomous cars on roads, and just look at what happens?"

              Yes. They worked out who shall be blamed for these things going wrong and then let them go ahead. That way the innovation can provide working solutions instead of innovation being regulated to the standards of the stone age.

      2. Alister

        Re: @ Alister

        @ Codejunky,

        Solving a problem when there is a problem is better than stopping progress.

        There already is a problem with IoT, it just seems not to have reached the threshold where "OMG we'd better do something!", by which time it will be too late.

        Trying to retroactively impose regulation when manufacturers are already doing their own thing is not going to work, the framework to regulate the industry needs to be in place early on.

        1. codejunky Silver badge

          Re: @ Alister

          @ Alister

          "There already is a problem with IoT, it just seems not to have reached the threshold where "OMG we'd better do something!", by which time it will be too late."

          And what is OMG its too late? Of course there are problems, you cannot rule out problems with regulation, it is trial and error which provides improvement. And as the technology improves people will buy what works and ditch what fails and all will be right in the end.

          "Trying to retroactively impose regulation when manufacturers are already doing their own thing is not going to work, the framework to regulate the industry needs to be in place early on."

          To what end? What is acceptable and what isnt? What will cause a problem and what wont? It isnt quite that simple though as we sit here using the internet which has continued to solve its own problems however much people try to interfere.

          *The AC makes a very good point. If data collection is the issue that is the issue not IoT

          1. Anonymous Coward
            Anonymous Coward

            "it is trial and error which provides improvement"

            Yes, as long as you do it in your labs and test rigs, maybe on yourself, not on people's lives. Especially when "error" means big damages and losses, even of lives.

            And good modern engineering is not based on "trial and error" - "hey, let's make this without thinking how to build it following known rules and risks, and let's see if it stays together for long enough to sell it".

            This is how things were made in the past, well before engineering became a science (and even them not all builders and makers were so naive and incompetent).

            BTW, the Internet never solved its own problems - actually is just creating more which aren't addressed, and are just growing. Exactly because nobody back then thought about security. Should we repeat the same errors with IoT, now that we are fully warned?

            1. codejunky Silver badge

              Re: "it is trial and error which provides improvement"

              @ LDS

              "Yes, as long as you do it in your labs and test rigs, maybe on yourself, not on people's lives. Especially when "error" means big damages and losses, even of lives."

              And so in this cotton wool dream world we have nothing. Glad I dont live there. The failure of windfarms was demonstrated through the real world. The improvement of solar through the real world. Hell the reason we have mobile phones in our pockets anywhere near as small as we have is due to real world use of the huge bricks with huge batteries. A lab only gets you so far.

              "hey, let's make this without thinking how to build it following known rules"

              Where did that come from? Next they will have an evil grin and curled moustache. The automated car is based on known rules, yet there is plenty of unknown that simply requires working out in the real world (they are on the real roads already).

              "BTW, the Internet never solved its own problems - actually is just creating more which aren't addressed, and are just growing"

              And isnt it awful. We communicate on forums, chat, video. We transfer files with geographical distance being of limited interest. We shop in the comfort of our own homes and many people are employed purely due to this wonderful technology. Would you honestly prefer we didnt have it and it sat in a lab being neutered until it became impossible to deploy, or do you like writing your comments on el reg?

              "Exactly because nobody back then thought about security."

              Really? The purpose of the internet was nothing to do with where we are now, it was about reliable communication which is does well. Everything else built on top of it and in answer to the question "Should we repeat the same errors" feckin hell yes because those mistakes gave me my job, interests, information on further interests, comfort, convenience and makes people happy.

      3. bombastic bob Silver badge
        Thumb Up

        Re: @ Alister

        "The problem with that approach is stopping good things from happening and regulating everything pointlessly. Solving a problem when there is a problem is better than stopping progress."

        Yes. It takes a "gummint" to REALLY gum up the works, through pointless regulations, politically motivated laws, and panic-mode fear-mongering for the purpose of getting votes.

        How about this: if FRAUD or NEGLIGENCE is involved, let's just assume that current law will still allow proper legal relief for those affected by it, until it's tested in court. THEN we address new legislation and/or regulations to deal with the problem. Otherwise, it's just more bloated "governmentium" (the element that simply grows in mass over time, and absorbs energy from everything around it).

    3. John Brown (no body) Silver badge

      "Because it's always better to run round like headless chickens after the event, instead of planning how to deal with it before it happens..."

