Should internet-linked devices be regulated?

Tribune News Service
Wednesday, Nov. 16, 2016 9:06 p.m. | Wednesday, Nov. 16, 2016 9:06 p.m.

Using public Wi-Fi? Hackers may be picking your digital pocket

The worldwide scourge of cybercrime afflicted 689 million people in the past year, or more than twice the population of the United States, a California anti-virus software maker reported Wednesday.

Yet those hit by cybercrime often remain complacent, even sharing their passwords with friends, says a survey from Norton by Symantec, the security software maker.

Computer users know they are taking risks in using public Wi-Fi but do it anyway because it is so convenient at coffee shops, airports, hotels, libraries and other places, the survey found.

And using Wi-Fi only in exclusive hotels or restaurants is no guarantee. Hackers are more likely to seek out those Wi-Fi signals, said Fran Rosch, executive vice president of Norton by Symantec. Hotels and other buildings with controlled access offer no protection from hackers.

"They can be in the parking lot and do as much damage as the person in the hotel room next to yours," Rosch said.

Consumers should use extreme caution over what they check online over Wi-Fi.

"If you want to read the newspaper, no problem. Go for it. If you want to read your Facebook feed, no problem. But you probably don't want to log on to your bank account," Rosch said.

The survey was commissioned by Norton and conducted by Edelman Intelligence, a branch of Edelman, a global communications and PR firm headquartered in Chicago and included 20,907 consumers in 21 markets around the world.

— McClatchy Newspapers

Email Newsletters

WASHINGTON — On the morning of Oct. 21, Netflix and Twitter were kicked offline by hackers — annoying binge-watchers and prolific tweeters for several hours.

But the hacking of popular websites is a harbinger of what's to come for consumers using devices connected to the internet, and Congress faces a tough question of how to protect consumers and businesses without overregulating the tech industry.

“Many consumers do not recognize they need strong protection on everyday devices,” said Texas Republican Rep. Michael Burgess. Burgess spoke Wednesday at a House hearing to understand how connected devices factored into the Oct. 21 hack and other recent incidents. “The balance between functionality and security is not going to be solved in the near term. In fact, the most common password is the word ‘password.' ”

In the past decade, an increasing number of devices are now connected to the internet, including smartphones, cars and talking refrigerators. That leads to an increasing number of entry points for hackers and criminals to disrupt lives in malicious ways.

“Everything is a computer. Your phone is a computer that makes calls, your refrigerator's a computer that keeps things cold,” testified Bruce Schneier, a special adviser to IBM security and a lecturer at Harvard University. “Attack is easier than defense, complexity is the worst enemy of security, and the internet is the most complex thing ever built.”

Schneier argued that the federal government must regulate and set standards for devices connected to the internet like it does for the safety of cars. He wants to create a new government agency and argued that Republicans swiftly created the Department of Homeland Security after 9/11 in response to safety threats.

But House Republicans like Burgess, chairman of the House Subcommittee on Commerce, Manufacturing and Trade, are unlikely to support a new regulatory agency that likely would cost billions of dollars.

“Regulation needs to be a cop on the beat. People do need to know that they are protected, but there does need to be a light touch,” Burgess said. “We ought to be enforcing current law before we write new ones.”

Despite the disagreement over creating new regulations, there was agreement between Democrats and Republicans that cybersecurity hygiene must be improved, at the consumer and corporate level.

For every consumer who inputs a weak password into an electronic device, hospitals and public utilities frequently employ outdated security systems to protect valuable medical records and internal infrastructure like keeping the power on.

“Windows XP is being used at a water treatment plant in Michigan,” said Kevin Fu, an associate professor of computer science and electrical engineering at the University of Michigan, who testified at the hearing. “Most hospitals have capital equipment costs. This is why you see Windows 95 and Windows 98 machines in hospitals.”

In addition, a panel of experts told the committee that traditional passwords are largely obsolete, as human-created security systems are susceptible to hacking. Instead, devices should employ technology like fingerprint recognition and two-step authentication to thwart criminals.

“There's always been a role for passwords, but in general, passwords have outlived their usefulness,” Schneier said. “There are many other systems that give us more robust authentication.”

But specifically mandating what types of technology should be regulated could have negative effects because technology changes so fast. The experts testifying urged Congress to consider regulation that is “technologically invariant,” meaning that a new feature on the next iPhone should not cause the rules to be obsolete.

Details