Contact us  
 
HOME       >       Safety in the News

Safety in the News

Highlights of the latest news,
laws, products and potential risks,
research, predatory methods and more

Here you'll find highlights of the latest articles on Internet safety worth reading——laws, products (and potential risks), research, predatory methods, and so on—along with my take on what's important in these stories. If you see something in the news you think I should know about, send it to AskLinda@look-both-ways.com . (Don’t forget to send a link to the source article.)

Heart devices vulnerable to hack attacks: Researchers urge action, downplay current risks

Heart devices vulnerable to hack attacks

Researchers urge action, downplay current risks

12 Mar 2008

Summary

Wireless safety became an issue for patients with pacemakers and other wireless enabled implanted technologies today after researchers discovered that these technologies currently lack the safeguards needed to protect them from being hacked.

Though no case of malicious hacking of one of these devices has been reported - or is even considered particularly likely - the possibility of someone downloading an individual’s medical information, or deliberately causing their device to malfunction in a sort of remote controlled murder, is raising important warnings from medical professionals.

Tadayoshi Kohno, a University of Washington computer scientist who worked on the study, said that there has been a "revolution in medical device technology" and implanted devices are becoming more sophisticated. "It's important to understand the risks associated with new technologies before they become widely deployed," Kohno noted.

Things to think about

The discovery of security, privacy and safety vulnerabilities within medical technologies is not pleasant, but it should also not come as a surprise when safety defects have been discovered in every online technology.

There will always be people ready to exploit any such safety flaws to cause harm or create financial gain. This exploitation will continue – and increase - until we reach the point of discomfort where we demand greater accountability from the products and services we use.

This accountability must include:

  1. Defining a consumer online safety standard

  2. Requiring proactive testing for safety, privacy and security of every device and every service before they are permitted to be released to the public.

  3. Institutionalizing safety, privacy and security requirements for the storage of any consumer information in a digital format.

  4. Requiring companies to remove all information when consumers request it for themselves or parents or guardians request it for children.

  5. Tough compliance regulations and strong enforcement of them. Having standards without demanding compliance or enforcing them is useless.

Will requirements in the U.S. work when many services are hosted abroad?

I frequently hear the argument that these requirements won’t work in an open Internet environment where services may be hosted abroad. This is nonsense. California, for example, has car safety requirements that other states don’t have and yet they manage this difference well.

Online safety requirements can be established and enforced for any company based in the U.S., and these companies can be certified as having met the safety standards.

Consumers may still choose to use Internet services from another country. Those services may adhere to the same (or higher) safety standards set in the U.S. and earn safety certification. Or the foreign company may choose not to meet the standards, in which case the lack of certification would make it clear that their products do not enjoy the consumer safety assurances.

Ultimately the decision for consumers will be akin to choosing whether to buy potentially hazardous toothpaste and paint from, say, China, or from a U.S. or foreign company that has quality and safety controls.

Will requirements stifle innovation?

I also hear the argument that the creation of Internet safety requirements would stifle innovation and be a burden to the industry which should be allowed to self-regulate. Requiring safety has not stifled the innovation in other industries. I’m all for self-regulation if it works. But the online industry over the last 15 years has failed miserably in implementing any meaningful consumer safety protections, and the safety problems are escalating rapidly.

Is the current consumer burden acceptable?

A more relevant question whether it is acceptable to burden consumers with the impact of identity theft, fraud, exploitive business practices, hijacked health monitors, and every other form of online crime and predation.

As we rapidly expand and embrace the digital reach into every aspect of our lives and bodies, requiring safety standards of the online industry is as critical to our health and well being as is the regulation of the pharmaceutical and auto industries.

Linda

5/11/2008 LOOKBOTHWAYS LLC © All Rights Reserved 2008 1

Published Thursday, March 13, 2008 12:48 AM by Linda Criddle

Comments

No Comments
Anonymous comments are disabled
   
  Home | Stay Safe Online | Ask Linda | Blog | Safety in the News | About the Book | Consulting | Contact Us
Terms of Use and Privacy Policy
© 2007 Look Both Ways - Onlline Safety Consulting - All rights reserved