      Yep, once had a PHB like that. He'd heard on some management course or self-help book that "there's no such thing as a problem, it's an opportunity...." Naturally, he didn't understand it and assumed it meant there was no need for forward planning.

  2. Chris Hance
    Facepalm

    Because Mirai and family haven't done any harm to consumers at all?

    Translation: "We're waiting until the IoT vendors have sufficient revenue to send lobbyists and campaign contributions, then we'll threaten them with regulation."

  3. Whitter
    FAIL

    "... or is likely to cause harm..."

    Alas it seems they don't understand their own words.

    IoT insecurity is currently likely to cause harm.

    1. John Brown (no body) Silver badge

      Re: "... or is likely to cause harm..."

      "IoT insecurity is currently likely to causeing harm."

      FTFY

  4. Anonymous Coward
    Anonymous Coward

    You can't regulate these devices and force the manufacturers to implement decent security because then you will find it more difficult to use them to snoop on your citizens.

  5. Christoph

    If you wait until there is a major incident before even starting to think about regulation, there will be millions of unpatchable devices already out there by the time even the first regulations get enacted (and are already out of date).

    1. Anonymous Coward
      Anonymous Coward

      "there will be millions of unpatchable devices already out there"

      Which customer will be forced to replace... as soon as the companies can tell "sorry, we can't support them any longer because of the new rules, also will make them stop working because they're unsafe and unlawful, please replace them - at your expenses - with the following models...."

  6. Anonymous Coward
    Anonymous Coward

    Horse. Bolted. Gate.

    A wonderful approach...

  7. Missing Semicolon Silver badge
    Unhappy

    Most IoT devices are cheap

    Cheaply made, cheaply designed, by companies that have nothing to fear from the lousy quality, because the products are made out of jourisdiction. Who ya gonna sue?

  8. ecofeco Silver badge

    This is going to end badly

    Very badly.

  9. Anonymous Coward
    Anonymous Coward

    Laissez-faire and systemic effects

    This administration is obsessed with a laissez-faire attitude (but not about people - where it decided to be strongly preemptive...), without understanding how the world changed in the past years, and how quickly issues can spread today, and the associated damages.

    The main issue being the systemic effects current technologies can create even from relatively small and "dumb" systems - a sort of "butterfly effect" - and they could spread quickly and broadly, more than ever before. And even small actors can create large damages, with relatively little effort. It's just like a pest or famine.

    Trying to intervene *after* can be really too late, and damages won't be localized. Hoping that a solution will materialize together the risk - as she says in the interview - is simply wishful thinking to justify the ostrich head buried in the sand.

  10. Doctor Syntax Silver badge

    Here's a good test for her to consider. Would she offer, now, to compensate out of her own pocket, someone who is harmed in 5 years time by something which could have been regulated now? If not then the time for that regulation has already arrived.

    1. bombastic bob Silver badge

      please keep in mind that many of you are asking for POLITICIANS and BUREAUCRATS to make these *kinds* of regulations, and NOT sane people nor knowledgeable people.

      Politicians are, by the very definition, on the edge of honesty if they're honest at all. They have to take contributions, and then do a "payback" of some sort later on, for those very contributions. And bureaucrats often have agendas, not necessarily agendas that you'd want implemented.

      If you want to call down a napalm strike on top of your own head to deal with the perceived enemy all around you, have at it. Just don't involve *ME* in the results, ok? I want NOTHING to do with ANY of that.

      1. Anonymous Coward
        Anonymous Coward

        "you are asking for POLITICIANS and BUREAUCRATS to make these *kinds* of regulations"

        Thereby you prefer to leave to companies executives and their marketing to address these issues? They have even less incentives than politicians and bureaucrats to do so - as long as they're not legally liable.

  11. Mark 85

    The US Federal Trade Commission is holding off regulating the Internet of Things industry until there is an event which “harms consumers right now”, according to its acting head.

    Replace FTC with "Executive Branch" or "Intelligence agencies" and "an event" with "terroroism". So one side is worried about something happening "tomorrow" and a regulatory agency is blowing it off until something does happen. Nothing like consistency in government over "threats". This isn't even triage as there isn't any co-ordination.

    Yeah.. I know.. it's industry and profit and motivating the agency via lobbyists but I'm just feeling pissy at much of the BS that continues to come out of DC, even with the new administration.

  12. Lord_Butt

    One most often learns by doing. And one usually does one's best under adversity. And paradoxically, one manages to do fairly well even when he doesn't know what he's doing. Which is why he will get where he's going.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like