To benefit from the work I put into my typography, read natively at: Bruce Schneier is Wrong to Fear-monger on IoT Security.

—

Bruce Schneier on Amazon (Emphasis Mine)

In this blog post, Bruce Schneier is adding to what I’ve been complaining about for a while now in InfoSec—a massive tone of fear and panic around IoT technology and its interaction with humans.

I absolutely respect Bruce Schneier a lot for what he’s contributed to InfoSec, which makes me that much more disappointed with this kind of position from him.

“Everyone wants to control your life.”

“I fear it’s going to get a lot worse.”

Really? Bruce, no. Please stop.

I know it’s super cool to scream about how IoT is insecure, how it’s dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and how you get to be the one that warned everyone in your new book.

InfoSec is full of those people, and it’s beneath you to add your voice to theirs. Everyone paying attention already knows it’s going to be a soup sandwich—a carnival of horrors—a tragedy of mistakes and abuses of trust.

It’s obvious, Bruce. Not interesting. Not novel. Obvious. But obvious or not, all these things are still going to happen.

When we brought electricity to millions of homes, houses burned down, and people died, but I’d argue it was worth it to have electricity in the home and business.

Fear-mongering about IoT is like looking at the first electricity coming to homes in the early 1900’s and warning everyone it’s a horrible idea because of the fire hazard.

You’re honestly objecting to assigning trust, at digital level, to various people in your family, friends, various organizations, etc? Digital management of trust is happening. Having digital assistants in our lives is happening. Having our homes, our workplaces, and our environments adapt to our presence is happening. These aren’t ideas, they’re inevitabilities.

Technology is integrating into human life on planet Earth, and there’s not anything anyone can do to stop that. And once we get out of the woods it’s going to be a massive improvement. Just like electrification was. We should obviously try to minimize the risks, but we don’t do that by trying to shout down the entire enterprise.

To characterize Amazon’s progress in smart homes as, “They want to control our lives.” is both incredibly shortsighted and irresponsible. Awesome people like Bruce (and everyone in InfoSec really) should be leading from the front by saying:

Yes folks—things are going to get nasty. The digitization of our lives through IoT will be a bumpy ride, and people will get hurt. We in InfoSec are on the front lines. We’re the technologists embracing this change first, as the inevitability that it is, and we’re doing our best to make the transition as safe as possible for you.

That is our role.

Not dog-piling on every new technology/life integration like it’s the harbinger of death that must be stopped by InfoSec. It’s not our job to stop the inevitable from happening; it’s our job to make it more safe when it does.

We should be shepherds, not obstructionists.

People complaining about fire hazards wouldn’t have stopped electrification, and people complaining about IoT isn’t going to stop that either.

People need us.

They’re bewildered and scared. So let’s start preparing them for what’s coming instead of adding to their fear and uncertainty.

We’re better than this.

—

I spend 5-20 hours a week collecting and curating content for the site. If you're the generous type and can afford fancy coffee whenever you want, please consider becoming a member at just $10/month.

Begin Membership

Stay curious,

Daniel