Legislative proposal sent to my Congressman

Peter Beckman beckman at angryox.com
Tue Oct 4 01:04:06 UTC 2016

On Mon, 3 Oct 2016, Lyndon Nerenberg wrote:

> The only cure to this will be changing the law so that the directors of the 
> companies that ship massively insecure devices like these are personally 
> liable for all the financial loss attributed to their products. Bankrupt a 
> few companies' board of directors and you'll start seeing things change in a 
> hurry.

  Manufacturers are global, and their distribution is global. Local,
  technical laws are difficult at best to get enacted, much less
  consistently and by 190+ countries. And even when technically-minded laws
  are implemented (see US Federal and State Do Not Call Lists) they are
  problematic and difficult to enforce when abuse may be coming from outside
  the US. And the tech usually is far ahead of the legislation.

  The common device through which all of these smart devices will pass is
  the router. Router manufacturers often build and sell larger big iron
  routers to ISPs, or ISPs are buying end-user routers from manufacturers
  and reselling to their customers. ISPs are motivated financially to avoid
  unwanted and "bad" traffic on their networks.

  The global ISP community is in the best position here to pressure their
  vendors to implement a standard on end-user routers which protects their
  networks from rogue and unsecured devices. The IoT manufacturers will need
  to follow standards that the router manufacturers implement to limit the
  negative impact of IoT devices if they want their devices on the

  When the standards are available to help protect the ISP networks at the
  end of the last mile from unwanted and fraudulently created traffic, and
  the ISPs pressure/demand the router manufacturers to implement the
  protections, IoT and other device manufacturers will fall in line.

Peter Beckman                                                  Internet Guy
beckman at angryox.com                                 http://www.angryox.com/

More information about the NANOG mailing list