Encryption is a great way to protect against eavesdropping from bad guys. But when it stops the devices’ actual owners from listening in to make sure the device isn’t tattling on them, the effect is anti-consumer.
That reminds me of a comment from when smart TVs were discovered to be sending filenames and other info, since it was sent in plaintext: "If they had used HTTPS, this might not have been discovered."
The most important thing to realise is that security can work for you, and it can also work against you. It's not only a "right to eavesdrop", but users will need to maintain control over their devices if they want the former. This is somewhat related to the War on General Purpose Computing, and what I think is the biggest dilemma is that users need to have a certain level of knowledge in order to understand what their devices are doing and control them; but many don't want to; they only see the advantages and don't care about how something works, whether it "phones home" or what kind of data it's sending, as long as it makes something in their lives easier.
News stories about how smart TVs phone home have circulated, and yet AFAIK people are still buying them in great quantities. They just don't care. They are outraged and shocked when the news appears, but shortly afterwards they carry on as if nothing happened. That, I think, is the scariest part.
>what I think is the biggest dilemma is that users need to have a certain level of knowledge in order to understand what their devices are doing and control them; but many don't want to; they only see the advantages and don't care about how something works
This is why regulation is important. Most people don't care what their phone tattles about them to their provider. Similarly, most people don't read the ingredient list on their food.
But the ingredient list /has/ to be there, by regulation, and because it is, small numbers of people can post analysis that guides the entire population.
We need similar regulation over computerized devices, and that's everything from desktop computers through phones to self-driving cars and smart fire alarms.
Precisely. Especially as these devices start making important legal and philosophical choices... such as the self driving car that needs to choose between swerving and hitting an elderly person on the sidewalk vs. running over a child that has darted out into the road. We HAVE to be able to know what kind of programming these things have if we are to maintain any semblance of humanity and morality.
As much as I don't like the guy himself, this is what Richard Stallman has been talking about for years and years. Very quietly, very securely, very aware, he has been preaching the dogma of Open Source. His stuff is pretty good and well thought for most HN folks, but those are not the major consumers of 1984'd TVs. In the end, the swinging plumb-bob still oscillates between easy, cheap, and quality.
> Very quietly, very securely, very aware, he has been preaching the dogma of Open Source
By the end of 1998, Stallman had formulated a position: open source, while helpful in communicating the technical advantages of free software, also encouraged speakers to soft-pedal the issue of software freedom. Given this drawback, Stallman would stick with the term free software.
> News stories about how smart TVs phone home have circulated, and yet AFAIK people are still buying them in great quantities. They just don't care. They are outraged and shocked when the news appears, but shortly afterwards they carry on as if nothing happened. That, I think, is the scariest part.
Being angry about it takes effort and, frankly, most people don't seem to care about their rights as long as it doesn't effect them personally in an obvious way.
John Oliver's interview with Edward Snowden demonstrated that if you frame your coverage of privacy violations properly, you can get people's attention fast.
> How many users "MITM" their own SSL connections?
If you're looking for a startup idea, this is one: to check that what the manual says about outgoing data is true, and to what degree they compromise privacy. Decorate with 1-5 stars ratings. The ultimate goal is to have companies pay you to test their products.
However right now not enough people care about this, but it might change quickly. So starting it now might be a coin flip.
1. The title gives the wrong impression. It might be better to phrase it as "right to eavesdrop on (my|your) own things".
2. I'm not sure that communication transparency is what led to the success of PCs, smartphones, and the Web. Perhaps the Web, but definitely not smartphones. People had to fight tooth and nail for the right to root or jailbreak their own phones!
3. How do you add the ability to eavesdrop on a device without compromising TLS or adding a remote back door that anyone could exploit? The only way that I can think of, and the only way that this has traditionally been done with PCs, is to give local root to the owner.
