MP Kees Verhoeven wants EU to regulate the Internet of S**t

Vendors don't care, so government should step in


The Democrats 66 (D66) party, currently in opposition in The Netherlands, hopes it can legislate insecure stuff away from the Internet.

The suggestion comes in a multi-part initiative put together by MP Kees Verhoeven, who also wants The Netherlands to fund a local threat analysis capability and a national cyber security centre, and look at vendor liability for bad software.

As Verhoeven's paper (here in Dutch) says, with “locks, bridges, factories, teddy bears, toothbrushes, thermostats, refrigerators, CAT scanners, watches and heart rate monitors” connected to the Internet, security can't be left to consumers.

He also notes Internet of S**tTM device makers are collecting and sometimes selling users' personal information “without explicit permission or without consumer choice”.

In a proposal that will send chills looking for spines in the wild-west of Internet of S**tTM startups, Verhoeven says consumers should be able to turn off unwanted data transfers from their devices (presumably without bricking a thermostat, door-lock or WiFi teddy bear).

Verhoeven argues that consumer electronics have to pass fire safety standards, and wants something similar for the Internet of S**tTM: certification and standards for devices, covering things like encryption, requirements for default passwords, software patches, security alerts, and user instructions.

Such a structure would have to be created at the European Union level, he adds, and there should be a public register of vulnerabilities and breaches.

Software developers get harsh words for not paying attention to quality, and not patching vulnerabilities quickly enough. While allowing that “software is never 100 per cent safe”, Verhoeven writes that bad software practise “is a form of negligence”, and suggests “the government should investigate the best way to control software liability”.

Users need education, the paper says, but they also need comprehensible privacy statements from vendors (Good luck with that – Ed).

“The user must be actively informed before he emphatically can give consent,” the paper says, and the European Privacy Directive has to be enforced on Internet of S**tTM devices.

Compared to the privacy, security and liability proposals, the idea of an independent National Cyber Security Centre (NCSC) is unremarkable. Since institutions like hospitals are ill-equipped to keep up with infosec, he wants an NCSC to give them a helping hand. ®

Similar topics


Other stories you might like

  • Euro-telcos call on big tech to help pay for their network builds

    Aka 'rebalancing global technology giants and the European digital ecosystem'

    The European Telecommunications Network Operators' Association (ETNO) has published a letter signed by ten telco CEOs that calls for, among other things, Big Tech to pay for their network builds.

    The letter, signed by the CEOs of the Vodafone Group, BT Group, Deutsche Telekom, Telefónica, Orange Group and five more telco leaders, calls for a "renewed effort to rebalance the relationship between global technology giants and the European digital ecosystem".

    "A large and increasing part of network traffic is generated and monetized by Big Tech platforms, but it requires continuous, intensive network investment and planning by the telecommunications sector," the letter states, adding "This model – which enables EU citizens to enjoy the fruits of the digital transformation – can only be sustainable if such platforms also contribute fairly to network costs."

    Continue reading
  • AI-enhanced frog stem cells start to replicate in entirely new ways

    Xenobots scoop up loose cells to make more of themselves. We welcome our new overlords

    In January of 2020, scientists from the University of Vermont announced they had built the first living robots; this week they have published reports that those robots, made from frog cells and called Xenobots, can reproduce and have found a new way to do so.

    The millimetre-sized xenobots are essentially a computer-designed collection of around 3,000 cells. They were created by taking stem cells from frog embryos, scraping them, leaving them to incubate, then cutting them open and sculpting them into specific shapes. After all that action, the cells began to work on their own – auto-repairing when sliced and moving about inside petri dishes.

    With a little design tweak, the creatures could do even more. "With the right design, they will spontaneously self-replicate," said University of Vermont researcher Joshua Bongard, Ph.D. in a canned statement.

    Continue reading
  • Panasonic admits intruders were inside its servers for months

    Spotted the crack after it ended – still not sure what was lost

    Japanese industrial giant Panasonic has admitted it's been popped, and badly.

    A November 26 statement [PDF] from the company admits that its network "was illegally accessed by a third party on November 11, 2021". That date has since been revised – the company now says it became aware of the intrusion on the 11th, but that unknown entities had access to its systems from late June to early November.

    "After detecting the unauthorized access, the company immediately reported the incident to the relevant authorities and implemented security countermeasures, including steps to prevent external access to the network," the statement adds.

    Continue reading

Biting the hand that feeds IT © 1998–2021