- Curvy Wife Guy drops music video for rap song ‘Chubby Sexy’ Friday 7:33 PM
- A ‘Black Mirror’ spinoff mini-series is coming to YouTube via Netflix Latin America Friday 5:56 PM
- Kanye West appears on David Letterman’s Netflix show to talk Trump, TMZ, and Drake Friday 3:27 PM
- QAnon believers link small-town arrest to deep state conspiracy without evidence Friday 1:58 PM
- Instagram photos showing prison conditions spark massive protest Friday 1:33 PM
- ‘Gay rat wedding’ headline sparks amazing new meme Friday 1:03 PM
- ‘I read a gossip piece’ meme mocks Moby’s Instagram post Friday 12:39 PM
- Rotten Tomatoes wants to see your ticket stub to leave a verified review Friday 11:46 AM
- ‘Sonic the Hedgehog’ movie delayed to 2020 to fix his look Friday 11:39 AM
- ‘Swamp Thing’ gets off to a promising start, but can it tell a convincing love story? Friday 11:34 AM
- ‘Falling on deaf ears’: ‘Queer Eye’ star sparks conversation about ableist idioms Friday 11:15 AM
- Parents are spending thousands on YouTube camps that teach kids how to be famous Friday 10:43 AM
- In season 2 of ‘She’s Gotta Have It,’ Spike Lee remains unapologetically himself Friday 10:36 AM
- Trump selling Pride shirts is a grotesque insult to the LGBTQ community Friday 10:27 AM
- Logan Paul is being mocked for pulling out of slapping competition Friday 9:57 AM
Speaking before members of Congress, the internet pioneer made clear the dangers of the internet of things.
Internet pioneer Bruce Schneier issued a dire proclamation in front of the House of Representatives’ Energy & Commerce Committee Wednesday: “It might be that the internet era of fun and games is over, because the internet is now dangerous.”
The meeting, which focused on the security vulnerabilities created by smart devices, came in the wake of the Oct. 21 cyberattack on Dyn that knocked Amazon, Netflix, Spotify, and other major web services offline.
Schneier’s opening statement provided one of the clearest distillations of the dangers posed by connected devices I’ve seen. It should be required viewing. He starts around the 1:10:30 mark in the livestream below, but we’ve also transcribed most of his remarks.
Here’s how he framed the Internet of Things, or what he later called the “world of dangerous things”:
As the chairman pointed out, there are now computers in everything. But I want to suggest another way of thinking about it in that everything is now a computer: This is not a phone. It’s a computer that makes phone calls. A refrigerator is a computer that keeps things cold. ATM machine is a computer with money inside. Your car is not a mechanical device with a computer. It’s a computer with four wheels and an engine… And this is the Internet of Things, and this is what caused the DDoS attack we’re talking about.
He then outlined four truths he’s learned from the world of computer security, which he said is “now everything security.”
1) ‘Attack is easier than defense’
Complexity is the worst enemy of security. Complex systems are hard to secure for an hours’ worth of reasons, and this is especially true for computers and the internet. The internet is the most complex machine man has ever built by a lot, and it’s hard to secure. Attackers have the advantage.
2) ‘There are new vulnerabilities in the interconnections’
The more we connect things to each other, the more vulnerabilities in one thing affect other things. We’re talking about vulnerabilities in digital video recorders and webcams that allowed hackers to take websites. … There was one story of a vulnerability in an Amazon account [that] allowed hackers to get to an Apple account, which allowed them to get to a Gmail account, which allowed them to get to a Twitter account. Target corporation, remember that attack? That was a vulnerability in their HVAC contractor that allowed the attackers to get into Target. And vulnerabilities like this are hard to fix. No one system might be at fault. There might be two secure systems that come together to create insecurity.
3) ‘The internet empowers attackers’
Attacks scale. The internet is a massive tool for making things more efficient. That’s also true for attacking. The internet allows attacks to scale to a degree that’s impossible otherwise. We’re talking about millions of devices harnessed to attack Dyn, and that code, which somebody smart wrote, has been made public. Now anybody can use it. It’s in a couple dozen botnets right now. Any of you can rent time on one dark web to attack somebody else. (I don’t recommend it, but it can be done.)
And this is more dangerous as our systems get more critical. The Dyn attack was benign. A couple of websites went down. The Internet of Things affects the world in a direct and physical manner: cars, appliances, thermostats, airplanes. There’s real risk to life and property. There’s real catastrophic risk.
4) ‘The economics don’t trickle down’
Our computers are secure for a bunch of reasons. The engineers at Google, Apple, Microsoft spent a lot of time on this. But that doesn’t happen for these cheaper devices. … These devices are a lower price margin, they’re offshore, there’s no teams. And a lot of them cannot be patched. Those DVRs are going to be vulnerable until someone throws them away. And that takes a while. We get security [for phones] because I get a new one every 18 months. Your DVR lasts for five years, your car for 10, your refrigerator for 25. I’m going to replace my thermostat approximately never. So the market really can’t fix this.
Schneier then laid out his argument for why the government should be a part of the solution, and the danger of prioritizing surveillance over security.
It was OK when it was fun and games. But already there’s stuff on this device that monitors my medical condition, controls my thermostat, talks to my car: I just crossed four regulatory agencies, and it’s not even 11 o’clock. This is something that we’re going to need to do something new about. And like many new agencies in the 20th century, many new agencies were created: trains, cars, airplanes, radio, nuclear power. My guess is that [the internet] is going to be one of them. And that’s because this is different. This is all coming. Whether we like that the technology is coming, it’s coming faster than we think. I think government involvement is coming, and I’d like to get ahead of it. I’d like to start thinking about what this would look like.
We’re now at the point where we need to start making more ethical and political decisions about how these things work. When it didn’t matter—when it was Facebook, when it was Twitter, when it was email—it was OK to let programmers, to give them the special right to code the world as they saw fit. We were able to do that. But now that it’s the world of dangerous things—and it’s cars and planes and medical devices and everything else—maybe we can’t do that anymore.
That’s not necessarily what Schneier wants, but he recognizes its necessity.
“I don’t like this,” he concluded. “I like the world where the internet can do whatever it wants, whenever it wants, at all times. It’s fun. This is a fun device. But I’m not sure we can do that anymore.”
You can watch the full committee meeting above or here.
Austin Powell is the managing editor of the Daily Dot. His work focuses on the intersection of entertainment and technology. He previously served as a music columnist for the Austin Chronicle and is the co-author of The Austin Chronicle Music Anthology.