(Español acá)
During the last Computer Law Conference organized by ADIAR (Argentina Computer Law Association) and the Universidad Nacional de Sur, I gave a conference on the Internet of Things, cybercrime and the dangerous situation presented by the lack of proper regulation, topic in which I have one of my research projects. At the moment some people argued that I was talking about something that might happen in a relatively distant future, dissenting with my view that the possibility was imminent...yesterday massive cyberattack only showed the scenario to which I referred to that day.
During the last Computer Law Conference organized by ADIAR (Argentina Computer Law Association) and the Universidad Nacional de Sur, I gave a conference on the Internet of Things, cybercrime and the dangerous situation presented by the lack of proper regulation, topic in which I have one of my research projects. At the moment some people argued that I was talking about something that might happen in a relatively distant future, dissenting with my view that the possibility was imminent...yesterday massive cyberattack only showed the scenario to which I referred to that day.
Reports talk about the huge DDoS attack being conducted using multiple
devices connected to Internet, devices that are more vulnerable to
malware due to lack of security measures in them, devices that form
what is known as the Internet of Things.
Even if we forget that too
many users don't even have antivirus software in their computers,
most users have no knowledge nor capabilities to secure Internet
enabled devices, only the connection itself, which is not always
enough in these cases. So, what is the authorities response to it?
Different
jurisdictions are dealing with the issue in different manner, but
there is deafening silent about putting forward some kind of
compulsory security regulatory framework directed to manufacturers
and vendors, and too many talks about educating consumers and hopes
of self regulation, and attacks like the one on Thursday show how
insufficient those approaches are.
Like
many thing in the Information society, things are left to self regulation with the highly ideological basis that the technology in
question is too dynamic to be properly regulated and that, taking
into account the need to keep consumers' trust, the companies would
do what is proper. The problem with that idea, not usually supported
by facts like we've just seen, is that it forgets that companies in general, also those in the IT sector, are
there to make profits and, regardless how much “do no evil” they
can try to promote, they may have the legal obligation to maximize profits for shareholders even if it means doing some evil (like censoring sites in some jurisidctions like China). So,
understandably, in the same way manufacturers and vendors will spend in security no
more than what is strictly necessary to avoid the potential lawsuits,
which currently represent quite less than what it would take to make
their devices more secure than what they are today.
One
of the arguments to not regulate IT has been the possibility that
such a regulation would stifle its development, but it can be
strongly said that it is time to leave that argument aside. IT and
its companies have resulted in one of the fasted and biggest
concentration of income in recent memory and new billionaires have
been popping like mushrooms after the rain...it is hard to believe
that strong regulation forcing companies to produce and sell secure
Internet-connected devices would disincentivize too many of those
companies to develop more of them, having -as worse case scenario- just
fewer luxury items sold to IT-billionaires around the world in exchange of a more secure
digital environment...
No comments:
Post a Comment