In this episode of the podcast, #119: Electronic Frontier Foundation General Counsel Kurt Opsahl joins us to talk about the Coders’ Rights Project. Also: we speak with Senthil Ramakrishnan, a lead member of AT&T’s IoT Security group about that company’s plans to work with Ericsson to certify the security of IoT devices.
Vulnerability Research is Not a Crime!
The Electronic Frontier Foundation earned its stripes in the 1990s at the vanguard of groups opposing the US government’s efforts to ban the export of strong encryption technology – the so called Crypto Wars -and to rein in the industry-friendly excesses of the DMCA to protect the writing and sharing computer code as an act of free expression protected under the US Constitution’s First Amendment.
In the last decade, EFF has turned its attention to protecting the right of independent security researchers to plumb the workings of software and hardware and report what they’ve learned without fear of legal repercussions. The so-called “coder’s rights” project. Now the group is looking to expand its work throughout the Americas, drawing on rights recognized by the American Convention on Human Rights, and examples from North and South American jurisprudence.
Read the EFF report “Protecting Security Researchers’ Rights in the Americas.”
To find out more about what EFF is up to and where the rights of vulnerability researchers and security pros stand in this hemisphere, we invited Kurt Opsahl , the Deputy Executive Director and General Counsel at EFF into the Security Ledger studios to talk about the Coder’s rights project and EFF’s new report, “Protecting Security Researchers’ Rights in the Americas. I started by asking Kurt to talk about what the Coder’s Rights Project is all about.
Certification for IoT Endpoints?
The curious thing about Internet of Things security standards is how many of them there are – a dozen or more. It is a situation that defeats the idea of standards to begin with.
In the end, the standard matters less than who or what is behind it. That’s why Security Ledger took note when Internet giant AT&T announced that it was partnering with the firm Ericsson to certify the security of IoT devices. AT&T’s clout as the network across which so much Internet of Things communications and data will travel gives it an outsize importance in determining what kinds and how much IoT endpoint security is needed.
To understand AT&T’s thinking about how to secure IoT endpoints and IoT ecosystems, we invited Senthil Ramakrishnan of AT&T’s IoT security group to come in and talk to us. In this conversation, Senthil talks about some of the common security problems it encounters with Internet connected devices and how it is working to try to push better security practices at its customers.
Securing IoT endpoints is an entirely different process than securing traditional networked IT assets, he told me. Still, too many companies continue to use network tools and talents to try to secure IoT ecosystems.
Senthil Ramakrishnan is a lead member of AT&T’s IoT Security group. He was here to talk about AT&T’s program with the firm Ericsson to certify the security of IoT endpoints.