How do we fix IoT security without blocking interoperability and creating monopolies?

Jonathan Zittrain (previously) writes, "There’s reason to worry about security for the ever-growing Internet of Things, and it’ll be tempting to encourage vendors to solely control their devices that much more, limiting interoperability or user tinkering. There are alternatives - models for maintaining firmware patches for orphaned devices, and a 'Faraday mode' so that iffy devices can still at least partially function even if they’re not able to remain safely online. Procrastination around security has played a key role in its success. But 'later' shouldn’t mean 'never' for the IoT."

Zittrain's 2008 book The Future of the Internet and How to Stop It holds up surprisingly well 10 years on: it predicted that security and copyright concerns would make walled gardens that would make it ever-harder for new entrants to compete, creating permanent monopolies for a few giants winners and stagnation in innovation, with ever-larger shares of the returns from technology going to investors rather than users or creators.

The first confronts the life-cycle problem. Companies making a critical mass of internet-enabled products should be required to post a “networked safety bond” to be cashed in if they abandon maintenance for a product, or fold entirely. Insurers can price bonds according to companies’ security practices. There’s an example of such a system for coal mining, to provide for reclamation and cleanup should the mining company leave behind a wasteland.

For internet-connected appliances, “reclamation” can entail work by nonprofit foundations to maintain the code for abandoned products, creating an “island of misfit toys,” in the parlance of the famed 1964 Rankin/Bass stop-motion Christmas special. Proceeds from redeemed bonds would go to these foundations to maintain the products, like the way the Mozilla Foundation has transformed the 1998 Netscape browser long after its originators left the scene.

A second intervention would require networked products modeled after analog counterparts to work even without connectivity. A smart coffee maker shouldn’t be so clever that it can’t make coffee without internet access. Switchover to non-connectivity mode will not merely help prevent things from becoming useless when the internet goes down, or if the original vendor disappears or jacks up service prices. It can also provide a soft landing for appliances that reach the end of their supported life cycles while still beloved by owners.

From Westworld to Best World for the Internet of Things [Jonathan Zittrain/New York Times]