AV-Portal 3.23.2 (82e6d442014116effb30fa56eb6dcabdede8ee7f)

Software liability for the IoT: What could possibly go wrong?

Video in TIB AV-Portal: Software liability for the IoT: What could possibly go wrong?

Formal Metadata

Software liability for the IoT: What could possibly go wrong?
Title of Series
Number of Parts
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Rhytidectomy Computer program Multiplication sign Bit Denial-of-service attack Proper map Field (computer science) Product (business) Software Personal digital assistant Software Internet der Dinge Pattern language Right angle Library (computing)
Mapping Direction (geometry) Real number Zoom lens Bit Product (business) Power (physics) Sign (mathematics) Term (mathematics) Computer hardware Quicksort Whiteboard Internet der Dinge Information security
Group action Scripting language Code State of matter Mereology Public key certificate Computer crime Hypermedia Endliche Modelltheorie Information security Physical system Area Scripting language Service (economics) Data storage device Maxima and minima Bit Perturbation theory Price index Term (mathematics) Product (business) Internetworking Computer crime Normal (geometry) Summierbarkeit Quicksort Hacker (term) Information security Resultant Spacetime Ocean current Service (economics) Vapor barrier Patch (Unix) Product (business) Power (physics) Hacker (term) Internetworking Term (mathematics) Software Queue (abstract data type) Boundary value problem Integrated development environment Firmware Chemical equation Physical law Expert system Code Denial-of-service attack Multilateration Internet der Dinge Pressure
Open source State of matter Patch (Unix) 40 (number) Source code Parameter (computer programming) Mereology Rule of inference Product (business) Twitter Software bug Sound effect Hacker (term) Software Data conversion Endliche Modelltheorie Digital rights management Form (programming) Source code Curve Stapeldatei Information Patch (Unix) Closed set Bit Product (business) Integrated development environment Personal digital assistant Function (mathematics) Speech synthesis Internet der Dinge Pressure Vapor barrier
so mean very pleased to have what our P.O. Walter from Holst I didn't even know his real name until now although we know each other since about 10 years and he will make an introduction to him by himself so he is talking about software liability for the IOT what could possibly go wrong thank you that was a bit of a mistake my affiliations notes exfil as it says in the program that's just nice be I'm here because I happened to be a volunteer vivid that's angelical FaceLift it's it's pronounceable for the Dutch impaired FS it happens to be a member of every 1 of the most active in the field of right on the main and so on but the topic i want to talk about that today in the brief time was left to me Hassinger and I've already is is more of a future policy topic it's it's a topic that happens to be the past thinking about that in in Brussels is how do we deal with if especially if the intent of things but also baller isn't it time to introduce a liability regime for software given from 2 to give an example recently we have the case all IP cameras being taken over by an infinite warm and creating a massive denial distributed denial-of-service attacks and shouldn't people without proper products and should and would public libraries to be a good tool for that I'll use pattern basically I want to discuss a little bit a
problem if in real terms also into a map of and bit of the actors incentive sign the current situation what will be obvious solutions and what might be an Intel the consequences of those obvious solutions and also I toss out some ideas of the direction where we might end up a sensible answer to this question but basically the problem looks a little bit
like this this is I think the best metaphor we have for the Internet of Things or Maisky about security qualities so as this we have already a pile of legacy wrecks power out from these the then several things is tends to be I always thought about product of products put on on board is sort of hardware and they're relying on each other and so forth and the zoom in a little bit but I was assuming that will be culinarily
and but given that I know that the norm is a very hot minimum ALSoft of the timekeeping and just feel free to the tossing a question in between because this minimal to get to the queue
as basically the problem not discovered the this the more covered the ship every day more code is capable of causing problems both in terms of safety and security and also affect the wider Internet or have a potential to affect the wider Internet and this this and this basically fairly well described familial essay by a Meyer only some of Netscape thing also sometimes is an idiot but he has his great phrase solver the world all almost any product we think of people think it's wise to pull solver and there are like the the EU's be driven the the blue to toothbrush or the walled ever products someone someone especially marking of thinking and another later America part of the Internet of Things and which is a a growing problem in many areas but if you look at the but roughly actors involved elephant in this space we talk about black hat hackers or script kiddies governments have a role and then I mean government in the role of regulating our world all all being government not as users we have IT issue researches for the infosec community whether the of us the uterus know me I hate that term because it's mostly drug dealers and the copyright and see the talk in the Studio system uses but yeah we are use the quality and then you have the people will produce all that will sometimes was also users but let's not get too of unions here if you take a as a little bit on like hats me look at them and sent it today there's a lot of money to be made I mean there whether the barrier talking about the results of successful ransomware all about the kind of blackmail you can achieve his denial of service attacks there's quite a bit of money going on in that ecosystem chances of actually getting core our very low and basically what and the things public you start looking at you a little trick I problems I the told by security experts is sort of a candy store by without much in the way security and by and large whatever you do in that space you know the suffering from the problem usually and that's the recurring theme if you look at governments they tend not to really well understands the problem space their resources are typically limited the Government's he still murdered diversity nation state as a model and that is bound to the geographic boundaries and the