If the owner has root, then he can make the device trust his own certificate and proceed to MITM it with his own router. But an owner with root can also modify the device's "firmware" to make it behave in ways that the manufacturer never intended, and manufacturers will do everything in their power to prevent this. Nobody wants to admit that they're actually selling general-purpose computers.
If the manufacturers are not going to cooperate (and I don't think they will), then perhaps what needs to happen is that we should start rooting/jailbreaking every smart device we can get our hands on, and thereby force them to be transparent. It can't be that difficult, after all. Where are all the clever folks who helped root and jailbreak our phones? Let's send them some TVs to play with, warranties be damned. Perfect security doesn't exist, and we can use that fact to our advantage.
(Author here.) Our thinking is that the protocol would enable a read-only monitor, which would be able to see the plaintext but not modify it without detection. As the article says, this is what it would take to build a good IDS/IPS for your things -- something that can audit the communications and make sure what's going in and out matches what you should expect.
We're not proposing that the IDS/IPS should necessarily be able to MITM the connections. Then you're just putting all your trust into the IDS/IPS and making it the single point of vulnerability (just like the device is now). But if you have a construction that lets you build a read-only IDS/IPS, then you could in theory buy 100 of them from different manufacturers and have them all audit each other.
One straw-man way to do this would be to run a stream of "integrity-only TLS" inside normal TLS. The outer TLS would allow the owner to install their own CA root certificate on the Thing. The inner TLS would be pinned to the public key of the cloud provider. The IDS/IPS would MITM the outer connection and would be able to read the inner stream, but the MAC on the inner stream would prevent tampering by the IDS/IPS.
That's an interesting proposal, but I'm concerned that it sounds a bit like intentionally crippling TLS. Historically, TLS has had all sorts of subtle bugs that could bite you in the ass unless you did things just right. It will take a lot of time and effort to demonstrate that the layered protocol you propose is no less secure than vanilla TLS.
I'm also not sure whether it's a good idea to make it so easy for typical users to add their own CA certificates to smart devices. Such a facility could be easily subverted by criminals and governments to eavesdrop on a large number of users. (Remember when people would XSS themselves on Facebook by pasting crap into their browser console?)
It's just as impossible to open a backdoor for the owner and nobody else as it is to open a backdoor for the FBI and nobody else. So I think there's some value in making it difficult to eavesdrop on your own devices. Perhaps it really should require taking off the cover and attaching a serial console.
Also, the "right to root or jailbreak" you're referring to is just an exemption from DMCA liability if you do it (and correspondingly, agreement from the Copyright Office that it doesn't appear to be a copyright infringement when you do it for certain purposes). But if nobody finds a way to root or jailbreak a certain device, its users are still out of luck -- and if a manufacturer wants to sue jailbreak developers (who aren't protected by the DMCA exemption) or even users under some other theory, it can still try to do so.
So there might be some further tooth-and-nail fighting in users' future.
Could this be implemented as a user-owned SSL mitm proxy and deep-packet inspection engine which is accessed by a VPN from all your interactive devices? Low-power home IoT devices would already be inside the VPN.
That's not the same thing at all. A company can easily keep non-personally identifiable information about you and never have to release that information.
This is about device to device communication, not information storage.
That reminds me of a comment from when smart TVs were discovered to be sending filenames and other info, since it was sent in plaintext: "If they had used HTTPS, this might not have been discovered."
The most important thing to realise is that security can work for you, and it can also work against you. It's not only a "right to eavesdrop", but users will need to maintain control over their devices if they want the former. This is somewhat related to the War on General Purpose Computing, and what I think is the biggest dilemma is that users need to have a certain level of knowledge in order to understand what their devices are doing and control them; but many don't want to; they only see the advantages and don't care about how something works, whether it "phones home" or what kind of data it's sending, as long as it makes something in their lives easier.
News stories about how smart TVs phone home have circulated, and yet AFAIK people are still buying them in great quantities. They just don't care. They are outraged and shocked when the news appears, but shortly afterwards they carry on as if nothing happened. That, I think, is the scariest part.