The DMCA poisoned the Internet of Things in its cradle

Bruce Schneier explains the short, terrible history of the Internet of Things, in which companies were lured to create proprietary lock-ins for their products because the DMCA, a stupid 1998 copyright law, gave them the power to sue anyone who made a product that connected to theirs without permission.

The ability to prevent competitors from making things that work with your products means that you can charge outrageous sums for replacement parts and consumables, and lock out legal, legit features that reduce your profits (for example, your customers' right to give their ebooks away, or to install apps from companies of their choosing, or to tether their mobile devices without tipping off their phone companies).

Because companies can enforce anti-competitive behavior this way, there's a litany of things that just don't exist, even though they would make life easier for consumers in significant ways. You can't have custom software for your cochlear implant, or your programmable thermostat, or your computer-enabled Barbie doll. An auto-repair shop can't design a better diagnostic system that interfaces with a car's computers. And John Deere has claimed that it owns the software on all of its tractors, meaning the farmers that purchase them are prohibited from repairing or modifying their property.

As the Internet of Things becomes more prevalent, so too will this kind of anti-competitive behavior—which undercuts the purpose of having smart objects in the first place. We'll want our light bulbs to communicate with a central controller, regardless of manufacturer. We'll want our clothes to communicate with our dishwasher and our cars to communicate with traffic signs.

Separately, Andy Greenberg and Kim Zetter round up the year in IoT pwnage, through which the embedded systems with the power of life and death over us were exposed as having been designed with security as an afterthought. Important to note — and absent from the article — is the fact that ever researcher who came forward to report these vulnerabilities risked punishing criminal and civil liability (5 years in prison and a $500K fine for a first offense) under the DMCA.

And since we know from comments to this year's Copyright Office DMCA proceeding that many researchers never come forward with their discoveries, the Wired roundup isn't all the IoT hacks that were discovered in 2015 — they're the hacks we were allowed to know about. There is a vast, unknowable dark-matter of IoT pwnage that we won't know about until those vulnerabilities are exploited by thieves or cops or dictators or spies. Until, that is, it's too late.

Once the US government promised toaster manufacturers the unprecedented right to choose whose bread worked in their machines, the right of dishwasher makers to specify whose dishes you could wash, it was inevitable that they would take up Uncle Sam on this offer. A sniper rifle on the mantlepiece in Act One will be pwned by Act Three.

How the Internet of Things Limits Consumer Choice
[Bruce Schneier/The Atlantic]

How the Internet of Things Got Hacked [Andy Greenberg and Kim Zetter/Wired]