SoylentNews is people
SoylentNews
from the Protecting-the-product-or-the-public? dept.
The U.S. Consumer Product Safety Commission is conducting a public hearing on the safety of internet-connected consumer products, and is requesting comments.
The Commission hearing will begin at 10 a.m., on May 16, 2018, and will conclude the same day. The Commission hearing will also be available through a webcast, but viewers will not be able to interact with the panels and presenters through the webcast.
...
The growth of IoT-related products is a challenge for all CPSC stakeholders to address. Regulators, standards organizations, and business and consumer advocates must work collaboratively to develop a framework for best practices. To that end, the Commission will hold a public hearing for all interested parties on consumer product safety issues related to IoT.
Although this explicitly does not cover data security and privacy it covers many of the other issues seen with IoT devices.
Comments can be submitted to the commission through the web portal:
You may submit written comments, identified by Docket No. CPSC-2018-0007
...
Electronic Submissions: Submit electronic comments to the Federal eRulemaking Portal at: www.regulations.gov. Follow the instructions for submitting comments.
Seen through the Internet Of Shit twitter feed.
(Score: 0) by Anonymous Coward on Thursday March 29 2018, @05:01PM (6 children)
If anything, each individual would have to issue the government his public key.
Also, the problem with doing that means that you're going on record with a potentially controversial opinion that could be held against you by your political enemies, should they come to power; that's exactly why political voting via your smartphone is a bad idea, especially when allowed to vote in private: Not only could the government keep a record of your particular choices for the sake of later persecution, but your thug boyfriend might beat you unless you vote according to his wishes (a threat that works in the privacy of one's home).
(Score: 2) by JoeMerchant on Thursday March 29 2018, @07:55PM (5 children)
Actually, if the government wants to ID you, then that is exactly how private keys work.
If I create a key pair and give the government the public side, how do they really know who I am? It has to be tied to an ID they believe (which they barely have today...)
Petitions and most public request for comments nominally require name and address of the signers. If the people aren't lying, then they are just as identifiable by that.
Sure, there should be a forum for anonymous comment, but the weight given to anonymous comment as a measure of what the general population thinks should be zero. Read the AC, consider it, but in no way measure it as a poll or survey. It can be stuffed by foreign nations, corporations, and crackpots - potentially millions of bogus comments.
Then there are people who are willing to march for political protest, or show up and speak at public hearings - putting face on camera and potentially being arrested and processed for their expression of opinion.
As long as voting processes have a layer of anonymity, you have to trust that layer to a) actually preserve the anonymity and b) not stuff the ballot boxes. Neither a) nor b) can be perfect in practice.
When The U.S. Consumer Product Safety Commission puts out a request for comment, they should have both: an anonymous channel for anyone to register their opinion in - safely, and a verifiable identified channel which can be used to weigh the number and source of opinions, for instance:
2,452,216 anonymous opinions in favor of no regulation vs 1,752 anonymous opinions in favor of regulation - zero meaning in those numbers.
235 identified opinions in favor of no regulation vs 1,749 identified opinions in favor of regulation - but wait, there's more:
of the 235 opposed to regulation, 183 had identifiable ties to industries that profit from the manufacture and sale of the devices and 32 were unaffiliated private citizens whereas
of the 1,749 in favor of regulation, only 15 had identifiable ties to industries that profit from the manufacture and sale of the devices, 243 have ties to recognized industry watchdog groups, and 1,235 were unaffiliated private citizens
Now, since the private keys _should_ only be known to the government and the citizen holding the key, the citizens _should_ feel relatively free from reprisals such as firing from their jobs if they express an opinion their employer disagrees with - a considerable improvement over a publicly recorded name and address on a petition. _should_ is far from perfect, but probably better than what we have today.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Thursday March 29 2018, @08:31PM (4 children)
You go to the DMV, and you give them your public key, and you sign your name saying that it's yours.
Get it yet?
No wonder public key cryptography never took off; you fuckers are confused out of your minds.
(Score: 2) by JoeMerchant on Thursday March 29 2018, @09:15PM (3 children)
Because the people promoting it expected normal people to make their own keys.
The government _could_ make a key pair, record the public side, "forget" the private side, and give it out in a widget when they issue an ID card.
Do you trust your government to properly "forget" the private side?
Maybe I do, maybe I don't, but I damn sure trust that handing people a functioning authentication card with secret key embedded would work a whole lot better than the DIY method we've had since the 1990s.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Thursday March 29 2018, @10:17PM
No one argued that we should use the DIY methods we've had since the 1990s.
Try again?
(Score: 2) by Runaway1956 on Friday March 30 2018, @01:44AM (1 child)
That's hilarious. Government refuses to forget ANYTHING. I'm pretty damned sure that government knows that I don't like Lima beans, or green jello, but I love Boston baked beans, and red jello.
No, government is most certainly not going to forget your private keys, if they issue them.
(Score: 3, Interesting) by JoeMerchant on Friday March 30 2018, @03:42AM
Depends on your government...
U.S.A.? I'd say the only chance of them actually forgetting the keys would be 5% and that would be due to mishandling of data they intended to remember somehow (whether publicly acknowledged that they kept the keys, or not).
Finland? I'd give closer to a 90% chance that they would actually destroy their copy.
And... in the end, does it really matter if the secret key is shared between you and an inept government agency? I'd say it's a hell of a lot better than the current system with social security numbers that are supposed to be confidential but actually are tracked by every entity with the slightest excuse to run a background or credit check.
Now, we can easily imagine system whereby citizens who care can register a new public key, using the government issued secret key to sign it and "officially" authenticate their new secret key that they have controlled since its creation. But, in the world I've been living in, less than 1% of the population would go through the time and effort to take a step like that.
🌻🌻 [google.com]