Internet doesn't really adhere to those boundaries but this in those boundaries governments have a clear exceptionally broad powers balance there's a lot of pressure always especially democracy for short-term quality solutions and think about the children it's always about terrorism and gel pyelography and and whatever policies being that up this space it's not often was lawful through if you look at the Securities searches that then tend to get a lot of things but have limited resources and a lot of the research is actually illegal and decided that convention it's messy gives government our growth by which and researchers tend to get poached by either or most crime or intelligence service and some totaling where 1 ends the other starts and that that you give us for your typical that's a person walks into media mark bite another Nifty-Serve device to be deployed at home there's a lot of ignorance and people tend to go for the cheapest product and they have little in the way of negotiation power to what's the producers or whatever is in between them and produces and that typically the suffer too much from the problem themselves produces tend not really understand security very well or safety and also the move and the estimated how important this to get approved curriculum market and the year first-mover advantages Chavarria important if you produce IOT devices and so this is lovely thing called 3rd law the Ganges accelerator cellphone marker from most liability in the current liabilities and if someone comes up with a problem you can run to the police say this evil hacker found sums of attacking my product again and those of world powers in the Cybercrime Convention it typically don't suffer too much yourself maybe some PR problem but they made up so there a bunch of solutions being bandied around 1 of them is followed labeling that's something former CCC has been pushing for of for example Best before you see that the producers of devices will give an indication until when supply patches for the firmware I think as such is a good idea of of you will have a limb of the the there's certain groups pushing for certification of course some people are always talking about well we should make them liable for the damage they cause if they're ill become and ill for public to science and this gets
me do what could possibly go wrong before would like I mean right now there is already a worsened tendency for producers all false information technology that if the account if someone comes up and says I found I so fulfill routine your products that they sometimes do go to war for science and claimed that the evil ECHO was a hacker and it can be to criminal suppose the best Germans too much but had a several cases have been in Germany and German firms doing that another issue is the solution using strict liability more broad liability model for 4 of the Newell Center 50 before the ecosystem potentially negative the fact that like vise for smaller medium-sized IT companies you will you will have a new Bharati entry to the market another thing is you affect the fury of regulating speech so it's a form of speech that this may be a bit of an early arguments but I strongly believe in the another thing is there already is a lot of of of a strong trend off for consumer devices to be locked down using the as soon as you get into product liability issues doesn't this and new excuse to use more and more the in in consumer devices and personally I believe that he should be able to tinker with our devices problem hacker so how how could we do do this potentially better than just flat out putting in broad liability like like you get an opportunity for cars in the past I should just some years matching of so much interested in getting our money back or getting paid for the damages caused by problems problems in in especially to devices status by him but by and large naturally the goal of liability rules with EXE won't is whatever who something out on the market to have put some fault in an X responsibly than ensure curves after works so accountability something you want he even better you want but you want batches and you want to preserve your ability to think of things aid on form full kill her open-source over basically the ideas this assumes people start talking about the liability for the Internet of Things more so of a liability maybe it is they're thinking about having only such 6 the such state forms of liability if it's not but if there's no source code available or if there's a patch is available because if you have any liability that gets into use and there's no source code available that keep putting pressure for producers of piety devices maybe sovereign general to publish their source so it can be all its as even better than a publisher than the of source license so other people can't budget owns you would actually achieve adhesive thing to were Vogels more transparency in our this environments and more accountability so that is not the the the kind of idea plant people's minds given that this conversation so they starting in Brussels and is quite likely to be more legislative agenda anomalies and I was but in the forties even so on popped extend to result in a lot of gnashing of teeth and wailing about current legislative proposals sometimes it's nice it's also start thinking about further up in a future without all the stupidity that will materialize ultimately but is not there yet so if that's feel free to start ask us questions every
month we conclude that the the I didn't think you so pronounced so anybody has a question come over here we need you add to that microphone I'm not such a question is a common and just if source code is made in this is if this encouragement to make source code available for full IOT devices that could also have very positive impactful consumer-rights when start this bust all guess portion they wanna closed on the part of the the the the nest syndrome etc. yet you don't solve a problem well it it it can solve the problem didn't depending us present turns around it because if you look at a very good example is but cloud I don't know if you know them they were a British British start-up that made little printer that printed out people's tweets and stuff like that called the little the little printer or something like that and they went bust and a people kicked up a faster release the source code and the community maintained that the device after so just just like another positive benefit of promoting source code freedom exactly so any other question actually want to go into the break yeah so I could envision high close that talk that was the false 1 you have ever made in 15 minutes but thank you thank your emerged