Re: The choice
"The choice is between smart and stupid government involvement..."
Well, anytime the government is involved we know which way that goes.
That's not completely fair. The State of California has been very good in its involvement with self driving car experimenters like Google. They've been allowed to drive their cars on the roads, but the State gets the performance data and, crucially, publishes it.
The State's message is clear; they're not going to let Google or anyone else foist half finished unproven and potentially dangerous self driving cars onto the general public. And that's is exactly how it should be.
The problem I think is that regulation of things like IoT devices is that effective regulations would amount to a ban. An effective regulation would be something like "it must be hack proof".
But we just don't have the infrastructure or technology to make small embedded Internet connected devices that get updated, implement best security practices, etc. We can't even make a PC or Mac style computer that, when put into a home, won't become littered with malware within moment of someone browsing some dodgy website. What hope is there for some IoT device that's got to cost less than $50?
Elections
Any sane politicians know that when something predictable and bad goes wrong, they get it in the neck for not having intervened beforehand. And because they're elected, generally they lose their jobs as a result. So they regulate, and transgressers pay a fine or go to jail. It's a healthy set up. So if Internet connected air-conditioning systems start being seen as a threat to the electricity grid, they'll likely act before some script kiddie comes along and trashes the grid by getting every air conditioner to switch off at the same moment.
What makes the current situation appalling is that "dangerous" things now includes automated trend-sensitive "news" selection algorithms on Facebook, Google, etc. These permitted fake news to play a significant role in the US election. The dangerous part is that the current crop of elected politicians owe their employment to the result of that election. So they don't see a problem with the situation, and aren't necessarily strongly motivated to do anything about it. Especially as it would mean imposing editorial controls on social media, the operators of which are amongst the most active lobbyists.
That's a huge threat to democracy in general, and makes it more likely that one ends up with a week government that is more favoured by someone like Putin.
National Firewall
One aspect I'm not sure Bruce Schneier covered is just what a government can do about dodgy software, IoT devices, etc.
Suppose some software or IoT device was identified as being a major problem, and had to be stopped, disabled, etc. How effective would a product recall be? Not very - people are very lazy when a device's bad behavior doesn't actually impact themselves. Suppose that some foreign-hosted Web service was spouting fake news and wasn't conforming to appropriate editorial rules during an election?
What would be required is something like a government off switch, or the ability for the misbehaving device's or website's network traffic to be blocked.
The latter sounds like it would need something not unlike the Great Firewall of China. I think that that's what we're going to see being discussed in the coming years. It's going to be a heated debate.
But we may have to accept that if we want government to actually be able to intervene quickly and effectively when some Internet thing or some foreign website is misbehaving, it's going to need something with teeth, not just the power to issue a recall notice or a cease-and-desist letter (which won't work abroad anyway).
Biting the hand that feeds IT
